akram03.uber.space Open in urlscan Pro
2a00:d0c0:200:0:c015:8aff:fe90:1aaf Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://akram03.uber.space/
Submission: On February 26 via api (February 26th 2023, 12:50:17 pm UTC) from US — Scanned from US

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 16 HTTP transactions. The main IP is 2a00:d0c0:200:0:c015:8aff:fe90:1aaf, located in Germany and belongs to UBERSPACE, DE. The main domain is akram03.uber.space.
TLS certificate: Issued by R3 on February 25th 2023. Valid for: 3 months.

This is the only time akram03.uber.space was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Union Bank of the Philippines (Banking)

Domain & IP information

	IP Address	AS Autonomous System
6	2a00:d0c0:200... 2a00:d0c0:200:0:c015:8aff:fe90:1aaf	205766 (UBERSPACE) (UBERSPACE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (STACKPATH...) (STACKPATH-CDN)
2 4	2606:4700::68... 2606:4700::6810:7caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.71.130.35 104.71.130.35	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	7

6 2a00:d0c0:200:0:c015:8aff:fe90:1aaf (Germany)

ASN205766 (UBERSPACE, DE)

akram03.uber.space	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7caf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.71.130.35 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-71-130-35.deploy.static.akamaitechnologies.com

online.unionbankph.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	uber.space akram03.uber.space	287 KB
4	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 761	16 KB
3	unionbankph.com online.unionbankph.com — Cisco Umbrella Rank: 313286	449 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 788	7 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 195	14 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 693	31 KB
16	6

	Domain	Requested by
6	akram03.uber.space	akram03.uber.space
4	unpkg.com	2 redirects akram03.uber.space
3	online.unionbankph.com	akram03.uber.space
1	maxcdn.bootstrapcdn.com	akram03.uber.space
1	cdnjs.cloudflare.com	akram03.uber.space
1	code.jquery.com	akram03.uber.space
16	6

This site contains no links.

Subject Issuer	Validity	Valid
akram03.uber.space R3	`2023-02-25` - `2023-05-26`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
online.unionbankph.com GlobalSign Extended Validation CA - SHA256 - G3	`2022-10-17` - `2023-11-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://akram03.uber.space/
Frame ID: 72094CC763A14D0521792E494537204F
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Union Bank of the Philippines

Detected technologies

Alpine.js (JavaScript frameworks) Expand

Overall confidence: 75%
Detected patterns

<[^>]+[^\w-]x-data[^\w-][^<]+

Ant Design (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

75 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

804 kB
Transfer

2013 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js HTTP 302
https://unpkg.com/alpinejs@3.11.1/dist/cdn.min.js

Request Chain 6

https://unpkg.com/@alpinejs/persist@3.x.x/dist/cdn.min.js HTTP 302
https://unpkg.com/@alpinejs/persist@3.11.1/dist/cdn.min.js

Request Chain 13

https://akram03.uber.space/online-banking/4cad99e6a344e4d69fc5.ttf HTTP 302
https://online.unionbankph.com/online-banking/login

Request Chain 14

https://akram03.uber.space/online-banking/9db8bbe1f50d6c57847c.ttf HTTP 302
https://online.unionbankph.com/online-banking/login

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
akram03.uber.space/ 68 KB
15 KB 1042ms
417ms Document
text/html 2a00:d0c0:200:0:c015:8aff:fe90:1aaf
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://akram03.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:c015:8aff:fe90:1aaf , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

7763c6b025284aa117a9eec5ac5dd41e358e7a4a2aef73e7570c5ea9c9c5942c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 26 Feb 2023 12:50:06 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 jquery-3.6.3.min.js Show response
code.jquery.com/ 88 KB
31 KB 555ms
158ms Script
application/javascript 2001:4de0:ac18::1:a:3a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.3.min.js
Requested by: Host: akram03.uber.space
URL: https://akram03.uber.space/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

Request headers

Referer: https://akram03.uber.space/
Origin: https://akram03.uber.space
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:07 GMT
content-encoding: gzip
last-modified: Tue, 20 Dec 2022 21:10:40 GMT
server: nginx
etag: W/"63a224d0-15f5b"
vary: Accept-Encoding
x-hw: 1677415807.dop130.am5.t,1677415807.cds309.am5.hn,1677415807.cds258.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 31046

GET
H2 200 fae70cfb8bad4187caae.css
akram03.uber.space/assets/ 226 KB
45 KB 162ms
124ms Stylesheet
text/css 2a00:d0c0:200:0:c015:8aff:fe90:1aaf
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://akram03.uber.space/assets/fae70cfb8bad4187caae.css

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:c015:8aff:fe90:1aaf , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

03d12a13fc3b1126405c0e0f7bdfdc197f8c64c1ac608c7e759228291f0c1b97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 25 Feb 2023 14:58:26 GMT
server: nginx
content-encoding: gzip
etag: W/"389bd-5f5877a6bb161"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2 200 ef8286c6d8339f3f5050.css
akram03.uber.space/assets/ 5 KB
2 KB 337ms
299ms Stylesheet
text/css 2a00:d0c0:200:0:c015:8aff:fe90:1aaf
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://akram03.uber.space/assets/ef8286c6d8339f3f5050.css

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:c015:8aff:fe90:1aaf , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

b80a5858ecff354ce9df3bfa7f5b75bc041dcf36defe9af8ed3f495b6cb7acf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 25 Feb 2023 14:58:27 GMT
server: nginx
content-encoding: gzip
etag: W/"144d-5f5877a77dac2"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2 200 0089da83917d9e4611a5.css
akram03.uber.space/assets/ 2 KB
899 B 369ms
332ms Stylesheet
text/css 2a00:d0c0:200:0:c015:8aff:fe90:1aaf
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://akram03.uber.space/assets/0089da83917d9e4611a5.css

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:c015:8aff:fe90:1aaf , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

6fe156a0cbf68b8e34b11079b1b4ba5f5aaf67a2f61278cb226e7ab11d5d9d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 25 Feb 2023 14:58:30 GMT
server: nginx
content-encoding: gzip
etag: W/"9f3-5f5877aaaaaf9"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2 200 56f5b3db29ac1f3e6b94.css
akram03.uber.space/assets/ 926 KB
168 KB 365ms
344ms Stylesheet
text/css 2a00:d0c0:200:0:c015:8aff:fe90:1aaf
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://akram03.uber.space/assets/56f5b3db29ac1f3e6b94.css

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:c015:8aff:fe90:1aaf , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

481f237f5a19ceb4a4f2f4e7918dda78f041b492e438f46edcf9ae78b77bbfab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 25 Feb 2023 14:58:28 GMT
server: nginx
content-encoding: gzip
etag: W/"e77c3-5f5877a8b2851"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2

200

cdn.min.js Show response
unpkg.com/alpinejs@3.11.1/dist/
Redirect Chain

https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js
https://unpkg.com/alpinejs@3.11.1/dist/cdn.min.js

40 KB
15 KB

30ms
29ms

Script
application/javascript

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/alpinejs@3.11.1/dist/cdn.min.js

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c832fe55fc65f709def6e7dadfb4fbe326fbe0347896bb47e2e1e629b037b66f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:07 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3435285
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01GQ0G7BKK406G4NP84WJ83SE1-lga
server: cloudflare
etag: W/"a189-HF5Aobd/qvljxt08i5meixNxEOw"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 79f8cdfcead7d153-BUF

Redirect headers

date: Sun, 26 Feb 2023 12:50:07 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: EXPIRED
fly-request-id: 01GT6WBYFDYXPVSJ30RAD2ZV82-lga
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /alpinejs@3.11.1/dist/cdn.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 79f8cdfc8ac9d153-BUF

GET
H2

200

cdn.min.js Show response
unpkg.com/@alpinejs/persist@3.11.1/dist/
Redirect Chain

https://unpkg.com/@alpinejs/persist@3.x.x/dist/cdn.min.js
https://unpkg.com/@alpinejs/persist@3.11.1/dist/cdn.min.js

626 B
482 B

56ms
56ms

Script
application/javascript

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@alpinejs/persist@3.11.1/dist/cdn.min.js

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

addcc131568abc7aa9a29970192293be04b775523e8236884d0b7522530d8a53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:07 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1556582
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01GRRFWTNHEX0ERA7PCXMVHYTE-lga
server: cloudflare
etag: W/"272-26hgMvwsu72d4j/KfBklq4z7UKU"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 79f8cdfdfb20d153-BUF

Redirect headers

date: Sun, 26 Feb 2023 12:50:07 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: EXPIRED
fly-request-id: 01GT6WBYJCEKPW6MRFWW2M1BQC-lga
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@alpinejs/persist@3.11.1/dist/cdn.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 79f8cdfd2ae9d153-BUF

GET
H2 200 crypto-js.min.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ 47 KB
14 KB 300ms
84ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://akram03.uber.space
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3305877
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13972
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61182885-3694"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JKguUCS9lQ%2F43kXqL%2F%2F77D2%2BfmS%2F%2FlGbns2vWg%2FlBuXnENz%2BU39oaxMQop3FzHzpNAgAeMRNBwKuJDhEbPVenjVBdW0jYkGxkUQHd2wRZW1cdWCA%2FvjYH9Vokz55WJl6znjd4a5sdI%2FzcPaWb1OTrM7l"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79f8cdf93d6cd163-BUF
expires: Fri, 16 Feb 2024 12:50:06 GMT

GET
H/1.1 200
OK 77bcca0a353436ad0ea0.png
online.unionbankph.com/online-banking/ 82 KB
83 KB 272ms
34ms Image
image/png 104.71.130.35
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.unionbankph.com/online-banking/77bcca0a353436ad0ea0.png

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.71.130.35 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-71-130-35.deploy.static.akamaitechnologies.com

Software

Resource Hash

98beb0e665f5d2724b955f00a4b80a0c5db2ba5bb8830054482a75c4384eedaa

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' appdynamics.com .appdynamics.com facebook.net .facebook.net google-analytics.com .google-analytics.com cloudfront.net .cloudfront.net google.com .google.com gstatic.com .gstatic.com googleapis.com .googleapis.com images-home.com .images-home.com *.walkme.com
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' appdynamics.com *.appdynamics.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com cloudfront.net *.cloudfront.net google.com *.google.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com images-home.com *.images-home.com *.walkme.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Date: Sun, 26 Feb 2023 12:50:07 GMT
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 84281
X-XSS-Protection: 1; mode=block
Pragma
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 03 Feb 2023 04:24:28 GMT
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=34844
Permissions-Policy: camera=(self)
Accept-Ranges: bytes
Expires: Sun, 26 Feb 2023 22:30:51 GMT

GET
H/1.1 200
OK 58cfe04e893f01896e51.png
online.unionbankph.com/online-banking/ 7 KB
8 KB 244ms
30ms Image
image/png 104.71.130.35
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.unionbankph.com/online-banking/58cfe04e893f01896e51.png

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.71.130.35 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-71-130-35.deploy.static.akamaitechnologies.com

Software

Resource Hash

b9a4c593506d5e83c9f7f382c837e2174133ef51bd5729f5068c186ae4d7d559

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' appdynamics.com .appdynamics.com facebook.net .facebook.net google-analytics.com .google-analytics.com cloudfront.net .cloudfront.net google.com .google.com gstatic.com .gstatic.com googleapis.com .googleapis.com images-home.com .images-home.com *.walkme.com
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' appdynamics.com *.appdynamics.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com cloudfront.net *.cloudfront.net google.com *.google.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com images-home.com *.images-home.com *.walkme.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Date: Sun, 26 Feb 2023 12:50:07 GMT
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 6841
X-XSS-Protection: 1; mode=block
Pragma
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 03 Feb 2023 04:24:28 GMT
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=36596
Permissions-Policy: camera=(self)
Accept-Ranges: bytes
Expires: Sun, 26 Feb 2023 23:00:03 GMT

GET
H2 200 script.js Show response
akram03.uber.space/assets/ 132 KB
56 KB 119ms
118ms Script
application/javascript 2a00:d0c0:200:0:c015:8aff:fe90:1aaf
UBERSPACE

General

Check archive.org

Show headers Download Go to

Full URL

https://akram03.uber.space/assets/script.js

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:d0c0:200:0:c015:8aff:fe90:1aaf , Germany, ASN205766 (UBERSPACE, DE),

Reverse DNS

Software

nginx /

Resource Hash

222ec0366c42b4c654eaee7efc1aa9ac2319128683d201cd1aa4e9b3ea18abae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:07 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 25 Feb 2023 16:12:04 GMT
server: nginx
content-encoding: gzip
etag: W/"211a8-5f58881c2f804"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
x-xss-protection: 1; mode=block

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 106ms
23ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/assets/56f5b3db29ac1f3e6b94.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 26 Feb 2023 12:50:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 871
age: 9250990
cdn-cachedat: 07/07/2022 17:49:34
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 53050069f7634df6ba0426ea6471d136
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 79f8cdfd1ae5d153-BUF
cdn-requestpullsuccess: True

GET
H/1.1 200
OK 8c9480f4bf7dd79ae693.png
online.unionbankph.com/online-banking/ 358 KB
358 KB 224ms
37ms Image
image/png 104.71.130.35
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.unionbankph.com/online-banking/8c9480f4bf7dd79ae693.png

Requested by

Host: akram03.uber.space
URL: https://akram03.uber.space/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.71.130.35 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-71-130-35.deploy.static.akamaitechnologies.com

Software

Resource Hash

03c1ce963c323b9254ab601832c2630da3f4607d8b8fd33bbaad36c2622292f8

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' appdynamics.com .appdynamics.com facebook.net .facebook.net google-analytics.com .google-analytics.com cloudfront.net .cloudfront.net google.com .google.com gstatic.com .gstatic.com googleapis.com .googleapis.com images-home.com .images-home.com *.walkme.com
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://akram03.uber.space/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' appdynamics.com *.appdynamics.com facebook.net *.facebook.net google-analytics.com *.google-analytics.com cloudfront.net *.cloudfront.net google.com *.google.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com images-home.com *.images-home.com *.walkme.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Date: Sun, 26 Feb 2023 12:50:07 GMT
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 366107
X-XSS-Protection: 1; mode=block
Pragma
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 03 Feb 2023 04:24:28 GMT
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=35928
Permissions-Policy: camera=(self)
Accept-Ranges: bytes
Expires: Sun, 26 Feb 2023 22:48:55 GMT

GET

https://akram03.uber.space/online-banking/4cad99e6a344e4d69fc5.ttf
https://online.unionbankph.com/online-banking/login

0
0

GET

https://akram03.uber.space/online-banking/9db8bbe1f50d6c57847c.ttf
https://online.unionbankph.com/online-banking/login

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: online.unionbankph.com
URL: https://online.unionbankph.com/online-banking/login

Domain: online.unionbankph.com
URL: https://online.unionbankph.com/online-banking/login

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Union Bank of the Philippines (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://akram03.uber.space/ Message: Access to font at 'https://online.unionbankph.com/online-banking/login#!/login' (redirected from 'https://akram03.uber.space/online-banking/9db8bbe1f50d6c57847c.ttf') from origin 'https://akram03.uber.space' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://online.unionbankph.com/online-banking/login#!/login Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://akram03.uber.space/ Message: Access to font at 'https://online.unionbankph.com/online-banking/login#!/login' (redirected from 'https://akram03.uber.space/online-banking/4cad99e6a344e4d69fc5.ttf') from origin 'https://akram03.uber.space' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://online.unionbankph.com/online-banking/login#!/login Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

akram03.uber.space
cdnjs.cloudflare.com
code.jquery.com
maxcdn.bootstrapcdn.com
online.unionbankph.com
unpkg.com
online.unionbankph.com
104.71.130.35
2001:4de0:ac18::1:a:3a
2606:4700::6810:7caf
2606:4700::6811:190e
2606:4700::6812:bcf
2a00:d0c0:200:0:c015:8aff:fe90:1aaf
03c1ce963c323b9254ab601832c2630da3f4607d8b8fd33bbaad36c2622292f8
03d12a13fc3b1126405c0e0f7bdfdc197f8c64c1ac608c7e759228291f0c1b97
222ec0366c42b4c654eaee7efc1aa9ac2319128683d201cd1aa4e9b3ea18abae
481f237f5a19ceb4a4f2f4e7918dda78f041b492e438f46edcf9ae78b77bbfab
6fe156a0cbf68b8e34b11079b1b4ba5f5aaf67a2f61278cb226e7ab11d5d9d1f
7763c6b025284aa117a9eec5ac5dd41e358e7a4a2aef73e7570c5ea9c9c5942c
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
98beb0e665f5d2724b955f00a4b80a0c5db2ba5bb8830054482a75c4384eedaa
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
addcc131568abc7aa9a29970192293be04b775523e8236884d0b7522530d8a53
b80a5858ecff354ce9df3bfa7f5b75bc041dcf36defe9af8ed3f495b6cb7acf3
b9a4c593506d5e83c9f7f382c837e2174133ef51bd5729f5068c186ae4d7d559
c832fe55fc65f709def6e7dadfb4fbe326fbe0347896bb47e2e1e629b037b66f

akram03.uber.space Open in urlscan Pro 2a00:d0c0:200:0:c015:8aff:fe90:1aaf Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

75 %HTTPS

83 %IPv6

6 Domains

6 Subdomains

7 IPs

3 Countries

804 kBTransfer

2013 kBSize

0 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

akram03.uber.space Open in urlscan Pro
2a00:d0c0:200:0:c015:8aff:fe90:1aaf Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

75 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

804 kB
Transfer

2013 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!