![](/screenshots/ea647a33-2dd3-4f3a-9221-78277d90f85b.png)
www.memberhelpeu.com
Open in
urlscan Pro
196.203.63.105
Malicious Activity!
Public Scan
Effective URL: http://www.memberhelpeu.com/sichern/ubs/verification/fyXhDvTg039oCmKbWk0e7uI6gMkiPAjVUzronIvbAxUdHgSnYSZZK0v7LGtltwuQcpMXKip...
Submission: On July 01 via automatic, source openphish
Summary
This is the only time www.memberhelpeu.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UBS (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 196.203.63.105 196.203.63.105 | 37693 (TUNISIANA) (TUNISIANA) | |
7 28 | 193.5.105.213 193.5.105.213 | 8883 (Switzerland) (Switzerland) | |
7 7 | 193.5.105.211 193.5.105.211 | 8883 (Switzerland) (Switzerland) | |
26 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
35 |
ubs.com
14 redirects
ebanking-ch2.ubs.com ebanking-ch.ubs.com |
622 KB |
3 |
memberhelpeu.com
2 redirects
www.memberhelpeu.com |
21 KB |
26 | 2 |
Domain | Requested by | |
---|---|---|
28 | ebanking-ch2.ubs.com |
7 redirects
www.memberhelpeu.com
ebanking-ch2.ubs.com |
7 | ebanking-ch.ubs.com | 7 redirects |
3 | www.memberhelpeu.com | 2 redirects |
26 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.memberhelpeu.com/sichern/ubs/verification/fyXhDvTg039oCmKbWk0e7uI6gMkiPAjVUzronIvbAxUdHgSnYSZZK0v7LGtltwuQcpMXKipoRJxo57On/index.php?country.x=ch-&lang.x=ch
Frame ID: 9A875CA45285F90A4F83B045B1D7B48C
Requests: 30 HTTP requests in this frame
Screenshot
![](/screenshots/ea647a33-2dd3-4f3a-9221-78277d90f85b.png)
Page URL History Show full URLs
-
http://www.memberhelpeu.com/sichern/ubs/
HTTP 302
http://www.memberhelpeu.com/sichern/ubs/redirect.php HTTP 302
http://www.memberhelpeu.com/sichern/ubs/verification/fyXhDvTg039oCmKbWk0e7uI6gMkiPAjVUzronIvbAxUdHgSnYSZ... Page URL
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
![](/vendor/wappa/icons/RequireJS.png)
Detected patterns
- script /require.*\.js/i
- env /^requirejs$/i
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.memberhelpeu.com/sichern/ubs/
HTTP 302
http://www.memberhelpeu.com/sichern/ubs/redirect.php HTTP 302
http://www.memberhelpeu.com/sichern/ubs/verification/fyXhDvTg039oCmKbWk0e7uI6gMkiPAjVUzronIvbAxUdHgSnYSZZK0v7LGtltwuQcpMXKipoRJxo57On/index.php?country.x=ch-&lang.x=ch Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/behavioweb_form.js HTTP 302
- https://ebanking-ch.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/behavioweb_form.js HTTP 302
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/behavioweb_form.js?NavLB_EBCH=1530429719
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/uwr.css HTTP 302
- https://ebanking-ch.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/uwr.css HTTP 302
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/uwr.css?NavLB_EBCH=1530429719
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/css/default.css HTTP 302
- https://ebanking-ch.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/css/default.css HTTP 302
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/css/default.css?NavLB_EBCH=1530429719
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/jquery.js HTTP 302
- https://ebanking-ch.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/jquery.js HTTP 302
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/jquery.js?NavLB_EBCH=1530429719
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/default.js HTTP 302
- https://ebanking-ch.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/default.js HTTP 302
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/default.js?NavLB_EBCH=1530429719
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/require.js HTTP 302
- https://ebanking-ch.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/require.js HTTP 302
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/require.js?NavLB_EBCH=1530429719
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/uwr.js HTTP 302
- https://ebanking-ch.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/uwr.js HTTP 302
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/uwr.js?NavLB_EBCH=1530429719
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
www.memberhelpeu.com/sichern/ubs/verification/fyXhDvTg039oCmKbWk0e7uI6gMkiPAjVUzronIvbAxUdHgSnYSZZK0v7LGtltwuQcpMXKipoRJxo57On/ Redirect Chain
|
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
behavioweb_form.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/ Redirect Chain
|
21 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uwr.css
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/ Redirect Chain
|
186 KB 186 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.css
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/css/ Redirect Chain
|
38 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/ Redirect Chain
|
90 KB 91 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/script/ Redirect Chain
|
15 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
require.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/ Redirect Chain
|
14 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uwr.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/ Redirect Chain
|
10 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Doormat_de.png
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/images/ |
38 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
526 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
409b4bec-c67e-4764-a141-054db8df81d2.woff
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Common/fonts/ubs-latin-extended/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/shared/modules/ |
16 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
526 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.12.1-migrate.min.uwr.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/external/jquery-1.12.1/ |
102 KB 103 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modalDialog.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/ModalDialog/js/ |
22 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustrations-login_keychain.png
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
59d9a83f-4045-4d43-af46-655f845461ee.woff
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Common/fonts/ubs-latin-extended/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
533 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
initState.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/shared/modules/ |
1 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frames.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/shared/modules/ |
9 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
efe9def0-77d1-4c28-8fd2-371236a3c8ed.ttf
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Common/fonts/ubs-latin-extended/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
f901b503-9104-414a-a856-af9bcc802b5c.ttf
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Common/fonts/ubs-latin-extended/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
input.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Input/js/ |
7 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
template.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/shared/modules/ |
492 B 850 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inputView.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Input/js/ |
3 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inputMessageUtil.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Input/js/ |
6 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inputFormattingUtil.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Input/js/ |
3 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mustache-0.8.1-min.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/external/mustache-0.8.1/ |
4 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
messageBox.js
ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/MessageBox/js/ |
2 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ebanking-ch2.ubs.com
- URL
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Common/fonts/ubs-latin-extended/409b4bec-c67e-4764-a141-054db8df81d2.woff
- Domain
- ebanking-ch2.ubs.com
- URL
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Common/fonts/ubs-latin-extended/59d9a83f-4045-4d43-af46-655f845461ee.woff
- Domain
- ebanking-ch2.ubs.com
- URL
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Common/fonts/ubs-latin-extended/efe9def0-77d1-4c28-8fd2-371236a3c8ed.ttf
- Domain
- ebanking-ch2.ubs.com
- URL
- https://ebanking-ch2.ubs.com/login/resources/nevislogrend/applications/ebanklr/webdata/ubswidgets/widgets/Common/fonts/ubs-latin-extended/f901b503-9104-414a-a856-af9bcc802b5c.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UBS (Banking)55 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| Monitor object| bw function| readyState function| $ function| jQuery function| focusNextWhenFullOrEmpty function| setFocus function| getCaret function| selectCurrentElem function| upperCaseContent function| hasCssClass function| removeCssClass function| addCssClass function| updatePasswordStrengthIndicator function| validateFieldSameAs function| validateFieldMarkAsInvalid function| numpadShow function| numpadHide function| numpadClick string| lowerCaseRegEx string| upperCaseRegEx string| numberRegEx string| specialCharRegEx string| whiteSpaceRegEx object| pwRegex object| whiteSpaceRegExFunction function| cgvCheckPwQuality function| isConsecutiveNumbers function| isNumber function| getMaskEl function| showModalMask function| isMaskShown function| lrGetElementsByClassName function| dialogRules function| disableFormElements function| showConfirmationBox function| baseSubmitHandler function| extSubmitHandler function| getContractNumberAndFetch function| ubsDropdownMenu function| showHelpWnd function| mobileCRFrame function| setValues function| poscursor function| fitModalMaskToScreen function| requirejs function| require function| define function| WidgetList object| uwr object| antiClickjack function| selectFirstFormInput function| $uwr function| jQueryUwr boolean| initialized0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ebanking-ch.ubs.com
ebanking-ch2.ubs.com
www.memberhelpeu.com
ebanking-ch2.ubs.com
193.5.105.211
193.5.105.213
196.203.63.105
0dd911732e6e15be780494546fd1d8e43dca6b36cf5123ce54c3e0d63910b4dd
0f23cebd466a788c8dcc2f0267dc772c587d6c0a36865a6b58a76eed7c0166cc
167d91249d9000e337cbaaaa58a6f446f0beba3fa2b62eaef0fddd2a82f82263
1dce88edda64a55c48e375ae444d8eff7dbd27949fe90e75eee21f4086e1cdf3
2192281c5f07f6a11781f3f980f4cc3542ca6cbf29c417c0eb5d1636c84863a4
2dae2d895fa831d6208385aead0e256f958baad842c5c36149ae7231615114c1
329a54a4d1966abb2a846911add2bbee0944c6afd17cff49f3a86cb24a2e2c37
3a9bd4c8be7a33c14402ba4c727f8cb8f77498fd71a107f59839e89031362f98
42cdec361e8b72647e3aad315c162eff8959fd67a70b328397e1c24214bd76cf
4d5def35a7bde878db29da0fd70337799d059dd91b6fd298308bc930a0757395
591f73fde2f532eea82183f7d275f64ae775b65aef52b7220e047024807f1d3d
6316f169cdaca66a077a4e1e2f5b1a7d611d1a91bef441e186cc38a239e9e9d6
644f4aaba5dffbdaaeb78777f92fbb671f9f51f74930cf8f27dcd19a48ee7518
7400c7fab7f720c946eaf4979ba94f6a613b5bc36794e520ca6845fc62fbf0d9
80a57ce9e47761df90463391c2fb538c0da1e24b8da19df8d7970ed72d75663f
9c5eec6aa8a39e50b938c309a937cb6803ba0a092e8cb1f94eba880b6d19ab3f
9e801444f980cce194541ed6f3b79c7d394ac2b639df78a6eb6dc3589778ce0b
a2c184327d173007b0121c90434dc3dd458e1914e31fbb13a95f7519c0e736e9
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
ac96685017dbfd4401a53d488c84a1db7e41a97f8ceecfd9f6989c3e00ca1214
b1484e7fd1898dd79dfa52a93cc617ed4e31c8c22829413d8b5d5b56f8c5fff6
b4168a38d441c40eb401098f207e56ec5f72b53c126c77966d972cf9a5a27b7f
c44e7b5858cc0b526ddeaee901ed4077567073a10dfd7d62b13e99206bc3b4f8
e4733bb38bff36d99f8eb15ab5b1f399b3f1da3eda89a5d4dc3981523ac2545c
e66213482b3366dfae45e60a8fc3700cf5086cf3f4629d378069c5b711d9d4e6
fe203f9dfdd018366784307dd7da578236a0dcf9d984d001b90cd29f8f4f46f6