www.ardanachlettings.co.uk Open in urlscan Pro
2606:4700:3030::681f:5f92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.ardanachlettings.co.uk///000/2/id732019722
Effective URL:
https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
Submission: On February 25 via manual (February 25th 2020, 4:21:22 pm UTC) from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3030::681f:5f92, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.ardanachlettings.co.uk.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on May 13th 2019. Valid for: a year.

This is the only time www.ardanachlettings.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banque Postale (Banking) Banco BPI (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 7	2606:4700:303... 2606:4700:3030::681f:5f92	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	185.26.46.13 185.26.46.13	25479 (IC2-AS) (IC2-AS)
13	3

7 2606:4700:3030::681f:5f92 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.ardanachlettings.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.26.46.13 (Spain)

ASN25479 (IC2-AS, ES)

bpinet.bancobpi.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	ardanachlettings.co.uk 2 redirects www.ardanachlettings.co.uk	18 KB
6	bancobpi.pt bpinet.bancobpi.pt	90 KB
13	2

	Domain	Requested by
7	www.ardanachlettings.co.uk	2 redirects www.ardanachlettings.co.uk
6	bpinet.bancobpi.pt	www.ardanachlettings.co.uk
13	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-05-13` - `2020-05-13`	a year	crt.sh
bpinet.bancobpi.pt MarketWare - Soluções para Mercados Digitais, Lda. RSA EV CA	`2019-04-03` - `2021-04-02`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
Frame ID: 5AB5B4082A404DEA18B5EFE68627849D
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.ardanachlettings.co.uk///000/2/id732019722 HTTP 301
https://www.ardanachlettings.co.uk/000/2/id732019722/ HTTP 302
https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/ Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

13
Requests

85 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

108 kB
Transfer

600 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.ardanachlettings.co.uk///000/2/id732019722 HTTP 301
https://www.ardanachlettings.co.uk/000/2/id732019722/ HTTP 302
https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
Redirect Chain

https://www.ardanachlettings.co.uk///000/2/id732019722
https://www.ardanachlettings.co.uk/000/2/id732019722/
https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/

11 KB
3 KB

61ms
61ms

Document
text/html

2606:4700:3030::681f:5f92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::681f:5f92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f6324ea41f414e2e46819bb647856cf7a3fd0fe2f59a3d33d0c2d59a20fa6d9

Request headers

:method: GET
:authority: www.ardanachlettings.co.uk
:scheme: https
:path: /000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dcd547945de538df221827d48736672461582647664
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
date: Tue, 25 Feb 2020 16:21:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 56ab02a31d5cdfd3-FRA
content-encoding: br

Redirect headers

status: 302
date: Tue, 25 Feb 2020 16:21:05 GMT
content-type: text/html; charset=UTF-8
location: ./a420d057e10f146fed117277ceeb13a3/idn/
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 56ab02a23a30dfd3-FRA

GET
H2 200 Icon.css
www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/log_files/ 170 B
202 B 62ms
61ms Stylesheet
text/css 2606:4700:3030::681f:5f92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/log_files/Icon.css
Requested by: Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::681f:5f92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7395b053fc4e5989dcb2e547f5f06b3d4f530eaa6144c2ac8e3d1115e9299fcd

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Tue, 25 Feb 2020 16:21:05 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 25 Feb 2020 08:14:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 56ab02a38f07dfd3-FRA
expires: Tue, 03 Mar 2020 16:21:05 GMT

GET
H/1.1 200
OK Theme.LT_BPINet_Modern.css
bpinet.bancobpi.pt/LT_BPINet/ 389 KB
57 KB 820ms
289ms Stylesheet
text/css 185.26.46.13
IC2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bpinet.bancobpi.pt/LT_BPINet/Theme.LT_BPINet_Modern.css?8908

Requested by

Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.26.46.13 , Spain, ASN25479 (IC2-AS, ES),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d99d2c7855a2518cfc190ea94340aded988dfbfbc5404ab02a95bbd516cd5c15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 25 Feb 2020 16:21:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Feb 2020 17:11:03 GMT
Server: Microsoft-IIS/10.0
ETag: "4d6a61147edbd51:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 57781
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Theme.LT_BPINet_Modern.extra.css
bpinet.bancobpi.pt/LT_BPINet/ 4 KB
1 KB 630ms
98ms Stylesheet
text/css 185.26.46.13
IC2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bpinet.bancobpi.pt/LT_BPINet/Theme.LT_BPINet_Modern.extra.css?8908

Requested by

Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.26.46.13 , Spain, ASN25479 (IC2-AS, ES),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7c383c8c375e1da472528f5ebf96116214c6f99e41cd5afeb23130b713cc146f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 25 Feb 2020 16:21:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Feb 2020 17:11:03 GMT
Server: Microsoft-IIS/10.0
ETag: "4d6a61147edbd51:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 832
X-XSS-Protection: 1; mode=block

GET
H2 200 Logo_BPI.png
www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/log_files/ 11 KB
11 KB 54ms
54ms Image
image/png 2606:4700:3030::681f:5f92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/log_files/Logo_BPI.png
Requested by: Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::681f:5f92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e1adb7415ae9ab569e586b2f57100a481a14cf0028baf7315564795b31739e0

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 25 Feb 2020 16:21:05 GMT
cf-cache-status: MISS
last-modified: Tue, 25 Feb 2020 08:14:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 56ab02a38f08dfd3-FRA
content-length: 11104
expires: Tue, 03 Mar 2020 16:21:05 GMT

GET
H2 200 BPINet_login.png
www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/log_files/ 3 KB
4 KB 48ms
47ms Image
image/png 2606:4700:3030::681f:5f92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/log_files/BPINet_login.png
Requested by: Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::681f:5f92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13480e1c4a3ee36ba2cbaacd54b03af5ba4a623bc521b656b9dc7af2252af05c

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 25 Feb 2020 16:21:05 GMT
cf-cache-status: MISS
last-modified: Tue, 25 Feb 2020 08:14:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 56ab02a38f0cdfd3-FRA
content-length: 3576
expires: Tue, 03 Mar 2020 16:21:05 GMT

GET
H2 404 Theme.FontAwesome.css
www.ardanachlettings.co.uk/RichWidgets/ 0
0 388ms
388ms Stylesheet
text/html 2606:4700:3030::681f:5f92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ardanachlettings.co.uk/RichWidgets/Theme.FontAwesome.css?7529
Requested by: Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::681f:5f92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Tue, 25 Feb 2020 16:21:05 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: max-age=14400, must-revalidate
x-turbo-charged-by: LiteSpeed
cf-ray: 56ab02a3e87bdfd3-FRA
link: <https://www.ardanachlettings.co.uk/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 200
OK Theme.Patterns_SilkUI.css
bpinet.bancobpi.pt/WebPatterns/ 132 KB
21 KB 149ms
148ms Stylesheet
text/css 185.26.46.13
IC2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bpinet.bancobpi.pt/WebPatterns/Theme.Patterns_SilkUI.css?7561

Requested by

Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.26.46.13 , Spain, ASN25479 (IC2-AS, ES),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

782bf6864627eedb155c1fa6e3592e4bf725ad9dd5ca584c9cc9f2dfe84b06b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 25 Feb 2020 16:21:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 May 2019 15:24:17 GMT
Server: Microsoft-IIS/10.0
ETag: "dc7942ee9f9d51:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 21324
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Theme.LT_BPI_Icons.css
bpinet.bancobpi.pt/LT_BPI/ 2 KB
1 KB 79ms
79ms Stylesheet
text/css 185.26.46.13
IC2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bpinet.bancobpi.pt/LT_BPI/Theme.LT_BPI_Icons.css?8896

Requested by

Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.26.46.13 , Spain, ASN25479 (IC2-AS, ES),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6e77b89051566bb85980c499276884558ebbfc8701c37e6b80d0d15a97085490

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 25 Feb 2020 16:21:06 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Dec 2019 17:09:32 GMT
Server: Microsoft-IIS/10.0
ETag: "1a9e2aeceb1d51:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 606
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Theme.LT_BPIFont.css
bpinet.bancobpi.pt/LT_BPI/ 19 KB
4 KB 167ms
82ms Stylesheet
text/css 185.26.46.13
IC2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bpinet.bancobpi.pt/LT_BPI/Theme.LT_BPIFont.css?8896

Requested by

Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.26.46.13 , Spain, ASN25479 (IC2-AS, ES),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0e5a5c7b53a1016eeb3287e6f7e2d5eb04d409f102e4acfcb32aee7745c9427a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 25 Feb 2020 16:21:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Dec 2019 17:09:32 GMT
Server: Microsoft-IIS/10.0
ETag: "26aa1deceb1d51:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3452
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Theme.FontAwesome.css
bpinet.bancobpi.pt/RichWidgets/ 30 KB
6 KB 273ms
105ms Stylesheet
text/css 185.26.46.13
IC2-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bpinet.bancobpi.pt/RichWidgets/Theme.FontAwesome.css?7529

Requested by

Host: www.ardanachlettings.co.uk
URL: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.26.46.13 , Spain, ASN25479 (IC2-AS, ES),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

346c164f65d0c57d1f7cc2a1add1ed4f93941a35099617aa5e1629639726e42c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ardanachlettings.co.uk/000/2/id732019722/a420d057e10f146fed117277ceeb13a3/idn/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 25 Feb 2020 16:21:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 May 2019 15:14:59 GMT
Server: Microsoft-IIS/10.0
ETag: "2c8433a19e9d51:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 5726
X-XSS-Protection: 1; mode=block

GET TradeGothicLTW05-Bold.woff
bpinet.bancobpi.pt/LT_BPI/fonts/ 0
0

GET TradeGothicLTW05-Bold.ttf
bpinet.bancobpi.pt/LT_BPI/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bpinet.bancobpi.pt
URL: https://bpinet.bancobpi.pt/LT_BPI/fonts/TradeGothicLTW05-Bold.woff

Domain: bpinet.bancobpi.pt
URL: https://bpinet.bancobpi.pt/LT_BPI/fonts/TradeGothicLTW05-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banque Postale (Banking) Banco BPI (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bpinet.bancobpi.pt
www.ardanachlettings.co.uk
bpinet.bancobpi.pt
185.26.46.13
2606:4700:3030::681f:5f92
0e5a5c7b53a1016eeb3287e6f7e2d5eb04d409f102e4acfcb32aee7745c9427a
0f6324ea41f414e2e46819bb647856cf7a3fd0fe2f59a3d33d0c2d59a20fa6d9
13480e1c4a3ee36ba2cbaacd54b03af5ba4a623bc521b656b9dc7af2252af05c
1e1adb7415ae9ab569e586b2f57100a481a14cf0028baf7315564795b31739e0
346c164f65d0c57d1f7cc2a1add1ed4f93941a35099617aa5e1629639726e42c
6e77b89051566bb85980c499276884558ebbfc8701c37e6b80d0d15a97085490
7395b053fc4e5989dcb2e547f5f06b3d4f530eaa6144c2ac8e3d1115e9299fcd
782bf6864627eedb155c1fa6e3592e4bf725ad9dd5ca584c9cc9f2dfe84b06b5
7c383c8c375e1da472528f5ebf96116214c6f99e41cd5afeb23130b713cc146f
d99d2c7855a2518cfc190ea94340aded988dfbfbc5404ab02a95bbd516cd5c15

www.ardanachlettings.co.uk Open in urlscan Pro 2606:4700:3030::681f:5f92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

85 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

108 kBTransfer

600 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

www.ardanachlettings.co.uk Open in urlscan Pro
2606:4700:3030::681f:5f92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

108 kB
Transfer

600 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!