www.santander.co.uk-restore.live
Open in
urlscan Pro
185.61.152.34
Malicious Activity!
Public Scan
Effective URL: https://www.santander.co.uk-restore.live/captcha.php
Submission: On December 01 via automatic, source certstream-suspicious — Scanned from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 7th 2020. Valid for: 2 years.
This is the only time www.santander.co.uk-restore.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Santander (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 16 | 185.61.152.34 185.61.152.34 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 188.40.246.96 188.40.246.96 | 24940 (HETZNER-AS) (HETZNER-AS) | |
16 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server132-2.web-hosting.com
www.santander.co.uk-restore.live |
ASN24940 (HETZNER-AS, DE)
PTR: static.96.246.40.188.clients.your-server.de
remote.captcha.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
uk-restore.live
1 redirects
www.santander.co.uk-restore.live |
376 KB |
1 |
captcha.com
remote.captcha.com |
633 B |
16 | 2 |
Domain | Requested by | |
---|---|---|
16 | www.santander.co.uk-restore.live |
1 redirects
www.santander.co.uk-restore.live
|
1 | remote.captcha.com |
www.santander.co.uk-restore.live
|
16 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
captcha.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web-hosting.com Sectigo RSA Domain Validation Secure Server CA |
2020-05-07 - 2022-04-05 |
2 years | crt.sh |
remote.captcha.com R3 |
2021-10-10 - 2022-01-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.santander.co.uk-restore.live/captcha.php
Frame ID: FB31343F8517A8337CE27C621A3F668C
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Personal Online Banking: Log on or sign upPage URL History Show full URLs
-
https://www.santander.co.uk-restore.live/
HTTP 302
https://www.santander.co.uk-restore.live/captcha.php Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: What is BotDetect PHP CAPTCHA Validation?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.santander.co.uk-restore.live/
HTTP 302
https://www.santander.co.uk-restore.live/captcha.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
captcha.php
www.santander.co.uk-restore.live/ Redirect Chain
|
20 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdc-layout-stylesheet.css
www.santander.co.uk-restore.live/botdetect/public/ |
4 KB 937 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
www.santander.co.uk-restore.live/assets/css/ |
181 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header-logo.png
www.santander.co.uk-restore.live/assets/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
warning.png
www.santander.co.uk-restore.live/assets/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
botdetect.php
www.santander.co.uk-restore.live/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdc-reload-icon.gif
www.santander.co.uk-restore.live/botdetect/public/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdc-sound-icon.gif
www.santander.co.uk-restore.live/botdetect/public/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
botdetect.php
www.santander.co.uk-restore.live/ |
29 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset-3-3-x.png
www.santander.co.uk-restore.live/assets/images/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset-2.png
www.santander.co.uk-restore.live/assets/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SantanderTextW05-Regular.77501c6e88280139f847.ttf
www.santander.co.uk-restore.live/assets/fonts/ |
138 KB 138 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
include.js
remote.captcha.com/ |
1 KB 633 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdc-reload-disabled-icon.gif
www.santander.co.uk-restore.live/botdetect/public/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdc-sound-disabled-icon.gif
www.santander.co.uk-restore.live/botdetect/public/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SantanderHeadlineW05-Rg.838addf7f1e08ecb31f9.ttf
www.santander.co.uk-restore.live/assets/fonts/ |
138 KB 138 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Santander (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| a1 function| BDCustomFor function| BotDetect object| ExampleCaptcha number| swapDemo_firstVar number| swapDemo_secondVar1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.santander.co.uk-restore.live/ | Name: PHPSESSID Value: ee2734fabde781dcc6d6e5652339af86 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
remote.captcha.com
www.santander.co.uk-restore.live
185.61.152.34
188.40.246.96
1bca034dc76dab33232d41f7f9705fced08c4b48c90e23bd737e4b610d1b6df8
26502ecad502d81b20a0f6ac7f5724f8711f5e26fd7589a73d1cd155b97a878c
3a1b7863c59caf1cb8c5e14792598b1504b15072ed91aac22d7b45e06e924c02
3c34b516dc489a5ff3cb121a73b6cfc25ec0920394b2d3b742d30201e71e6e24
7106a845473c9df48f3c2d4737f9cb2804310aec8cf1b35bbd15551a3a05bf4e
910a990c703831505e5d95130762cf88b04b582b07e406d95fe60a57de3ea689
9220f8857a4056089b64131a9a27247be112f0d51a2c103d777bf11ba7abe859
96aa0e2304d5f823defce8f2ee99eddf59cab3a49159b7b7470886d468b66ac1
b02d9066f1c3933941f160b52a9b57c228f7309b160911a51182f678e7f5b3bf
cb84575e7d02ca7ba09f08e3c6481aca4664f5d708793178db0ff9ddf6528c23
cf2166ed0037c6f2797c0774063ecc0275cd08473aeff74cf79dc510bb60398b
e0447b040f0a5509262929f5a15c664c6eb2502cf91ce51e0856e33ab380108b
eac0ec918cd74c051f4c5c83cdfe60c12a3bf2fd44a0472661fafab04777e9f9
f34a3b7a468fe25416791a63831cf9ed92a2985b57c5f5bb4ad30dd7d873b852
f3bdd2185c191359c53405a2108eea8ed242f94b9e87832a23ff703e809f2915
f700c3638638b62b07e614c8cae5665cf4bfa956452ab4e6fea5a15965fc40f7