www.security-auth.live
Open in
urlscan Pro
68.65.120.88
Malicious Activity!
Public Scan
Effective URL: https://www.security-auth.live/Login.php
Submission: On January 13 via automatic, source openphish
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 7th 2020. Valid for: 2 years.
This is the only time www.security-auth.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: TSB Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 16 | 68.65.120.88 68.65.120.88 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
15 | 1 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server301-2.web-hosting.com
www.security-auth.live |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
security-auth.live
1 redirects
www.security-auth.live |
235 KB |
15 | 1 |
Domain | Requested by | |
---|---|---|
16 | www.security-auth.live |
1 redirects
www.security-auth.live
|
15 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
internetbanking.tsb.co.uk |
tsb.co.uk |
www.tsb.co.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web-hosting.com Sectigo RSA Domain Validation Secure Server CA |
2020-05-07 - 2022-04-05 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.security-auth.live/Login.php
Frame ID: 4B7D17CDD977216D138BA6E321B993F6
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.security-auth.live/
HTTP 302
https://www.security-auth.live/Login.php Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title: Cookie Policy
Search URL Search Domain Scan URL
Title: How can I tell that this site is secure?
Search URL Search Domain Scan URL
Title: register online
Search URL Search Domain Scan URL
Title: Recover User ID?
Search URL Search Domain Scan URL
Title: 'Forgotten your password and memorable information?'
Search URL Search Domain Scan URL
Title: Find out more
Search URL Search Domain Scan URL
Title: login issues page
Search URL Search Domain Scan URL
Title: useful information page
Search URL Search Domain Scan URL
Title: branch locator page
Search URL Search Domain Scan URL
Title: Malware page
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Rates and Charges
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.security-auth.live/
HTTP 302
https://www.security-auth.live/Login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login.php
www.security-auth.live/ Redirect Chain
|
67 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles-min.css
www.security-auth.live/files/css/ |
383 KB 54 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
promotionals-min.css
www.security-auth.live/files/css/ |
46 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
www.security-auth.live/files/js/ |
266 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-6-1409059355.png
www.security-auth.live/files/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d631d9e5.vendor.min.css
www.security-auth.live/files/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0eb8ac02.tsb-credentials-public.min.css
www.security-auth.live/files/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c2822233.c2822233.alert-icon-100x73-2-1409059243.png
www.security-auth.live/files/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print_base-min.css
www.security-auth.live/files/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chat_floating.png
www.security-auth.live/files/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header_bg.png
www.security-auth.live/files/img/ |
195 B 307 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.png
www.security-auth.live/files/img/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
accordion_part_bg.png
www.security-auth.live/files/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_bg.png
www.security-auth.live/files/img/ |
131 B 243 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
basic_commercial_light.woff
www.security-auth.live/files/fonts/ |
54 KB 54 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: TSB Bank (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.security-auth.live
68.65.120.88
2774d359665cfac4626ddcdaf1d550950a6606afae5f5320035a2d1d60759f36
37c0ad8b5bd6c5aba125493d6e0451521be1916c083c03df12570351e29b0705
626706e2e2295ad3c02a8a240a95384646ddebe3fa605d19b00453842b2f1963
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
89e894755c9a54c3443955be9ff4eecf0c7de94c809f36b5380e7fbadaa762db
9e02a83526c720a74cd6a82ce4c23716f1b9cbb1f0031143811a16951afed025
9f69a190c3f843da38f6253f08660adf032d25749f738d4d1443ea6cbda7886f
b666b4c7b3aeb887f3129820d7372908bb1e49d08c48e8b53a31f06163c5fc49
be1f97e8e72900fd659456d079a8774251f0b9b2955997190bec58e9a739cea2
c19c8bc8958c5f78f4d7a3a886b79282ca59dc93b9502641b1abbba6bece4abc
c368cbfd778aa397766475527e309ef2550636baeea42412fa179935a808a989
d06a1560daa02939250a623ab4b9c04fa7d48ffca28c63f599378439ad3b322f
e42a8b2609b1c619764f8875e9b1d3772a2e0f7d1921538d16c5dbfae0f52baf
e60dda6134d562944081c711b0bf604322805a2291a58a4804923b6b1cbb2f3f
f494bda117644c195a1132b9f4eae9c49baec588efe4366d981aa8ff78551318