sfi.lewiscc.dev
Open in
urlscan Pro
185.94.235.168
Malicious Activity!
Public Scan
Submission: On May 02 via api from CA — Scanned from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 6th 2024. Valid for: a year.
This is the only time sfi.lewiscc.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Santander (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 185.94.235.168 185.94.235.168 | 47492 (CONSIDERIT) (CONSIDERIT) | |
2 | 2606:4700::68... 2606:4700::6810:291c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:400... 2a04:4e42:400::649 | 54113 (FASTLY) (FASTLY) | |
6 | 172.67.70.243 172.67.70.243 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
27 | 5 |
ASN47492 (CONSIDERIT, GB)
PTR: 185-94-235-168.ip-space.cit.net.uk
sfi.lewiscc.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
lewiscc.dev
sfi.lewiscc.dev |
1 MB |
6 |
marker.io
edge.marker.io — Cisco Umbrella Rank: 38474 api.marker.io — Cisco Umbrella Rank: 37141 |
191 KB |
2 |
fonts.net
fast.fonts.net — Cisco Umbrella Rank: 4137 |
1 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 776 |
82 KB |
0 |
santanderforintermediaries.co.uk
Failed
webchat-staging.santanderforintermediaries.co.uk Failed |
|
27 | 5 |
Domain | Requested by | |
---|---|---|
16 | sfi.lewiscc.dev |
sfi.lewiscc.dev
|
4 | edge.marker.io |
sfi.lewiscc.dev
edge.marker.io |
2 | api.marker.io |
edge.marker.io
|
2 | fast.fonts.net |
sfi.lewiscc.dev
fast.fonts.net |
1 | code.jquery.com |
sfi.lewiscc.dev
|
0 | webchat-staging.santanderforintermediaries.co.uk Failed |
sfi.lewiscc.dev
|
27 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.introducers.santander.co.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.lewiscc.dev Sectigo RSA Domain Validation Secure Server CA |
2024-03-06 - 2025-03-07 |
a year | crt.sh |
fonts.net GTS CA 1P5 |
2024-04-04 - 2024-07-03 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
marker.io GTS CA 1P5 |
2024-04-16 - 2024-07-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sfi.lewiscc.dev/
Frame ID: 3E84BAC616574C055C2C15F26196C55F
Requests: 26 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Log On
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sfi.lewiscc.dev/ |
22 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
353d6d55-bea8-431c-b75d-24d3f948b295.css
fast.fonts.net/cssapi/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.3fc331cad175260075ae.css
sfi.lewiscc.dev/dist/css/ |
339 KB 72 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.3fc331cad175260075ae.js
sfi.lewiscc.dev/dist/js/ |
723 KB 236 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
santander-logo-red.jpg
sfi.lewiscc.dev/dist/images/ |
172 KB 172 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sfi-flame.svg
sfi.lewiscc.dev/dist/images/ |
649 B 715 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dummy-image.png
sfi.lewiscc.dev/media/wjbpfhyf/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cta-icon.png
sfi.lewiscc.dev/media/na0njtnu/ |
935 B 1013 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vector.png
sfi.lewiscc.dev/media/zg1dbsey/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vector2.png
sfi.lewiscc.dev/media/3exkq1m3/ |
639 B 694 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dummy-image.png
sfi.lewiscc.dev/media/wjbpfhyf/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.7.1.js
code.jquery.com/ |
279 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
authenticated-webchat
webchat-staging.santanderforintermediaries.co.uk/bundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
authenticated-webchat-style
webchat-staging.santanderforintermediaries.co.uk/bundles/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.css
fast.fonts.net/t/ |
0 253 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
shim.js
edge.marker.io/latest/ |
58 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SantanderTextW05-Regular.woff2
sfi.lewiscc.dev/dist/fonts/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SantanderTextW05-Bold.woff2
sfi.lewiscc.dev/dist/fonts/ |
48 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SFI-Icons.ttf
sfi.lewiscc.dev/dist/fonts/ |
356 KB 356 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SantanderHeadlineW05-Rg.woff2
sfi.lewiscc.dev/dist/fonts/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SantanderHeadlineW05-Bold.woff2
sfi.lewiscc.dev/dist/fonts/ |
48 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.v2.9.4.594cee46e865d1ff5f9b.js
edge.marker.io/latest/ |
213 KB 67 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.v2.9.4.f4d29df28f5f668cd585.js
edge.marker.io/latest/ |
249 KB 57 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
ping
api.marker.io/widget/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
ping
api.marker.io/widget/ |
3 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.v2.9.4.69a3bfbe39c292ad6494.js
edge.marker.io/latest/ |
163 KB 47 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
sfi.lewiscc.dev/ |
22 KB 22 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- webchat-staging.santanderforintermediaries.co.uk
- URL
- https://webchat-staging.santanderforintermediaries.co.uk/bundles/authenticated-webchat
- Domain
- webchat-staging.santanderforintermediaries.co.uk
- URL
- https://webchat-staging.santanderforintermediaries.co.uk/bundles/authenticated-webchat-style
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Santander (Banking)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| markerConfig object| __Marker object| Marker object| importMarkerChunkJSONP function| $ function| jQuery object| platform number| uidEvent object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.fonts.net/ | Name: __cf_bm Value: hnjAT4aT5vT._OOB_wPQUYfT_SbwxDlbJjycFG4j0d8-1714651714-1.0.1.1-MkBmkGIRQWxoUw85uvESpmLfU7Zb.rgw5kvkBXurrkV0z7CR5vF35visH5ibl5WoOaLieShBJoE0PdoqEJCpdA |
|
sfi.lewiscc.dev/ | Name: marker_id_6491a14fa44c73acaf6a2ab1 Value: 31b35830-e0ec-4e15-8f46-110b5ff66dac |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.marker.io
code.jquery.com
edge.marker.io
fast.fonts.net
sfi.lewiscc.dev
webchat-staging.santanderforintermediaries.co.uk
webchat-staging.santanderforintermediaries.co.uk
172.67.70.243
185.94.235.168
2606:4700::6810:291c
2a04:4e42:400::649
0e6dedde00af527bea9ade877679a5b30a1a34e2ea53cf4fde86a64660062f74
0edc0bd37d5f4b8e882497636027c6a20f689dbf487855645d20e841bb32492a
390197e87038764e4cfeb3179aceaffaa58bf94150bf46be328fcdb7de9a96b6
3a2a0f0e48a351205e8573e8e67082fc211dfb485991946ff78f871e7263f9e0
43869606fbc5b511d10902b10376f530394529a858ba322d6d7e6d6ad02547b9
4c1db2844b8d24c83fc7bc0263dc5e5ab708f6f136b8314f97052d17bcfc5b40
535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8
54f8b89ae2ea2b2761f8ca1def548abe2416575ebc5883a0c9db90844f9bc270
6016b0db52f0161145328acfa6dc6cc356c97258f865b9834c58d31331de9d43
784ad89d64b9e1c23fb9496ab0babbe23b6dc693dcdf6ae6d145961919a54720
78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe
7ea51ee2785949babe6387b65e684c39b4bb4c5703d85e7da532dc792bccf879
abfd0cba0262a992c4a62e425bf4a66a118d7e7819b1261ee360599c0e3c7252
ba3c1e5e0fd68f8e23c73fe97033234b3fb7f390d4ed860cc0b021d25ac49ff5
c7ebe8216c2a999fa8397a0978bad7f19061c060f35e0dd2c844d50c8cd6a6c0
d10157acf3f44676ef2f725d938ee93004f0d83120f36271ac1a173f5e987ac0
d9292f5aeb67c87cd795b51fcd918e5d2b5a5adb7fa66659e82ad4b67471e6d3
df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b
e2c1d79dd9705f4730f41915b1befa3ff43893c1a163fea1bb64c4e5d2bad994
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5658b52b9d71af7f5a9aeea13cb8341e8fdb60cf5a066c573f3e02903bd0b12
e7c9e2b565ebb3644321f60a6b2c51e2815bc43ea350d54a10252462206f4f68
ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29
f016c29a9f3aaac17f537c06f211ca7cacb1e0bdd3425d5cb61f71a6550d3f96