banking.triodos.co.uk

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 213.208.206.68, located in Amsterdam, Netherlands and belongs to COLT COLT Technology Services Group Limited, GB. The main domain is banking.triodos.co.uk.
TLS certificate: Issued by GlobalSign Extended Validation CA - S... on February 20th 2023. Valid for: a year.

This is the only time banking.triodos.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Triodos Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
4	213.208.206.68 213.208.206.68		8220 (COLT COLT...) (COLT COLT Technology Services Group Limited)
4	1

4 213.208.206.68 (Amsterdam, Netherlands)

ASN8220 (COLT COLT Technology Services Group Limited, GB)

banking.triodos.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	triodos.co.uk banking.triodos.co.uk	12 KB
4	1

	Domain	Requested by
4	banking.triodos.co.uk	banking.triodos.co.uk
4	1

This site contains no links.

Subject Issuer	Validity	Valid
banking.triodos.co.uk GlobalSign Extended Validation CA - SHA256 - G3	`2023-02-20` - `2024-03-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://banking.triodos.co.uk/ib-seam/angularib/index.html?v=24.09.02l
Frame ID: A801D9B8C954A7AF6867919457AE948C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Internet Banking - Triodos Bank

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

12 kB
Transfer

10 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request index.html Show response
banking.triodos.co.uk/ib-seam/angularib/ 2 KB
3 KB 178ms
22ms Document
text/html 213.208.206.68
COLT COLT Technol...

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.triodos.co.uk/ib-seam/angularib/index.html?v=24.09.02l

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.208.206.68 Amsterdam, Netherlands, ASN8220 (COLT COLT Technology Services Group Limited, GB),

Reverse DNS

Software

/

Resource Hash

9ef63297a867f9a693263c41e9237305e4519159ccba2c59c74adb8781f84f68

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .triodos.nl .triodos.be .triodos.co.uk .triodos.com data: blob:; report-uri /ib-seam/csp-report; object-src 'none'; connect-src 'self' wss://localhost:* https://p-pan.triodos.com/piwik.php https://.fourthline.com .triodos.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.fourthline.com https://wurfl.io .triodos.com; style-src 'self' 'unsafe-inline'; frame-src 'self' .triodos.nl .triodos.be .triodos.co.uk .triodos.com data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Connection: keep-alive
Content-Security-Policy: default-src 'self'; img-src 'self' *.triodos.nl *.triodos.be *.triodos.co.uk *.triodos.com data: blob:; report-uri /ib-seam/csp-report; object-src 'none'; connect-src 'self' wss://localhost:* https://p-pan.triodos.com/piwik.php https://*.fourthline.com *.triodos.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fourthline.com https://wurfl.io *.triodos.com; style-src 'self' 'unsafe-inline'; frame-src 'self' *.triodos.nl *.triodos.be *.triodos.co.uk *.triodos.com data:
Content-Type: text/html;charset=UTF-8
Date: Sat, 02 Mar 2024 10:57:12 GMT
Permissions-Policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), xr-spatial-tracking=()
Referrer-Policy: strict-origin-when-cross-origin
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK error.css
banking.triodos.co.uk/ib-seam/resources/stylesheet/ 4 KB
4 KB 21ms
20ms Stylesheet
text/css 213.208.206.68
COLT COLT Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://banking.triodos.co.uk/ib-seam/resources/stylesheet/error.css
Requested by: Host: banking.triodos.co.uk
URL: https://banking.triodos.co.uk/ib-seam/angularib/index.html?v=24.09.02l
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.208.206.68 Amsterdam, Netherlands, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software: /
Resource Hash: 3a4fb0b77d8009d53e6a2aa6a639820a829fd13f7549262e5eeb75aef89d604c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://banking.triodos.co.uk/ib-seam/angularib/index.html?v=24.09.02l
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Sat, 02 Mar 2024 10:57:12 GMT
Cache-Control: max-age=86400
Last-Modified: Mon, 26 Feb 2024 13:57:36 GMT
Connection: keep-alive
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/css

GET
H/1.1 200
OK headerLogo_nl.gif
banking.triodos.co.uk/ib-seam/images/ 2 KB
3 KB 42ms
20ms Image
image/gif 213.208.206.68
COLT COLT Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banking.triodos.co.uk/ib-seam/images/headerLogo_nl.gif
Requested by: Host: banking.triodos.co.uk
URL: https://banking.triodos.co.uk/ib-seam/angularib/index.html?v=24.09.02l
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.208.206.68 Amsterdam, Netherlands, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software: /
Resource Hash: f6edbf862904ac1db16a2c5d40d010df44af28331cd92fa4b6d9b7c4f675dd77

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://banking.triodos.co.uk/ib-seam/angularib/index.html?v=24.09.02l
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Sat, 02 Mar 2024 10:57:12 GMT
Cache-Control: max-age=2592000
Last-Modified: Mon, 26 Feb 2024 13:57:36 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2495
Content-Type: image/gif

GET
H/1.1 200
OK error.css
banking.triodos.co.uk/ib-seam/resources/stylesheet/ 2 KB
2 KB 34ms
21ms Image
text/css 213.208.206.68
COLT COLT Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banking.triodos.co.uk/ib-seam/resources/stylesheet/error.css
Requested by: Host: banking.triodos.co.uk
URL: https://banking.triodos.co.uk/ib-seam/resources/stylesheet/error.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.208.206.68 Amsterdam, Netherlands, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://banking.triodos.co.uk/ib-seam/resources/stylesheet/error.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Sat, 02 Mar 2024 10:57:12 GMT
Cache-Control: max-age=86400
Last-Modified: Mon, 26 Feb 2024 13:57:36 GMT
Connection: keep-alive
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Triodos Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			banking.triodos.co.uk/ib-seam	1969-12-31 23:59:59	Name: JSESSIONID Value: "75bQRVu0PaGEfNY_q2W6RYj0Q79zzd2UH3dHRvy_.nl010vn0787:IB2Server"
			banking.triodos.co.uk/	1970-01-20 18:49:38	Name: LB_IB Value: !vB9yrfS/DE8/bTcKDTCvUfF6Sk8pXucSMSNfTxBsEZbysDWY4WpVrImOWux8dyb7iqFd4fZEq4/1W38npY7n6BMfopZXLPT6su5adyP1DQ==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://banking.triodos.co.uk/ib-seam/angularib/index.html?v=24.09.02l#/account-overview Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .triodos.nl .triodos.be .triodos.co.uk .triodos.com data: blob:; report-uri /ib-seam/csp-report; object-src 'none'; connect-src 'self' wss://localhost:* https://p-pan.triodos.com/piwik.php https://.fourthline.com .triodos.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.fourthline.com https://wurfl.io .triodos.com; style-src 'self' 'unsafe-inline'; frame-src 'self' .triodos.nl .triodos.be .triodos.co.uk .triodos.com data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

banking.triodos.co.uk
213.208.206.68
3a4fb0b77d8009d53e6a2aa6a639820a829fd13f7549262e5eeb75aef89d604c
9ef63297a867f9a693263c41e9237305e4519159ccba2c59c74adb8781f84f68
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6edbf862904ac1db16a2c5d40d010df44af28331cd92fa4b6d9b7c4f675dd77

banking.triodos.co.uk Open in urlscan Pro 213.208.206.68 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

12 kBTransfer

10 kBSize

2 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

banking.triodos.co.uk Open in urlscan Pro
213.208.206.68 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

12 kB
Transfer

10 kB
Size

2
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!