superlinha-santander.com Open in urlscan Pro
2606:4700:3035::6815:14b0 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://superlinha-santander.com/
Effective URL:
https://superlinha-santander.com/
Submission: On January 07 via api (January 7th 2024, 12:15:44 pm UTC) from NL — Scanned from NL

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3035::6815:14b0, located in United States and belongs to CLOUDFLARENET, US. The main domain is superlinha-santander.com.
TLS certificate: Issued by GTS CA 1P5 on January 7th 2024. Valid for: 3 months.

This is the only time superlinha-santander.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::ac43:c145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3035::6815:14b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	45.60.197.69 45.60.197.69	19551 (INCAPSULA) (INCAPSULA)
13	3

1 2606:4700:3037::ac43:c145 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

superlinha-santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:14b0 (United States)

ASN13335 (CLOUDFLARENET, US)

superlinha-santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.60.197.69 (United States)

ASN19551 (INCAPSULA, US)

www.particulares.santander.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	santander.pt www.particulares.santander.pt — Cisco Umbrella Rank: 374491	14 KB
2	superlinha-santander.com 1 redirects superlinha-santander.com	2 KB
13	2

	Domain	Requested by
3	www.particulares.santander.pt	superlinha-santander.com www.particulares.santander.pt
2	superlinha-santander.com	1 redirects
13	2

This site contains no links.

Subject Issuer	Validity	Valid
superlinha-santander.com GTS CA 1P5	`2024-01-07` - `2024-04-06`	3 months	crt.sh
www.particulares.santander.pt Entrust Certification Authority - L1M	`2023-02-01` - `2024-02-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://superlinha-santander.com/
Frame ID: C4B2581DB1B87769FA70C55DEAE0457B
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://superlinha-santander.com/ HTTP 301
https://superlinha-santander.com/ Page URL

Page Statistics

13
Requests

31 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

15 kB
Transfer

67 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://superlinha-santander.com/ HTTP 301
https://superlinha-santander.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
superlinha-santander.com/
Redirect Chain

http://superlinha-santander.com/
https://superlinha-santander.com/

4 KB
2 KB

888ms
537ms

Document
text/html

2606:4700:3035::6815:14b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://superlinha-santander.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:14b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f382fc3561e74b8cbecdbb1b22f0b1caa97b8446cee08ecbba35e2169221c490

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 841c209cffcc482e-SIN
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 07 Jan 2024 12:15:39 GMT
last-modified: Thu, 04 Jan 2024 15:51:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLc7HdFjMtIl1gGSut1rIpGtjOV0LNXZKFqWYRl22PJTJCZdo6x4r%2B9pyI1Z1%2BGiETrixCJS4ug6f%2ByFvab7v8LuDCKe2RiUMKzIVOMuxJm8pTu0ctE7zVaPQIpAyvqJ50UPmDC2cveQDRBHorhEHHZ%2FAIeFINI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

Redirect headers

CF-RAY: 841c20999834f104-CDG
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sun, 07 Jan 2024 12:15:38 GMT
Expires: Sun, 07 Jan 2024 13:15:38 GMT
Location: https://superlinha-santander.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ToIcMdRxhXp33rIRI%2F726Yz%2Bb%2Fq2VpI79UMzP2M44fNJENLXguavXCRSdNKeFd6aO52UDa8m%2B38ioG5%2BngDIxJeiPCM%2BZtx3w9xFul%2BHhnvPS7BmId%2Fa2KCX%2BRnLRc4OXUWII%2F1QptmcuBJWBuMCJcVe7x8cQZQ%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 login_and_register.css
www.particulares.santander.pt/ficheros/modern/css/ 44 KB
8 KB 129ms
24ms Stylesheet
text/css 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.particulares.santander.pt/ficheros/modern/css/login_and_register.css?v=1704335499783

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

948213e5149ae982d063fc29530c0da4d93e69ba9767003eaa510f185ab52c8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 12:15:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
content-type: text/css
x-iinfo: 1-71184294-71184297 2CNN RT(1704629739039 15) q(0 0 0 0) r(0 0)
cache-control: max-age=578, public
x-incap-sess-cookie-hdr: mpcwOv7DfU2Xf0XnlG1pF+uVmmUAAAAA1x081zEgutc9EJct474bnw==
content-length: 7739
expires: Sun, 07 Jan 2024 12:25:17 GMT

GET
H2 200 fonts.css
www.particulares.santander.pt/ficheros/modern/css/ 4 KB
825 B 140ms
35ms Stylesheet
text/css 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.particulares.santander.pt/ficheros/modern/css/fonts.css?v=1704335499783

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

2f0e67192e014a837002fff61326afa99204d4b19c1b7c3d3a0c95fe4eea32df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 12:15:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
content-type: text/css
x-iinfo: 1-71184294-71184299 2CNN RT(1704629739039 16) q(0 0 0 4) r(0 0)
cache-control: max-age=578, public
x-incap-sess-cookie-hdr: JNKCWLIaVx6Xf0XnlG1pF+uVmmUAAAAA5wL1+wckoyab2VXTT4nc5w==
content-length: 424
expires: Sun, 07 Jan 2024 12:25:17 GMT

GET
H2 200 login-image-0.svg
www.particulares.santander.pt/ficheros/modern/images/icons/ 14 KB
5 KB 127ms
22ms Image
image/svg+xml 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.particulares.santander.pt/ficheros/modern/images/icons/login-image-0.svg

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

768a38021128a2657d6267b5681dc037f9cd59f7b3b2c42a9c39879811089b16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 12:15:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
etag: "420f56fb"
content-type: image/svg+xml
x-iinfo: 1-71184294-0 0CNN RT(1704629739039 19) q(0 -1 -1 2) r(0 -1)
x-incap-sess-cookie-hdr: G2VEF2kIuBmXf0XnlG1pF+uVmmUAAAAAegw5eF6eS+GtRokPNMwLcg==
content-length: 4616

GET SantanderTextW05-Regular.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Regular.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Regular.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.particulares.santander.pt/	1970-01-21 02:15:26	Name: visid_incap_2833896 Value: Fq8r78YjS1OEaCG9kCoJOOuVmmUAAAAAQUIPAAAAAACOL8+PjzXt6Ht58GeyR5yV
			.particulares.santander.pt/	1969-12-31 23:59:59	Name: incap_ses_1687_2833896 Value: 7JvtEmogrFeXf0XnlG1pF+uVmmUAAAAAXugbJoNiyr8QtTnSud5Urg==

18 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

superlinha-santander.com
www.particulares.santander.pt
www.particulares.santander.pt
2606:4700:3035::6815:14b0
2606:4700:3037::ac43:c145
45.60.197.69
2f0e67192e014a837002fff61326afa99204d4b19c1b7c3d3a0c95fe4eea32df
768a38021128a2657d6267b5681dc037f9cd59f7b3b2c42a9c39879811089b16
948213e5149ae982d063fc29530c0da4d93e69ba9767003eaa510f185ab52c8d
f382fc3561e74b8cbecdbb1b22f0b1caa97b8446cee08ecbba35e2169221c490

superlinha-santander.com Open in urlscan Pro 2606:4700:3035::6815:14b0 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

13 Requests

31 %HTTPS

67 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

15 kBTransfer

67 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

18 Console Messages

Indicators

superlinha-santander.com Open in urlscan Pro
2606:4700:3035::6815:14b0 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

31 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

15 kB
Transfer

67 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!