superlinha-santander.com Open in urlscan Pro
2606:4700:3037::ac43:c145 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://superlinha-santander.com/
Effective URL:
https://superlinha-santander.com/
Submission Tags: @phishunt_io
Submission: On January 09 via api (January 9th 2024, 1:36:17 am UTC) from DE — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3037::ac43:c145, located in United States and belongs to CLOUDFLARENET, US. The main domain is superlinha-santander.com.
TLS certificate: Issued by GTS CA 1P5 on January 7th 2024. Valid for: 3 months.

This is the only time superlinha-santander.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3035::6815:14b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::ac43:c145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	45.60.197.69 45.60.197.69	19551 (INCAPSULA) (INCAPSULA)
13	3

1 2606:4700:3035::6815:14b0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

superlinha-santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:c145 (United States)

ASN13335 (CLOUDFLARENET, US)

superlinha-santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.60.197.69 (United States)

ASN19551 (INCAPSULA, US)

www.particulares.santander.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	santander.pt www.particulares.santander.pt — Cisco Umbrella Rank: 374491	14 KB
2	superlinha-santander.com 1 redirects superlinha-santander.com	2 KB
13	2

	Domain	Requested by
3	www.particulares.santander.pt	superlinha-santander.com www.particulares.santander.pt
2	superlinha-santander.com	1 redirects
13	2

This site contains no links.

Subject Issuer	Validity	Valid
superlinha-santander.com GTS CA 1P5	`2024-01-07` - `2024-04-06`	3 months	crt.sh
www.particulares.santander.pt Entrust Certification Authority - L1M	`2023-02-01` - `2024-02-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://superlinha-santander.com/
Frame ID: 243B91EAB0BA0F09CF8DBA8F89AB1435
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Site Santander Totta

Page URL History Show full URLs

http://superlinha-santander.com/ HTTP 301
https://superlinha-santander.com/ Page URL

Page Statistics

13
Requests

31 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

16 kB
Transfer

67 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://superlinha-santander.com/ HTTP 301
https://superlinha-santander.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
superlinha-santander.com/
Redirect Chain

http://superlinha-santander.com/
https://superlinha-santander.com/

4 KB
2 KB

99ms
66ms

Document
text/html

2606:4700:3037::ac43:c145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://superlinha-santander.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:c145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f382fc3561e74b8cbecdbb1b22f0b1caa97b8446cee08ecbba35e2169221c490

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8428f2a28fb91cca-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 09 Jan 2024 01:36:10 GMT
last-modified: Thu, 04 Jan 2024 15:51:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=waZDDqgYV5a8Xu6b%2FHkZeE7Wd9zaEG4SjRkJO8Np2b9GVphABp%2B6BdhiNbTRpEXWp9HbLlh6SRr2PPVnxbmUwQnm7gqaYRjYE41bOk%2BUNoUI%2FPPUBvd6i9T0%2BN5MHI%2Bj9QCp3UqnabLH6WFSVVK7IH0PA6qhxA0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

Redirect headers

CF-RAY: 8428f2a22fc563c1-LHR
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 09 Jan 2024 01:36:10 GMT
Expires: Tue, 09 Jan 2024 02:36:10 GMT
Location: https://superlinha-santander.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=No6RERb1bkNBgQe2Eczm04LwPsAE9h%2FVKg51Ig4T0DBI27tmobHTxxsAXBymJPZuD5HHX4%2BC%2Bi4Rzm4D6BYPB6dYLzIKZo80FJtP%2FQlcbZ4zqv281iQSWA5jlC1PSRMnNo%2FXkcb1LscgjBuHLbaYXyuNoItvqNs%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 login_and_register.css
www.particulares.santander.pt/ficheros/modern/css/ 44 KB
8 KB 200ms
118ms Stylesheet
text/css 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.particulares.santander.pt/ficheros/modern/css/login_and_register.css?v=1704335499783

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

948213e5149ae982d063fc29530c0da4d93e69ba9767003eaa510f185ab52c8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 01:36:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
content-type: text/css
x-iinfo: 12-171337875-171337934 2CNN RT(1704764169973 67) q(0 0 1 12) r(1 1)
cache-control: max-age=4032, public
x-incap-sess-cookie-hdr: 8mktcRPFCBuSy/beI0kvDAqjnGUAAAAAw4OKpML0NXuXQYUJ2pgGkg==
content-length: 7739
expires: Tue, 09 Jan 2024 02:43:22 GMT

GET
H2 200 fonts.css
www.particulares.santander.pt/ficheros/modern/css/ 4 KB
826 B 202ms
120ms Stylesheet
text/css 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.particulares.santander.pt/ficheros/modern/css/fonts.css?v=1704335499783

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

2f0e67192e014a837002fff61326afa99204d4b19c1b7c3d3a0c95fe4eea32df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 01:36:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
content-type: text/css
x-iinfo: 12-171337875-171337940 2CNN RT(1704764169973 86) q(0 0 1 10) r(1 1)
cache-control: max-age=4032, public
x-incap-sess-cookie-hdr: oOPtBulYfxaSy/beI0kvDAqjnGUAAAAAvAm9g9pVNLHo2dfkYvUuxQ==
content-length: 424
expires: Tue, 09 Jan 2024 02:43:22 GMT

GET
H2 200 login-image-0.svg
www.particulares.santander.pt/ficheros/modern/images/icons/ 14 KB
5 KB 169ms
87ms Image
image/svg+xml 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.particulares.santander.pt/ficheros/modern/images/icons/login-image-0.svg

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

768a38021128a2657d6267b5681dc037f9cd59f7b3b2c42a9c39879811089b16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 01:36:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
etag: "420f56fb"
content-type: image/svg+xml
x-iinfo: 12-171337875-0 0CNN RT(1704764169973 102) q(0 -1 -1 16) r(0 -1)
x-incap-sess-cookie-hdr: B/y5Cgu21liSy/beI0kvDAqjnGUAAAAAsvQfMfN2LLo3p0fxVbjKvw==
content-length: 4616

GET SantanderTextW05-Regular.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Regular.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Regular.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.particulares.santander.pt/	1970-01-21 02:18:08	Name: visid_incap_2833896 Value: h/zDZJv5QQW3jUAhpmwfKgqjnGUAAAAAQUIPAAAAAADa5zh0bJIQMHhGjePnsaFh
			.particulares.santander.pt/	1969-12-31 23:59:59	Name: incap_ses_878_2833896 Value: V9E7fa/Zc2WSy/beI0kvDAqjnGUAAAAASHYibVG25c5/zLPtwpga3w==

18 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

superlinha-santander.com
www.particulares.santander.pt
www.particulares.santander.pt
2606:4700:3035::6815:14b0
2606:4700:3037::ac43:c145
45.60.197.69
2f0e67192e014a837002fff61326afa99204d4b19c1b7c3d3a0c95fe4eea32df
768a38021128a2657d6267b5681dc037f9cd59f7b3b2c42a9c39879811089b16
948213e5149ae982d063fc29530c0da4d93e69ba9767003eaa510f185ab52c8d
f382fc3561e74b8cbecdbb1b22f0b1caa97b8446cee08ecbba35e2169221c490

superlinha-santander.com Open in urlscan Pro 2606:4700:3037::ac43:c145 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

31 %HTTPS

67 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

16 kBTransfer

67 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

18 Console Messages

Indicators

superlinha-santander.com Open in urlscan Pro
2606:4700:3037::ac43:c145 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

31 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

16 kB
Transfer

67 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!