![](/screenshots/898c52cf-6b21-4f73-b7c4-1b80355880e5.png)
hyatt-negoce.com
Open in
urlscan Pro
167.114.196.52
Malicious Activity!
Public Scan
Effective URL: http://hyatt-negoce.com/cli/Home.php?i=tablet.bancosantander.es/supernetLogin/indexSan.html?tsid=20182140546
Submission: On August 03 via manual from ES
Summary
This is the only time hyatt-negoce.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Santander (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 184.168.236.1 184.168.236.1 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
7 | 167.114.196.52 167.114.196.52 | 16276 (OVH) (OVH) | |
2 | 68.232.35.180 68.232.35.180 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
1 | 95.131.137.10 95.131.137.10 | 47841 (OXALIDE) (OXALIDE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
6 | 195.149.208.16 195.149.208.16 | 2134 (GSVNET-AS...) (GSVNET-AS GS Virtual Network Produban) | |
1 | 195.149.208.213 195.149.208.213 | 2134 (GSVNET-AS...) (GSVNET-AS GS Virtual Network Produban) | |
21 | 8 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: p3nlhg136c1136.shr.prod.phx3.secureserver.net
robertceccarelli.mobi |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
tags.tiqcdn.com |
ASN2134 (GSVNET-AS GS Virtual Network Produban, ES)
PTR: www.microsite.bancosantander.es
microsite.bancosantander.es |
ASN2134 (GSVNET-AS GS Virtual Network Produban, ES)
PTR: www.tablet.bancosantander.es
www.tablet.bancosantander.es |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
bancosantander.es
microsite.bancosantander.es www.tablet.bancosantander.es |
104 KB |
7 |
hyatt-negoce.com
hyatt-negoce.com |
1 MB |
2 |
tiqcdn.com
tags.tiqcdn.com |
12 KB |
1 |
googleapis.com
fonts.googleapis.com |
478 B |
1 |
ootil.fr
net.ootil.fr |
295 B |
1 |
robertceccarelli.mobi
robertceccarelli.mobi |
370 B |
21 | 6 |
Domain | Requested by | |
---|---|---|
7 | hyatt-negoce.com |
hyatt-negoce.com
|
6 | microsite.bancosantander.es |
hyatt-negoce.com
|
2 | tags.tiqcdn.com |
hyatt-negoce.com
|
1 | www.tablet.bancosantander.es |
hyatt-negoce.com
|
1 | fonts.googleapis.com |
hyatt-negoce.com
|
1 | net.ootil.fr |
hyatt-negoce.com
|
1 | robertceccarelli.mobi | |
21 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://hyatt-negoce.com/cli/Home.php?i=tablet.bancosantander.es/supernetLogin/indexSan.html?tsid=20182140546
Frame ID: E9C918128E23E3B188ECF5DBDE19828A
Requests: 21 HTTP requests in this frame
Screenshot
![](/screenshots/898c52cf-6b21-4f73-b7c4-1b80355880e5.png)
Page URL History Show full URLs
- http://robertceccarelli.mobi/auto-install.php Page URL
- http://hyatt-negoce.com/cli/ Page URL
- http://hyatt-negoce.com/cli/Home.php?i=tablet.bancosantander.es/supernetLogin/indexSan.html?tsid=201... Page URL
Detected technologies
Detected patterns
- url /\.php(?:$|\?)/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://robertceccarelli.mobi/auto-install.php Page URL
- http://hyatt-negoce.com/cli/ Page URL
- http://hyatt-negoce.com/cli/Home.php?i=tablet.bancosantander.es/supernetLogin/indexSan.html?tsid=20182140546 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
auto-install.php
robertceccarelli.mobi/ |
169 B 370 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
hyatt-negoce.com/cli/ |
171 B 341 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Home.php
hyatt-negoce.com/cli/ |
85 KB 85 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
hyatt-negoce.com/cli/files/ |
210 KB 211 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
supernetAll_170710_161546.min.js
hyatt-negoce.com/cli/files/ |
726 KB 726 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.2.js
tags.tiqcdn.com/utag/santander/bancaonlineparticulares/prod/ |
25 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.8.js
tags.tiqcdn.com/utag/santander/bancaonlineparticulares/prod/ |
21 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jd_new.js
net.ootil.fr/addo/ |
4 B 295 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
icon
fonts.googleapis.com/ |
574 B 478 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
hyatt-negoce.com/cli/files/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
540x345_123Mini_destacado_3.jpg
microsite.bancosantander.es/files/RWD/login/ |
32 KB 32 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
540x345_App123Mini_destacado.jpg
microsite.bancosantander.es/files/RWD/login/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
540x345_appSantanderWatch_destacado.jpg
microsite.bancosantander.es/files/RWD/login/ |
33 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Banner_landscape_Contacto1.png
microsite.bancosantander.es/files/RWD/login/ |
56 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Banner_landscape_Localizador1.png
microsite.bancosantander.es/files/RWD/login/ |
56 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
winter_afternoon.jpg
microsite.bancosantander.es/files/RWD/login/ |
56 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Lato-Light-webfont.woff2
hyatt-negoce.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Lato-Regular-webfont.woff2
hyatt-negoce.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
down.svg
www.tablet.bancosantander.es/supernetLogin/images/ |
603 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Light-webfont.woff
hyatt-negoce.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Regular-webfont.woff
hyatt-negoce.com/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- hyatt-negoce.com
- URL
- http://hyatt-negoce.com/fonts/Lato-Light-webfont.woff
- Domain
- hyatt-negoce.com
- URL
- http://hyatt-negoce.com/fonts/Lato-Regular-webfont.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Santander (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
hyatt-negoce.com
microsite.bancosantander.es
net.ootil.fr
robertceccarelli.mobi
tags.tiqcdn.com
www.tablet.bancosantander.es
hyatt-negoce.com
167.114.196.52
184.168.236.1
195.149.208.16
195.149.208.213
2a00:1450:4001:81d::200a
68.232.35.180
95.131.137.10
0b00979823a3e8eacd0e6cdad92a26dbf28abb50a4a62830e783765e49b7a016
223a29738b6bb59e02e3a942f1471d53e53414e08f7b75f21d08b9073d92f57c
3ae7a5c1d1e7578f4afd0e6402a19cef57908c3a5940fe3f4e1e0e7cfd1f2391
51341595d4c6d11d5bd454b616e869633780f1b328d4ab0b6b28a9343839381f
57abfdf5b87842d103bfe9a7f8608b606f01332d2a0cf28a3ca594ec5f8e25ad
68aa2ba53ff4390036ab7283dd7dc36d373f69d7bcd43bdb8c146ba109b73e93
7569d00df8e4e649c2f7f54c80e03a1438c210082b13d4b8a6425e11526e9f4e
9014c5228edea97e75c7a6a108204c19d562c0984a569f612ef79aea2901d12b
a7f00d10e56a2517b8e73b603c675746d89a31740088ecac7a73c372b5899bc3
b9dd83da9fe4b76b8159c80d4836b7df137a7ded4aa6d1ed0efa579257d932f0
bb5f0c36cf1c488246ab81b4cb82ee5c01923109967d1764e14b6004e988ad08
d978a3a4b0cabe0cf6424abaf81a61855d506ce38bd88a4d679bb69666ac23b1
e2f13239bbb729c61598658a4e7facf1cfbe8800cb58c8fc630135cf5aa922f1
f67b37b60885ebd27a691b387f2414701d5974f579f685a3b8f1ab66e6555d37