bancosantander.es.swtest.ru
Open in
urlscan Pro
77.222.61.25
Malicious Activity!
Public Scan
Submission: On September 23 via manual from ES — Scanned from DE
Summary
This is the only time bancosantander.es.swtest.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Carrefour (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 77.222.61.25 77.222.61.25 | 44112 (SWEB-AS) (SWEB-AS) | |
3 | 45.60.78.12 45.60.78.12 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 172.67.214.69 172.67.214.69 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.185.202 142.250.185.202 | 15169 (GOOGLE) (GOOGLE) | |
3 | 172.217.23.99 172.217.23.99 | 15169 (GOOGLE) (GOOGLE) | |
16 | 5 |
ASN44112 (SWEB-AS, RU)
PTR: vh289.sweb.ru
bancosantander.es.swtest.ru |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
swtest.ru
1 redirects
bancosantander.es.swtest.ru |
124 KB |
3 |
gstatic.com
fonts.gstatic.com |
48 KB |
3 |
carrefour.es
www.pass.carrefour.es |
10 KB |
1 |
googleapis.com
fonts.googleapis.com |
1 KB |
1 |
fontawesome.com
use.fontawesome.com |
316 KB |
16 | 5 |
Domain | Requested by | |
---|---|---|
9 | bancosantander.es.swtest.ru |
1 redirects
bancosantander.es.swtest.ru
|
3 | fonts.gstatic.com |
fonts.googleapis.com
|
3 | www.pass.carrefour.es |
bancosantander.es.swtest.ru
|
1 | fonts.googleapis.com |
bancosantander.es.swtest.ru
|
1 | use.fontawesome.com |
bancosantander.es.swtest.ru
|
16 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.pass.carrefour.es DigiCert TLS RSA SHA256 2020 CA1 |
2021-04-29 - 2022-05-30 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-07 - 2022-07-06 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://bancosantander.es.swtest.ru/carrefour/
Frame ID: 504B89ED9E2F48857F9443CB4C2FD90E
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
PASS Carrefour acceso a Zona ClientesPage URL History Show full URLs
-
http://bancosantander.es.swtest.ru/carrefour
HTTP 301
http://bancosantander.es.swtest.ru/carrefour/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bancosantander.es.swtest.ru/carrefour
HTTP 301
http://bancosantander.es.swtest.ru/carrefour/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
bancosantander.es.swtest.ru/carrefour/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
bancosantander.es.swtest.ru/carrefour/assets/css/ |
138 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
bancosantander.es.swtest.ru/carrefour/assets/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
www.pass.carrefour.es/cs/Leonardo/img/Pub/ |
22 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
burguer.svg
www.pass.carrefour.es/cs/Leonardo/img/Pub/ |
865 B 960 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.svg
www.pass.carrefour.es/cs/Leonardo/img/Pub/ |
1 KB 953 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.slim.min.js
bancosantander.es.swtest.ru/carrefour/assets/js/ |
68 KB 24 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popper.min.js
bancosantander.es.swtest.ru/carrefour/assets/js/ |
20 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
bancosantander.es.swtest.ru/carrefour/assets/js/ |
50 KB 14 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.1.0/js/ |
893 KB 316 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
bancosantander.es.swtest.ru/carrefour/assets/js/ |
1015 B 606 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
9 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer.jpg
bancosantander.es.swtest.ru/carrefour/assets/images/ |
51 KB 52 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Carrefour (Financial)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| Popper object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bancosantander.es.swtest.ru/ | Name: PHPSESSID Value: 0f165af280ef77b5e42028eb5b8a562d |
|
.pass.carrefour.es/ | Name: visid_incap_1139608 Value: UuaZdGFDRpOv7uYWm74QP1PxTGEAAAAAQUIPAAAAAAD1nuEX5vh6GZ7nDryOKcyK |
|
.pass.carrefour.es/ | Name: incap_ses_7228_1139608 Value: 98bpB/ECigB1My+K7gNPZFPxTGEAAAAANO+ze2nxajQlYgz8xy1RGQ== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bancosantander.es.swtest.ru
fonts.googleapis.com
fonts.gstatic.com
use.fontawesome.com
www.pass.carrefour.es
142.250.185.202
172.217.23.99
172.67.214.69
45.60.78.12
77.222.61.25
24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
4b90ce8b15a39d190983ce70034899df7bcd1e523042bc637326beb72ce098a1
566d12cf66ff3d64ed100bdf634ce4b2de1dfa8ce38006f1b50912594865c1ae
5d7bfe9d27b26cf974c827eebc4323047f00e6b52b953d2be6d1e19a19230d10
7b4ed3622afb78e2db2994c4ab464511d72479ca15f5bd787633c4251bc8ceac
7e3cf2b6d422846b58f17c4b219f5a3660c97ec6070b1898f7eb3cdda63ddbf9
90b1062e67696dc253d20e324ed0dd5f953b39c069cf82e8c6fc14eb9f2f62d6
96e62d7e41ffe4e2ce558d596663b6c4a3c74cb27cc6a09787e514a965fa6e54
9ef4fbe459177af5f4e9647cbe584514fd36c7386af6a1712d03ae4b42e45b24
a4737c844e565f1fb0950a93a1e2f323b5d264f5f10da60a1701cbd56821e6e3
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
b0c6270c06376a439c78b771536429905666d4899fea1561e7d9a4b1d8a2eca2
c2a76ae6fb744e6076005aadefc77c20dbc036d6f2c72e7ad595df165ae9876c
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
faf1ab86f93612b18d79987ed53985b63eeb124fcb004ab8471c13b1e937c7d5