bancosantander.es.swtest.ru Open in urlscan Pro
77.222.61.25 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://bancosantander.es.swtest.ru/carrefour/
Submission: On September 23 via manual (September 23rd 2021, 9:27:52 pm UTC) from ES — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 16 HTTP transactions. The main IP is 77.222.61.25, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is bancosantander.es.swtest.ru.

This is the only time bancosantander.es.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Carrefour (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 9	77.222.61.25 77.222.61.25	44112 (SWEB-AS) (SWEB-AS)
3	45.60.78.12 45.60.78.12	19551 (INCAPSULA) (INCAPSULA)
1	172.67.214.69 172.67.214.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.202 142.250.185.202	15169 (GOOGLE) (GOOGLE)
3	172.217.23.99 172.217.23.99	15169 (GOOGLE) (GOOGLE)
16	5

9 77.222.61.25 (Russian Federation) 1 redirects

ASN44112 (SWEB-AS, RU)
PTR: vh289.sweb.ru

bancosantander.es.swtest.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.60.78.12 (United States)

ASN19551 (INCAPSULA, US)

www.pass.carrefour.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.214.69 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	swtest.ru 1 redirects bancosantander.es.swtest.ru	124 KB
3	gstatic.com fonts.gstatic.com	48 KB
3	carrefour.es www.pass.carrefour.es	10 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	fontawesome.com use.fontawesome.com	316 KB
16	5

	Domain	Requested by
9	bancosantander.es.swtest.ru	1 redirects bancosantander.es.swtest.ru
3	fonts.gstatic.com	fonts.googleapis.com
3	www.pass.carrefour.es	bancosantander.es.swtest.ru
1	fonts.googleapis.com	bancosantander.es.swtest.ru
1	use.fontawesome.com	bancosantander.es.swtest.ru
16	5

This site contains no links.

Subject Issuer	Validity	Valid
www.pass.carrefour.es DigiCert TLS RSA SHA256 2020 CA1	`2021-04-29` - `2022-05-30`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-07` - `2022-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://bancosantander.es.swtest.ru/carrefour/
Frame ID: 504B89ED9E2F48857F9443CB4C2FD90E
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PASS Carrefour acceso a Zona Clientes

Page URL History Show full URLs

http://bancosantander.es.swtest.ru/carrefour HTTP 301
http://bancosantander.es.swtest.ru/carrefour/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

50 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

499 kB
Transfer

1322 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bancosantander.es.swtest.ru/carrefour HTTP 301
http://bancosantander.es.swtest.ru/carrefour/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
bancosantander.es.swtest.ru/carrefour/
Redirect Chain

http://bancosantander.es.swtest.ru/carrefour
http://bancosantander.es.swtest.ru/carrefour/

9 KB
3 KB

490ms
490ms

Document
text/html

77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://bancosantander.es.swtest.ru/carrefour/
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 / PHP/7.4.16
Resource Hash: 96e62d7e41ffe4e2ce558d596663b6c4a3c74cb27cc6a09787e514a965fa6e54

Request headers

Host: bancosantander.es.swtest.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.19.1
Date: Thu, 23 Sep 2021 21:27:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.16
Set-Cookie: PHPSESSID=0f165af280ef77b5e42028eb5b8a562d; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

Redirect headers

Server: nginx/1.19.1
Date: Thu, 23 Sep 2021 21:27:47 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 371
Connection: keep-alive
Keep-Alive: timeout=10
Location: http://bancosantander.es.swtest.ru/carrefour/

GET
H/1.1 200
OK bootstrap.min.css
bancosantander.es.swtest.ru/carrefour/assets/css/ 138 KB
21 KB 55ms
55ms Stylesheet
text/css 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://bancosantander.es.swtest.ru/carrefour/assets/css/bootstrap.min.css
Requested by: Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 9ef4fbe459177af5f4e9647cbe584514fd36c7386af6a1712d03ae4b42e45b24

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://bancosantander.es.swtest.ru/carrefour/
Cookie: PHPSESSID=0f165af280ef77b5e42028eb5b8a562d
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/carrefour/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 21:27:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Sep 2021 17:18:41 GMT
Server: nginx/1.19.1
ETag: W/"444830a-22688-5ccacd27a5ad2"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK main.css
bancosantander.es.swtest.ru/carrefour/assets/css/ 12 KB
3 KB 94ms
48ms Stylesheet
text/css 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://bancosantander.es.swtest.ru/carrefour/assets/css/main.css
Requested by: Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 7e3cf2b6d422846b58f17c4b219f5a3660c97ec6070b1898f7eb3cdda63ddbf9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://bancosantander.es.swtest.ru/carrefour/
Cookie: PHPSESSID=0f165af280ef77b5e42028eb5b8a562d
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/carrefour/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 21:27:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Sep 2021 17:18:41 GMT
Server: nginx/1.19.1
ETag: W/"444830b-31c9-5ccacd27a5ad2"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H2 200 logo.svg
www.pass.carrefour.es/cs/Leonardo/img/Pub/ 22 KB
8 KB 200ms
124ms Image
image/svg+xml 45.60.78.12
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.pass.carrefour.es/cs/Leonardo/img/Pub/logo.svg

Requested by

Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.12 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4b90ce8b15a39d190983ce70034899df7bcd1e523042bc637326beb72ce098a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 21:27:47 GMT
content-encoding: gzip
last-modified: Thu, 18 Jul 2019 06:50:20 GMT
x-cdn: Imperva
age: 1
etag: "26096c-5878-58def05f20300"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-iinfo: 13-9236723-9233408 2VNN RT(1632432467792 0) q(0 0 0 0) r(2 2)
cache-control: max-age=86400, public
content-length: 7911

GET
H2 200 burguer.svg
www.pass.carrefour.es/cs/Leonardo/img/Pub/ 865 B
960 B 194ms
119ms Image
image/svg+xml 45.60.78.12
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.pass.carrefour.es/cs/Leonardo/img/Pub/burguer.svg

Requested by

Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.12 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c2a76ae6fb744e6076005aadefc77c20dbc036d6f2c72e7ad595df165ae9876c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 21:27:47 GMT
content-encoding: gzip
last-modified: Thu, 18 Jul 2019 06:50:20 GMT
x-cdn: Imperva
age: 1
etag: "26092e-361-58def05f20300"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-iinfo: 13-9236724-9233539 2VNN RT(1632432467795 0) q(0 0 0 0) r(2 2)
cache-control: max-age=86400, public
content-length: 467

GET
H2 200 user.svg
www.pass.carrefour.es/cs/Leonardo/img/Pub/ 1 KB
953 B 202ms
126ms Image
image/svg+xml 45.60.78.12
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.pass.carrefour.es/cs/Leonardo/img/Pub/user.svg

Requested by

Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.12 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a4737c844e565f1fb0950a93a1e2f323b5d264f5f10da60a1701cbd56821e6e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 21:27:47 GMT
content-encoding: gzip
last-modified: Thu, 18 Jul 2019 06:50:20 GMT
x-cdn: Imperva
age: 1
etag: "260955-4da-58def05f20300"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
x-iinfo: 13-9236725-9236612 2VNN RT(1632432467797 0) q(0 0 0 0) r(2 2)
cache-control: max-age=86400, public
content-length: 587

GET
H/1.1 200
OK jquery-3.3.1.slim.min.js Show response
bancosantander.es.swtest.ru/carrefour/assets/js/ 68 KB
24 KB 106ms
57ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://bancosantander.es.swtest.ru/carrefour/assets/js/jquery-3.3.1.slim.min.js
Requested by: Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 90b1062e67696dc253d20e324ed0dd5f953b39c069cf82e8c6fc14eb9f2f62d6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://bancosantander.es.swtest.ru/carrefour/
Cookie: PHPSESSID=0f165af280ef77b5e42028eb5b8a562d
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/carrefour/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 21:27:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Sep 2021 17:18:41 GMT
Server: nginx/1.19.1
ETag: W/"444830d-1111d-5ccacd27a5eba"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK popper.min.js Show response
bancosantander.es.swtest.ru/carrefour/assets/js/ 20 KB
7 KB 364ms
313ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://bancosantander.es.swtest.ru/carrefour/assets/js/popper.min.js
Requested by: Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://bancosantander.es.swtest.ru/carrefour/
Cookie: PHPSESSID=0f165af280ef77b5e42028eb5b8a562d
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/carrefour/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 21:27:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Sep 2021 17:18:41 GMT
Server: nginx/1.19.1
ETag: W/"4448310-4f74-5ccacd27a5eba"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK bootstrap.min.js Show response
bancosantander.es.swtest.ru/carrefour/assets/js/ 50 KB
14 KB 112ms
61ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://bancosantander.es.swtest.ru/carrefour/assets/js/bootstrap.min.js
Requested by: Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 5d7bfe9d27b26cf974c827eebc4323047f00e6b52b953d2be6d1e19a19230d10

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://bancosantander.es.swtest.ru/carrefour/
Cookie: PHPSESSID=0f165af280ef77b5e42028eb5b8a562d
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/carrefour/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 21:27:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Sep 2021 17:18:41 GMT
Server: nginx/1.19.1
ETag: W/"444830f-c8c4-5ccacd27a5eba"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.1.0/js/ 893 KB
316 KB 68ms
34ms Script
application/javascript 172.67.214.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.0/js/all.js
Requested by: Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.214.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 566d12cf66ff3d64ed100bdf634ce4b2de1dfa8ce38006f1b50912594865c1ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 21:27:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6830356
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 185ND532256X0FJP
x-amz-id-2: VcVCUktZbdiu+epLVGXOE8EOOdZiJ1JeEW3D79R0eKfVrIX2jVr+qSTWK7dDRfqJqO/xR9BV8EU=
last-modified: Wed, 30 Jun 2021 15:30:32 GMT
server: cloudflare
etag: W/"004993df80280fa6c4af6ca17c4e5433"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YuK9L%2BnUkotPW10d9B62ehUd1V9Ou5C66%2Bym1u5VA%2BRvvygu7QL%2Fc57CsxgZLombwiM2EXlEwtkb6fQYaP0GoUSt%2BixFYfkzJKR9jjt8GGsaNUJ1BAEZ%2B38gOlIFlSMP0%2F5WzxXx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31556926
cf-ray: 6936dbed1e77413e-PRG

GET
H/1.1 200
OK main.js Show response
bancosantander.es.swtest.ru/carrefour/assets/js/ 1015 B
606 B 115ms
62ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://bancosantander.es.swtest.ru/carrefour/assets/js/main.js
Requested by: Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: faf1ab86f93612b18d79987ed53985b63eeb124fcb004ab8471c13b1e937c7d5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Referer: http://bancosantander.es.swtest.ru/carrefour/
Cookie: PHPSESSID=0f165af280ef77b5e42028eb5b8a562d
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/carrefour/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 21:27:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Sep 2021 17:18:41 GMT
Server: nginx/1.19.1
ETag: W/"444830e-3f7-5ccacd27a5eba"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 66ms
25ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700

Requested by

Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

ESF /

Resource Hash

b0c6270c06376a439c78b771536429905666d4899fea1561e7d9a4b1d8a2eca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 19:59:23 GMT
server: ESF
date: Thu, 23 Sep 2021 21:27:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Sep 2021 21:27:48 GMT

GET
H/1.1 200
OK footer.jpg
bancosantander.es.swtest.ru/carrefour/assets/images/ 51 KB
52 KB 54ms
53ms Image
image/jpeg 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://bancosantander.es.swtest.ru/carrefour/assets/images/footer.jpg
Requested by: Host: bancosantander.es.swtest.ru
URL: http://bancosantander.es.swtest.ru/carrefour/assets/css/main.css
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 7b4ed3622afb78e2db2994c4ab464511d72479ca15f5bd787633c4251bc8ceac

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://bancosantander.es.swtest.ru/carrefour/assets/css/main.css
Cookie: PHPSESSID=0f165af280ef77b5e42028eb5b8a562d
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://bancosantander.es.swtest.ru/carrefour/assets/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 23 Sep 2021 21:27:48 GMT
Last-Modified: Thu, 23 Sep 2021 17:18:41 GMT
Server: nginx/1.19.1
ETag: "444830c-cd00-5ccacd27a5eba"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=10
Content-Length: 52480

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 16 KB
16 KB 29ms
7ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f3.1e100.net

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 17:41:06 GMT
x-content-type-options: nosniff
age: 100002
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 22 Sep 2022 17:41:06 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 15 KB
16 KB 33ms
11ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f3.1e100.net

Software

sffe /

Resource Hash

24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 21 Sep 2021 03:52:06 GMT
x-content-type-options: nosniff
age: 236142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15764
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:17 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Sep 2022 03:52:06 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 16 KB
16 KB 36ms
15ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f3.1e100.net

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://bancosantander.es.swtest.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:26:59 GMT
x-content-type-options: nosniff
age: 320449
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Sep 2022 04:26:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Carrefour (Financial)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
bancosantander.es.swtest.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0f165af280ef77b5e42028eb5b8a562d
.pass.carrefour.es/	1970-01-20 06:11:29	Name: visid_incap_1139608 Value: UuaZdGFDRpOv7uYWm74QP1PxTGEAAAAAQUIPAAAAAAD1nuEX5vh6GZ7nDryOKcyK
.pass.carrefour.es/	1969-12-31 23:59:59	Name: incap_ses_7228_1139608 Value: 98bpB/ECigB1My+K7gNPZFPxTGEAAAAANO+ze2nxajQlYgz8xy1RGQ==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bancosantander.es.swtest.ru
fonts.googleapis.com
fonts.gstatic.com
use.fontawesome.com
www.pass.carrefour.es
142.250.185.202
172.217.23.99
172.67.214.69
45.60.78.12
77.222.61.25
24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
4b90ce8b15a39d190983ce70034899df7bcd1e523042bc637326beb72ce098a1
566d12cf66ff3d64ed100bdf634ce4b2de1dfa8ce38006f1b50912594865c1ae
5d7bfe9d27b26cf974c827eebc4323047f00e6b52b953d2be6d1e19a19230d10
7b4ed3622afb78e2db2994c4ab464511d72479ca15f5bd787633c4251bc8ceac
7e3cf2b6d422846b58f17c4b219f5a3660c97ec6070b1898f7eb3cdda63ddbf9
90b1062e67696dc253d20e324ed0dd5f953b39c069cf82e8c6fc14eb9f2f62d6
96e62d7e41ffe4e2ce558d596663b6c4a3c74cb27cc6a09787e514a965fa6e54
9ef4fbe459177af5f4e9647cbe584514fd36c7386af6a1712d03ae4b42e45b24
a4737c844e565f1fb0950a93a1e2f323b5d264f5f10da60a1701cbd56821e6e3
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
b0c6270c06376a439c78b771536429905666d4899fea1561e7d9a4b1d8a2eca2
c2a76ae6fb744e6076005aadefc77c20dbc036d6f2c72e7ad595df165ae9876c
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
faf1ab86f93612b18d79987ed53985b63eeb124fcb004ab8471c13b1e937c7d5

bancosantander.es.swtest.ru Open in urlscan Pro 77.222.61.25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

50 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

499 kBTransfer

1322 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

3 Cookies

Indicators

bancosantander.es.swtest.ru Open in urlscan Pro
77.222.61.25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

50 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

499 kB
Transfer

1322 kB
Size

3
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!