superlinha-santander.com Open in urlscan Pro
2606:4700:3035::6815:14b0 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://superlinha-santander.com/
Submission: On January 08 via manual (January 8th 2024, 5:58:05 pm UTC) from ES — Scanned from ES

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3035::6815:14b0, located in United States and belongs to CLOUDFLARENET, US. The main domain is superlinha-santander.com.
TLS certificate: Issued by GTS CA 1P5 on January 7th 2024. Valid for: 3 months.

This is the only time superlinha-santander.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3035::6815:14b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	45.60.197.69 45.60.197.69	19551 (INCAPSULA) (INCAPSULA)
13	3

1 2606:4700:3035::6815:14b0 (United States)

ASN13335 (CLOUDFLARENET, US)

superlinha-santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.60.197.69 (United States)

ASN19551 (INCAPSULA, US)

www.particulares.santander.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	santander.pt www.particulares.santander.pt — Cisco Umbrella Rank: 374491	14 KB
1	superlinha-santander.com superlinha-santander.com	2 KB
13	2

	Domain	Requested by
3	www.particulares.santander.pt	superlinha-santander.com www.particulares.santander.pt
1	superlinha-santander.com
13	2

This site contains no links.

Subject Issuer	Validity	Valid
superlinha-santander.com GTS CA 1P5	`2024-01-07` - `2024-04-06`	3 months	crt.sh
www.particulares.santander.pt Entrust Certification Authority - L1M	`2023-02-01` - `2024-02-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://superlinha-santander.com/
Frame ID: A4227CF171909B711EF07D1B0AE79C63
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Site Santander Totta

Page Statistics

13
Requests

31 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

15 kB
Transfer

67 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
superlinha-santander.com/ 4 KB
2 KB 249ms
160ms Document
text/html 2606:4700:3035::6815:14b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://superlinha-santander.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:14b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f382fc3561e74b8cbecdbb1b22f0b1caa97b8446cee08ecbba35e2169221c490

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 842653819ae35cfb-MAD
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 08 Jan 2024 17:58:01 GMT
last-modified: Thu, 04 Jan 2024 15:51:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e2okzoV8HNu0c9UNRyxAZyOL7AaNMpR6kG0MKR0MaWwZ6qa4NGAo1Ao2TMfCWguHv5arWa5%2FXNrv25qEW5Uea0mZyTI8AndOOpzQaADpgMnRpBLMkzZQTLu309Asp84cXULQxVq5d2GoCrjpNdE7iqqh0ObvnXU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

GET
H2 200 login_and_register.css
www.particulares.santander.pt/ficheros/modern/css/ 44 KB
8 KB 161ms
47ms Stylesheet
text/css 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.particulares.santander.pt/ficheros/modern/css/login_and_register.css?v=1704335499783

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

948213e5149ae982d063fc29530c0da4d93e69ba9767003eaa510f185ab52c8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:58:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
content-type: text/css
x-iinfo: 10-131686179-131686189 2CNN RT(1704736680936 32) q(0 0 0 0) r(0 0)
cache-control: max-age=9169, public
x-incap-sess-cookie-hdr: 3hUseDTdQmC2D8zOb41bBKg3nGUAAAAAfpJtopa2IrqWldBzyZnnhg==
content-length: 7739
expires: Mon, 08 Jan 2024 20:30:49 GMT

GET
H2 200 fonts.css
www.particulares.santander.pt/ficheros/modern/css/ 4 KB
825 B 185ms
71ms Stylesheet
text/css 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.particulares.santander.pt/ficheros/modern/css/fonts.css?v=1704335499783

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

2f0e67192e014a837002fff61326afa99204d4b19c1b7c3d3a0c95fe4eea32df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:58:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
content-type: text/css
x-iinfo: 10-131686179-131686190 2CNN RT(1704736680936 33) q(0 0 0 4) r(0 0)
cache-control: max-age=9169, public
x-incap-sess-cookie-hdr: IXyMMBpENH22D8zOb41bBKg3nGUAAAAA5/AJvrDcRko48q+vEClEjA==
content-length: 424
expires: Mon, 08 Jan 2024 20:30:49 GMT

GET
H2 200 login-image-0.svg
www.particulares.santander.pt/ficheros/modern/images/icons/ 14 KB
5 KB 154ms
41ms Image
image/svg+xml 45.60.197.69
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.particulares.santander.pt/ficheros/modern/images/icons/login-image-0.svg

Requested by

Host: superlinha-santander.com
URL: https://superlinha-santander.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.197.69 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

768a38021128a2657d6267b5681dc037f9cd59f7b3b2c42a9c39879811089b16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://superlinha-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:58:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Dec 2023 15:57:48 GMT
x-cdn: Imperva
etag: "420f56fb"
content-type: image/svg+xml
x-iinfo: 10-131686179-0 0CNN RT(1704736680936 40) q(0 -1 -1 0) r(0 -1)
x-incap-sess-cookie-hdr: 1+v9WxpK12u2D8zOb41bBKg3nGUAAAAAsmieamwse/YY9Pw3vAQBJQ==
content-length: 4616

GET SantanderTextW05-Regular.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.woff2
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Regular.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.woff
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Regular.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderHeadlineW05-Bold.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

GET SantanderTextW05-Bold.ttf
www.particulares.santander.pt/ficheros/modern/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf

Domain: www.particulares.santander.pt
URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.particulares.santander.pt/	1970-01-21 02:16:58	Name: visid_incap_2833896 Value: gkbKNt+1QpO0U97Xg29tmKg3nGUAAAAAQUIPAAAAAACfBJi34LG10BeG7ATi9rA7
			.particulares.santander.pt/	1969-12-31 23:59:59	Name: incap_ses_314_2833896 Value: d/KyQq2+wCy2D8zOb41bBKg3nGUAAAAAIlgifcNhYP4W64fldgBRSw==

18 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderHeadlineW05-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://superlinha-santander.com/ Message: Access to font at 'https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf' from origin 'https://superlinha-santander.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.particulares.santander.pt/ficheros/modern/fonts/SantanderTextW05-Bold.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

superlinha-santander.com
www.particulares.santander.pt
www.particulares.santander.pt
2606:4700:3035::6815:14b0
45.60.197.69
2f0e67192e014a837002fff61326afa99204d4b19c1b7c3d3a0c95fe4eea32df
768a38021128a2657d6267b5681dc037f9cd59f7b3b2c42a9c39879811089b16
948213e5149ae982d063fc29530c0da4d93e69ba9767003eaa510f185ab52c8d
f382fc3561e74b8cbecdbb1b22f0b1caa97b8446cee08ecbba35e2169221c490

superlinha-santander.com Open in urlscan Pro 2606:4700:3035::6815:14b0 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

13 Requests

31 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

15 kBTransfer

67 kBSize

2 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

18 Console Messages

Indicators

superlinha-santander.com Open in urlscan Pro
2606:4700:3035::6815:14b0 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

31 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

15 kB
Transfer

67 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!