santander-consumer.luigiheladeria.com Open in urlscan Pro
91.208.184.195 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hageregnadesign.com/wp-content/upgrade/no.php
Effective URL:
https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/?2f2bd5ba48799a008be519d2537a901e
Submission: On March 13 via manual (March 13th 2023, 8:37:29 am UTC) from NO — Scanned from NO

Summary HTTP 32 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 32 HTTP transactions. The main IP is 91.208.184.195, located in Moldova and belongs to ALEXHOST, MD. The main domain is santander-consumer.luigiheladeria.com.
TLS certificate: Issued by R3 on March 10th 2023. Valid for: 3 months.

This is the only time santander-consumer.luigiheladeria.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	173.249.60.35 173.249.60.35	51167 (CONTABO) (CONTABO)
3 20	91.208.184.195 91.208.184.195	200019 (ALEXHOST) (ALEXHOST)
4	45.60.34.180 45.60.34.180	19551 (INCAPSULA) (INCAPSULA)
2	178.63.128.65 178.63.128.65	24940 (HETZNER-AS) (HETZNER-AS)
4	178.63.219.113 178.63.219.113	24940 (HETZNER-AS) (HETZNER-AS)
32	6

1 173.249.60.35 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: rs6.rcnoc.com

hageregnadesign.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 91.208.184.195 (Moldova) 3 redirects

ASN200019 (ALEXHOST, MD)
PTR: ns1.site.com

santander-consumer.luigiheladeria.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.60.34.180 (United States)

ASN19551 (INCAPSULA, US)

minnettbank.santanderconsumer.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.63.128.65 (March, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: service.giosg.com

service.giosg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.63.219.113 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: service.giosg.com

3653.clients.giosgusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	luigiheladeria.com 3 redirects santander-consumer.luigiheladeria.com	141 KB
4	giosgusercontent.com 3653.clients.giosgusercontent.com	206 KB
4	santanderconsumer.no minnettbank.santanderconsumer.no	107 KB
2	giosg.com service.giosg.com — Cisco Umbrella Rank: 90107	11 KB
1	hageregnadesign.com hageregnadesign.com	365 B
32	5

	Domain	Requested by
20	santander-consumer.luigiheladeria.com	3 redirects santander-consumer.luigiheladeria.com
4	3653.clients.giosgusercontent.com	santander-consumer.luigiheladeria.com 3653.clients.giosgusercontent.com
4	minnettbank.santanderconsumer.no	santander-consumer.luigiheladeria.com minnettbank.santanderconsumer.no
2	service.giosg.com	santander-consumer.luigiheladeria.com 3653.clients.giosgusercontent.com
1	hageregnadesign.com
32	5

This site contains links to these domains. Also see Links.

Domain
minnettbank.santanderconsumer.no
www.santanderconsumer.no
finansportalen.no
santanderconsumer.no

Subject Issuer	Validity	Valid
hageregnadesign.com cPanel, Inc. Certification Authority	`2023-01-08` - `2023-04-08`	3 months	crt.sh
santander-consumer.luigiheladeria.com R3	`2023-03-10` - `2023-06-08`	3 months	crt.sh
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-02-24` - `2023-08-23`	6 months	crt.sh
*.giosg.com Starfield Secure Certificate Authority - G2	`2022-08-04` - `2023-08-19`	a year	crt.sh
*.clients.giosgusercontent.com Starfield Secure Certificate Authority - G2	`2022-08-11` - `2023-08-08`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/?2f2bd5ba48799a008be519d2537a901e
Frame ID: 10CB1BEC66DE0488B1CCA9DDF19D56C1
Requests: 12 HTTP requests in this frame

Frame: https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/login.php
Frame ID: 5651F9253D4CE954C5D6FEC9E6A533CD
Requests: 28 HTTP requests in this frame

Frame: https://3653.clients.giosgusercontent.com/cd/3653/el5gx/?url=https%3A%2F%2Fminnettbank.santanderconsumer.no%2F%3F_ga%3D2.20391291.2120698544.1677843496-1839495078.1677843496&dialog_id=8632
Frame ID: F08FF8E357E45710BAC246B75A8E09B7
Requests: 4 HTTP requests in this frame

Frame: https://service.giosg.com/credentials/3653/?url=https%3A%2F%2F3653.clients.giosgusercontent.com
Frame ID: 547474F84BAE858540FB2673E83833DA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nettbank for kredittkort, lån og leasing – Santander Consumer Bank

Page URL History Show full URLs

https://hageregnadesign.com/wp-content/upgrade/no.php Page URL
https://santander-consumer.luigiheladeria.com/santander HTTP 301
https://santander-consumer.luigiheladeria.com/santander/ HTTP 302
https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/?2f2bd5ba48799a008be519d2537a901e HTTP 302
https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/?2f2bd5ba48799a008be519d25... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

32
Requests

88 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

465 kB
Transfer

1736 kB
Size

7
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://minnettbank.santanderconsumer.no/mine-produkter/
Title: Til Mine produkter

Search URL Search Domain Scan URL

URL: https://www.santanderconsumer.no/kundeservice
Title: nettsidene

Search URL Search Domain Scan URL

URL: http://finansportalen.no/
Title: Finansportalen.no

Search URL Search Domain Scan URL

URL: https://santanderconsumer.no/personvern
Title: Personvern og cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hageregnadesign.com/wp-content/upgrade/no.php Page URL
https://santander-consumer.luigiheladeria.com/santander HTTP 301
https://santander-consumer.luigiheladeria.com/santander/ HTTP 302
https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/?2f2bd5ba48799a008be519d2537a901e HTTP 302
https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/?2f2bd5ba48799a008be519d2537a901e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 no.php Show response
hageregnadesign.com/wp-content/upgrade/ 154 B
365 B 681ms
84ms Document
text/html 173.249.60.35
CONTABO

General

Domain/Path	Expires	Name / Value
santander-consumer.luigiheladeria.com/santander	1969-12-31 23:59:59	Name: real Value: OK
santander-consumer.luigiheladeria.com/	1970-01-20 11:01:28	Name: bid Value: .2b21d0b84ea8a7626df5a841e8f282cb
.santanderconsumer.no/	1970-01-20 19:03:15	Name: visid_incap_2431390 Value: bAA/xBvSRDOyaaqjGOus+cXgDmQAAAAAQUIPAAAAAAAa5cz28+GTSCmGyPj/BSF4
.santanderconsumer.no/	1969-12-31 23:59:59	Name: incap_ses_277_2431390 Value: VB9wb7H/9T96WhVUlhrYA8XgDmQAAAAAHFn+AUNq1cutsKYDg7TXow==
.santanderconsumer.no/	1969-12-31 23:59:59	Name: nlbi_2431390 Value: RbFUVwaYG0dT1EPdHEWnIgAAAAAREzZTz8dwfofEfAwxT70m
3653.clients.giosgusercontent.com/	1970-01-20 19:02:26	Name: csrftoken Value: zJuCvCk30aITZp9tvKsY0oaow8rU3dwNoXLSe3kjgChWKOra1O40CUREGU1Vcq4q
service.giosg.com/	1970-01-20 19:54:16	Name: sgid Value: 4qqlhzrbwmcgzwanayaakaacontqeecizy3mrql2chw3tyicikwbeaapbq

Source	Level	URL Text
javascript	error	URL: https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/?2f2bd5ba48799a008be519d2537a901e#bankid Message: Access to font at 'https://minnettbank.santanderconsumer.no/Resources/Fonts/SantanderFont/Regular/SantanderTextW05-Regular.woff2' from origin 'https://santander-consumer.luigiheladeria.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'minnettbank.santanderconsumer.no'.
network	error	URL: https://minnettbank.santanderconsumer.no/Resources/Fonts/SantanderFont/Regular/SantanderTextW05-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/?2f2bd5ba48799a008be519d2537a901e#bankid Message: Access to font at 'https://minnettbank.santanderconsumer.no/Resources/Fonts/SantanderFont/Headline/SantanderHeadlineW05-Rg.ttf' from origin 'https://santander-consumer.luigiheladeria.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'minnettbank.santanderconsumer.no'.
network	error	URL: https://minnettbank.santanderconsumer.no/Resources/Fonts/SantanderFont/Headline/SantanderHeadlineW05-Rg.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/?2f2bd5ba48799a008be519d2537a901e#bankid Message: Access to font at 'https://minnettbank.santanderconsumer.no/Resources/Fonts/SantanderFont/Regular/SantanderTextW05-Regular.woff' from origin 'https://santander-consumer.luigiheladeria.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'minnettbank.santanderconsumer.no'.
network	error	URL: https://minnettbank.santanderconsumer.no/Resources/Fonts/SantanderFont/Regular/SantanderTextW05-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://santander-consumer.luigiheladeria.com/santander/.2b21d0b84ea8a7626df5a841e8f282cb/login/?2f2bd5ba48799a008be519d2537a901e#bankid Message: Access to font at 'https://minnettbank.santanderconsumer.no/Resources/Fonts/SantanderFont/Regular/SantanderTextW05-Regular.ttf' from origin 'https://santander-consumer.luigiheladeria.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'minnettbank.santanderconsumer.no'.
network	error	URL: https://minnettbank.santanderconsumer.no/Resources/Fonts/SantanderFont/Regular/SantanderTextW05-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
security	error	URL: https://3653.clients.giosgusercontent.com/static/visitor.7956a336899f8dcdb962.js(Line 32) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://minnettbank.santanderconsumer.no') does not match the recipient window's origin ('https://santander-consumer.luigiheladeria.com').
security	error	URL: https://3653.clients.giosgusercontent.com/static/visitor.7956a336899f8dcdb962.js(Line 32) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://minnettbank.santanderconsumer.no') does not match the recipient window's origin ('https://santander-consumer.luigiheladeria.com').
security	error	URL: https://3653.clients.giosgusercontent.com/static/visitor.7956a336899f8dcdb962.js(Line 32) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://minnettbank.santanderconsumer.no') does not match the recipient window's origin ('https://santander-consumer.luigiheladeria.com').
security	error	URL: https://3653.clients.giosgusercontent.com/static/visitor.7956a336899f8dcdb962.js(Line 32) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://minnettbank.santanderconsumer.no') does not match the recipient window's origin ('https://santander-consumer.luigiheladeria.com').

santander-consumer.luigiheladeria.com Open in urlscan Pro 91.208.184.195 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

32 Requests

88 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

6 IPs

3 Countries

465 kBTransfer

1736 kBSize

7 Cookies

4 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

santander-consumer.luigiheladeria.com Open in urlscan Pro
91.208.184.195 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

88 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

465 kB
Transfer

1736 kB
Size

7
Cookies

32 HTTP transactions
13 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!