sntafe.com Open in urlscan Pro
208.97.186.217 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nuvodesantafe.com/
Effective URL:
https://sntafe.com/banking1.htm
Submission: On July 31 via api (July 31st 2022, 11:14:41 am UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 208.97.186.217, located in United States and belongs to DREAMHOST-AS, US. The main domain is sntafe.com.
TLS certificate: Issued by R3 on July 12th 2022. Valid for: 3 months.

This is the only time sntafe.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Santa Fe (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	208.97.186.218 208.97.186.218	26347 (DREAMHOST-AS) (DREAMHOST-AS)
1 15	208.97.186.217 208.97.186.217	26347 (DREAMHOST-AS) (DREAMHOST-AS)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
15	2

1 208.97.186.218 (United States) 1 redirects

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-fritz.iad1-shared-d12-02.dreamhost.com

nuvodesantafe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 208.97.186.217 (United States) 1 redirects

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-rank.iad1-shared-d12-02.dreamhost.com

sntafe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	sntafe.com 1 redirects sntafe.com	572 KB
1	gstatic.com fonts.gstatic.com	33 KB
1	nuvodesantafe.com 1 redirects nuvodesantafe.com	329 B
15	3

	Domain	Requested by
15	sntafe.com	1 redirects sntafe.com
1	fonts.gstatic.com	sntafe.com
1	nuvodesantafe.com	1 redirects
15	3

This site contains no links.

Subject Issuer	Validity	Valid
www.sntafe.com R3	`2022-07-12` - `2022-10-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sntafe.com/banking1.htm
Frame ID: 11FC113D4437E4C8F713E597DB7D8F79
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home banking

Page URL History Show full URLs

http://nuvodesantafe.com/ HTTP 302
https://sntafe.com/ HTTP 302
https://sntafe.com/banking1.htm Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

606 kB
Transfer

639 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nuvodesantafe.com/ HTTP 302
https://sntafe.com/ HTTP 302
https://sntafe.com/banking1.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request banking1.htm Show response
sntafe.com/
Redirect Chain

http://nuvodesantafe.com/
https://sntafe.com/
https://sntafe.com/banking1.htm

21 KB
4 KB

105ms
104ms

Document
text/html

208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: 854e0d99f2b65b33eef746844dfa8898030246846671e995d6e763068af1a661

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=600
content-encoding: gzip
content-length: 3624
content-type: text/html
date: Sun, 31 Jul 2022 11:14:30 GMT
etag: "53ff-5e3ee877900f3-gzip"
expires: Sun, 31 Jul 2022 11:24:30 GMT
last-modified: Sat, 16 Jul 2022 16:21:38 GMT
server: Apache
vary: Accept-Encoding,User-Agent

Redirect headers

cache-control: max-age=600
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 31 Jul 2022 11:14:30 GMT
expires: Sun, 31 Jul 2022 11:24:30 GMT
location: banking1.htm
server: Apache
vary: User-Agent

GET
H2 200 styles.d234598b30cf55ae.css
sntafe.com/bankingfiles/ 16 KB
3 KB 109ms
108ms Stylesheet
text/css 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sntafe.com/bankingfiles/styles.d234598b30cf55ae.css
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: 9237160c6a94fc68f4a0c289ce3beb73b86f153f60d9e347b624d744a85e5e96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:42 GMT
server: Apache
etag: "3e11-5e3ee87c1b29f-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3441
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 arrowLeft.84536c01.svg
sntafe.com/bankingfiles/ 2 KB
1 KB 106ms
106ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/arrowLeft.84536c01.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: 27bbd9028df630b54404f06b6629575df36ecf41e4e315df887eb4b733333c70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:40 GMT
server: Apache
etag: "8d9-5e3ee8796e952-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 980
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 sf_logo.5c3d5626.svg
sntafe.com/bankingfiles/ 5 KB
2 KB 120ms
117ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/sf_logo.5c3d5626.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: c1d27d713bd83d894b08adc0eaa71d1605f4a4b7355618de389ca69a7ffd8a85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:42 GMT
server: Apache
etag: "134d-5e3ee87ba30b7-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1899
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 userIcon.05863261.svg
sntafe.com/bankingfiles/ 707 B
414 B 116ms
114ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/userIcon.05863261.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: c1c1f1705c01a58229653446079e4d8c98a4880e2bed3a2cffd64f7eab0091aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:43 GMT
server: Apache
etag: "2c3-5e3ee87c81b46-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 335
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 unchecked.535dfcb2.svg
sntafe.com/bankingfiles/ 421 B
264 B 117ms
115ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/unchecked.535dfcb2.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: b9ffc0bdbf44efff94d1a109b490b461730eccda31703e8ccc260fe1aa5e530c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:43 GMT
server: Apache
etag: "1a5-5e3ee87c4eec2-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 210
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 shopCart.1bdf873b.svg
sntafe.com/bankingfiles/ 3 KB
1 KB 120ms
118ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/shopCart.1bdf873b.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: f05257244867011175f400e764607515b5ca3d3ad88d9526a13c476ef2aa304d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:42 GMT
server: Apache
etag: "ccb-5e3ee87bd6cdb-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1382
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 phone.7c4fa481.svg
sntafe.com/bankingfiles/ 1 KB
587 B 166ms
164ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/phone.7c4fa481.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: 6a35028cefde4cfc9c2a8b55928db104c60c81fc14e60c7b28b22f1c5457ffa2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:41 GMT
server: Apache
etag: "400-5e3ee87ae78ab-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 509
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 lapiz.svg
sntafe.com/bankingfiles/ 520 B
402 B 167ms
165ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/lapiz.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: 2bfee0a7ccdf672bb2d3565d86cbbba4167cc103e4354cd672ce8389edb57b6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:40 GMT
server: Apache
etag: "208-5e3ee879d51f9-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 346
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 candada.svg
sntafe.com/bankingfiles/ 1 KB
556 B 166ms
165ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/candada.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: bcd9bab6f0a041f31b1ce4a88a2048ff95b092ea42def5c9c6ae04ef8e64914a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:40 GMT
server: Apache
etag: "447-5e3ee879a2576-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 501
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 ojo-cerrado.svg
sntafe.com/bankingfiles/ 916 B
569 B 168ms
167ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/ojo-cerrado.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: 102eddb08e2596ca27fd79bf70749fcbb6f5f6f5de47897968d3b0b6d3c2251b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:41 GMT
server: Apache
etag: "394-5e3ee87ab3c87-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 513
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 laptop.svg
sntafe.com/bankingfiles/ 1 KB
538 B 167ms
166ms Image
image/svg+xml 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/bankingfiles/laptop.svg
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: 5d072100deb5c01907b60383fbe7ab5b7c5bcf2d30776ba78eeb88200f5ac3c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/banking1.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
content-encoding: gzip
last-modified: Sat, 16 Jul 2022 16:21:40 GMT
server: Apache
etag: "443-5e3ee87a08e1c-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 483
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 404 jquery-3.js
sntafe.com/files/ 0
0 114ms
112ms Script
text/html 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sntafe.com/files/jquery-3.js
Requested by: Host: sntafe.com
URL: https://sntafe.com/banking1.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash

Request headers

Referer: https://sntafe.com/banking1.htm
Origin: https://sntafe.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 200 background-sf.a72c137b.jpg
sntafe.com/image/ 554 KB
558 KB 105ms
104ms Image
image/jpeg 208.97.186.217
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sntafe.com/image/background-sf.a72c137b.jpg
Requested by: Host: sntafe.com
URL: https://sntafe.com/bankingfiles/styles.d234598b30cf55ae.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 208.97.186.217 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-rank.iad1-shared-d12-02.dreamhost.com
Software: Apache /
Resource Hash: 96e406d5f8b8c86ee024f3ab98eaa55797d67c6e16c527f401d14ad3b4a4dbe6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sntafe.com/bankingfiles/styles.d234598b30cf55ae.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 31 Jul 2022 11:14:30 GMT
last-modified: Sat, 16 Jul 2022 16:21:19 GMT
server: Apache
etag: "8a63d-5e3ee86559e01"
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 566845
expires: Tue, 30 Aug 2022 11:14:30 GMT

GET
H2 200 iJWKBXyIfDnIV7nBrXw.woff2
fonts.gstatic.com/s/rubik/v20/ 33 KB
33 KB 69ms
20ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v20/iJWKBXyIfDnIV7nBrXw.woff2

Requested by

Host: sntafe.com
URL: https://sntafe.com/bankingfiles/styles.d234598b30cf55ae.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

815772b443b23ef0ef0929fd6305b13cae6a6345c7d55613a9d8d03e2f9efdb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sntafe.com/
Origin: https://sntafe.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 19:27:22 GMT
x-content-type-options: nosniff
age: 316028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33620
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:47:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jul 2023 19:27:22 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Santa Fe (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sntafe.com/files/jquery-3.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
nuvodesantafe.com
sntafe.com
208.97.186.217
208.97.186.218
2a00:1450:4001:811::2003
102eddb08e2596ca27fd79bf70749fcbb6f5f6f5de47897968d3b0b6d3c2251b
27bbd9028df630b54404f06b6629575df36ecf41e4e315df887eb4b733333c70
2bfee0a7ccdf672bb2d3565d86cbbba4167cc103e4354cd672ce8389edb57b6b
5d072100deb5c01907b60383fbe7ab5b7c5bcf2d30776ba78eeb88200f5ac3c0
6a35028cefde4cfc9c2a8b55928db104c60c81fc14e60c7b28b22f1c5457ffa2
815772b443b23ef0ef0929fd6305b13cae6a6345c7d55613a9d8d03e2f9efdb8
854e0d99f2b65b33eef746844dfa8898030246846671e995d6e763068af1a661
9237160c6a94fc68f4a0c289ce3beb73b86f153f60d9e347b624d744a85e5e96
96e406d5f8b8c86ee024f3ab98eaa55797d67c6e16c527f401d14ad3b4a4dbe6
b9ffc0bdbf44efff94d1a109b490b461730eccda31703e8ccc260fe1aa5e530c
bcd9bab6f0a041f31b1ce4a88a2048ff95b092ea42def5c9c6ae04ef8e64914a
c1c1f1705c01a58229653446079e4d8c98a4880e2bed3a2cffd64f7eab0091aa
c1d27d713bd83d894b08adc0eaa71d1605f4a4b7355618de389ca69a7ffd8a85
f05257244867011175f400e764607515b5ca3d3ad88d9526a13c476ef2aa304d

sntafe.com Open in urlscan Pro 208.97.186.217 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

606 kBTransfer

639 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

sntafe.com Open in urlscan Pro
208.97.186.217 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

606 kB
Transfer

639 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!