retail-santander.net
Open in
urlscan Pro
37.9.175.188
Malicious Activity!
Public Scan
Effective URL: https://retail-santander.net/olbss/X0c9hQg6W8/l.php?id=Egm34L65sYZt48XK4kLi2OT6WmnwbM4U7foqu88ReWGbZa0jmfpU0IsTn3X739BhgMe9Kr...
Submission: On October 05 via api from ES — Scanned from ES
Summary
TLS certificate: Issued by R3 on October 4th 2023. Valid for: 3 months.
This is the only time retail-santander.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Santander (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 129.213.198.22 129.213.198.22 | 31898 (ORACLE-BM...) (ORACLE-BMC-31898) | |
1 1 | 35.190.2.215 35.190.2.215 | 15169 (GOOGLE) (GOOGLE) | |
1 13 | 37.9.175.188 37.9.175.188 | 51013 (WEBSUPPOR...) (WEBSUPPORT-SRO-SK-AS) | |
1 2 | 2606:4700:20:... 2606:4700:20::681a:85b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
20 | 5 |
ASN15169 (GOOGLE, US)
PTR: 215.2.190.35.bc.googleusercontent.com
hab.me |
ASN51013 (WEBSUPPORT-SRO-SK-AS, SK)
PTR: ing.r5.websupport.sk
retail-santander.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
retail-santander.net
1 redirects
retail-santander.net |
356 KB |
5 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 250 |
90 KB |
2 |
tailwindcss.com
1 redirects
cdn.tailwindcss.com — Cisco Umbrella Rank: 47264 |
108 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 405 |
34 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373 |
5 KB |
1 |
hab.me
1 redirects
hab.me |
148 B |
1 |
bc4.io
1 redirects
bc4.io |
416 B |
20 | 7 |
Domain | Requested by | |
---|---|---|
13 | retail-santander.net |
1 redirects
retail-santander.net
|
5 | cdnjs.cloudflare.com |
retail-santander.net
|
2 | cdn.tailwindcss.com |
1 redirects
retail-santander.net
|
1 | ajax.googleapis.com |
retail-santander.net
|
1 | cdn.jsdelivr.net |
retail-santander.net
|
1 | hab.me | 1 redirects |
1 | bc4.io | 1 redirects |
20 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
retail-santander.net R3 |
2023-10-04 - 2024-01-02 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-09-18 - 2023-12-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://retail-santander.net/olbss/X0c9hQg6W8/l.php?id=Egm34L65sYZt48XK4kLi2OT6WmnwbM4U7foqu88ReWGbZa0jmfpU0IsTn3X739BhgMe9Kr3FsA2wtuFsjustGlCG8Ghf5cDu8rLgy5TFt2hQpLJKWDe34Raa
Frame ID: DF5AEAAF323A4BBD90F403E17C733702
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Personal Online B_c238803edb9a0c38815f62ae6ac89b23c238803edb9a0c, SMc238803edb9a0c38815f62ae6ac89b23Page URL History Show full URLs
-
http://bc4.io/b092a8c
HTTP 301
https://hab.me/xFZcr6Z HTTP 301
https://retail-santander.net/olbss/index.php?pwd=SANUK23 HTTP 302
https://retail-santander.net/olbss/X0c9hQg6W8/l.php?id=Egm34L65sYZt48XK4kLi2OT6WmnwbM4U7foqu88ReWGbZa0jmf... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
animate.css (Web Frameworks) Expand
Detected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bc4.io/b092a8c
HTTP 301
https://hab.me/xFZcr6Z HTTP 301
https://retail-santander.net/olbss/index.php?pwd=SANUK23 HTTP 302
https://retail-santander.net/olbss/X0c9hQg6W8/l.php?id=Egm34L65sYZt48XK4kLi2OT6WmnwbM4U7foqu88ReWGbZa0jmfpU0IsTn3X739BhgMe9Kr3FsA2wtuFsjustGlCG8Ghf5cDu8rLgy5TFt2hQpLJKWDe34Raa Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cdn.tailwindcss.com/ HTTP 302
- https://cdn.tailwindcss.com/3.3.3
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
l.php
retail-santander.net/olbss/X0c9hQg6W8/ Redirect Chain
|
21 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.3.3
cdn.tailwindcss.com/ Redirect Chain
|
354 KB 108 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.min.css
cdn.jsdelivr.net/npm/animate.css@3.7.2/ |
57 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
retail-santander.net/olbss/assets/css/ |
239 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header-logo.png
retail-santander.net/olbss/assets/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhob.png
retail-santander.net/olbss/assets/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhom.png
retail-santander.net/olbss/assets/images/ |
963 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loty.png
retail-santander.net/olbss/assets/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader2.gif
retail-santander.net/olbss/assets/images/ |
112 KB 113 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bsa.png
retail-santander.net/olbss/assets/images/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bsm.png
retail-santander.net/olbss/assets/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fod.png
retail-santander.net/olbss/assets/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fom.png
retail-santander.net/olbss/assets/images/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ |
256 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
45 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
additional-methods.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
38 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.maskedinput.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.payment.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/ |
17 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Text-Regular.ttf
retail-santander.net/olbss/assets/font/ |
138 KB 138 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Santander (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| tailwind function| $ function| jQuery string| /template.html2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bc4.io/ | Name: reference Value: 2850481094463803379 |
|
retail-santander.net/ | Name: PHPSESSID Value: 8eb1aac2d8e3c7e25b5af543a11b6bf3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bc4.io
cdn.jsdelivr.net
cdn.tailwindcss.com
cdnjs.cloudflare.com
hab.me
retail-santander.net
129.213.198.22
2606:4700:20::681a:85b
2606:4700::6810:5614
2606:4700::6811:180e
2a00:1450:4001:806::200a
35.190.2.215
37.9.175.188
07345b3097d578fd42d8c2359e4e598b568435982b835ad2a01cc63920b6766f
0a6ad2e531d98102b975de4b5575985e0504092e123ebcd352b1eacaeb5990b0
11f518e87be7673a4983d9b1982a8e57774e65e084afdd9cadcf2de8a29a1661
1cbbf82e76783e2525148d29c323c82ab6018e1dfeefbe9cdd9250f89c991b86
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
3c34b516dc489a5ff3cb121a73b6cfc25ec0920394b2d3b742d30201e71e6e24
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
817b9a10e77915bc514a8d73d41bd3dd63ae9043188a9542ba20832a83adde0b
849889c4c32a9b7efc14cbcc9d78faee875664b47249865e167be7093449d2a4
8ea5165a14a0c8a5273cdb7e0820bd56ac90fbedfbe37d3cd602306b4adf2590
aed3d1a8cb34cf83ef47a99d4fd3ce481f7297a42ea35e8bac8c5481a8f44a47
b202161f05860cb1708ef7cb92c30fe48220d75be93c48c13f31f2a1281db6f1
f29600ba0dd9aaedab35d0caca7d865ed6fd333ae67c8f82520c1997b8eb778a
f700c3638638b62b07e614c8cae5665cf4bfa956452ab4e6fea5a15965fc40f7
faf54fe503f6acb9fa6e0ab01508d9d573da36283e297732219202955bcfc40e