santander.app-parametros.com Open in urlscan Pro
178.215.236.184 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://santander.app-parametros.com/
Effective URL:
https://santander.app-parametros.com/login
Submission: On September 21 via automatic, source openphish (September 21st 2024, 2:24:39 am UTC) — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 17 HTTP transactions. The main IP is 178.215.236.184, located in Ashburn, United States and belongs to STELLARGROUPSAS, FR. The main domain is santander.app-parametros.com.
TLS certificate: Issued by R10 on September 20th 2024. Valid for: 3 months.

This is the only time santander.app-parametros.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 11	178.215.236.184 178.215.236.184	214961 (STELLARGR...) (STELLARGROUPSAS)
2	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
17	6

11 178.215.236.184 (Ashburn, United States) 1 redirects

ASN214961 (STELLARGROUPSAS, FR)

santander.app-parametros.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	app-parametros.com 1 redirects santander.app-parametros.com	313 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	358 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 327	49 KB
1	gstatic.com fonts.gstatic.com	47 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 32	2 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 794	30 KB
17	6

	Domain	Requested by
11	santander.app-parametros.com	1 redirects santander.app-parametros.com
2	cdnjs.cloudflare.com	santander.app-parametros.com
2	cdn.jsdelivr.net	santander.app-parametros.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	santander.app-parametros.com
1	code.jquery.com	santander.app-parametros.com
17	6

This site contains no links.

Subject Issuer	Validity	Valid
santander.app-parametros.com R10	`2024-09-20` - `2024-12-19`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://santander.app-parametros.com/login
Frame ID: 3A90F89BE286FC99502302B60AF722DA
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Particulares

Page URL History Show full URLs

https://santander.app-parametros.com/ HTTP 302
https://santander.app-parametros.com/login Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

17
Requests

100 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

799 kB
Transfer

1934 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://santander.app-parametros.com/ HTTP 302
https://santander.app-parametros.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
santander.app-parametros.com/
Redirect Chain

https://santander.app-parametros.com/
https://santander.app-parametros.com/login

16 KB
4 KB

24ms
23ms

Document
text/html

178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to

Full URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: e1b6bf8e613fb045fe965b40de380392a94ebc4d09971d9880eca7d9b9266f63

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 3468
content-type: text/html; charset=UTF-8
date: Sat, 21 Sep 2024 02:24:33 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Sat, 21 Sep 2024 02:24:33 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./login
pragma: no-cache
server: nginx

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ 157 KB
26 KB 62ms
10ms Stylesheet
text/css 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
age: 3033591
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-eddf8230037-FRA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26099
x-jsd-version: 4.5.3

GET
H2 200 helpers.css
santander.app-parametros.com/assets/css/ 41 KB
5 KB 38ms
36ms Stylesheet
text/css 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to

Full URL: https://santander.app-parametros.com/assets/css/helpers.css
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/login

Response headers

cache-control: max-age=315360000
content-encoding: gzip
etag: W/"66973118-a318"
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: text/css
last-modified: Wed, 17 Jul 2024 02:48:56 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 style.css
santander.app-parametros.com/assets/css/ 11 KB
3 KB 38ms
37ms Stylesheet
text/css 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to

Full URL: https://santander.app-parametros.com/assets/css/style.css
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 75d98ec796d5c560f5ad1ac6584cf91d63f3bda996babec81438ac45a96f23b7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/login

Response headers

cache-control: max-age=315360000
content-encoding: gzip
etag: W/"66973118-2b81"
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: text/css
last-modified: Wed, 17 Jul 2024 02:48:56 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 logooo.png
santander.app-parametros.com/assets/img/ 21 KB
21 KB 47ms
46ms Image
image/png 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://santander.app-parametros.com/assets/img/logooo.png
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: b9738c7a53517a8c02692b7098061982b7fd5ddbcc94a3df650dcec4934bd5fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/login

Response headers

cache-control: max-age=315360000
etag: "66973118-52fc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 21244
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: image/png
last-modified: Wed, 17 Jul 2024 02:48:56 GMT
server: nginx

GET
H2 200 eye.png
santander.app-parametros.com/assets/img/ 709 B
884 B 60ms
60ms Image
image/png 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://santander.app-parametros.com/assets/img/eye.png
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 1cc2ac498cda33559a5640e94f39948c62a29df668df94bee6a22d289bd4f45e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/login

Response headers

cache-control: max-age=315360000
etag: "66973118-2c5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 709
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: image/png
last-modified: Wed, 17 Jul 2024 02:48:56 GMT
server: nginx

GET
H2 200 keyboard.png
santander.app-parametros.com/assets/img/ 457 B
632 B 22ms
15ms Image
image/png 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://santander.app-parametros.com/assets/img/keyboard.png
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 863dc19bde245c645cafdb6136e0d0daf125f6fe969fa3d35663b1a780c308a8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/login

Response headers

cache-control: max-age=315360000
etag: "66973118-1c9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 457
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: image/png
last-modified: Wed, 17 Jul 2024 02:48:56 GMT
server: nginx

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 32ms
6ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/

Response headers

content-encoding: gzip
etag: W/"28feccc0-15d84"
age: 2042204
x-cache: HIT, HIT
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-cache-hits: 9, 230157
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-served-by: cache-lga21981-LGA, cache-fra-eddf8230111-FRA
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1726885474.932801,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30879
server: nginx

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ 82 KB
23 KB 12ms
6ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js

Requested by

Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
age: 1305148
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230037-FRA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23383
x-jsd-version: 4.5.3

GET
H3 200 all.min.js Show response
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/ 1 MB
355 KB 37ms
18ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js

Requested by

Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5f7b5b5f-123bd0"
age: 127107
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r9pI%2FuCoF8khyStw664y00CQ4H1nUUL9rxqg9m660YOb8vnZOXWn4gm0EQvG0vCdzAAC2kANbscJORSubK95Pa1k8hV2TT2%2BpWriUbQBgAiervpZjSGlExBnKI55EaZ9TZkoeTICxdck1VNYN4tksylY"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 11 Sep 2025 02:24:33 GMT
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c6699840f1f1cb7-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 362308
server: cloudflare

GET
H3 200 jquery.payment.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/ 8 KB
3 KB 34ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js

Requested by

Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03ec3-210b"
age: 817352
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vrnUmTpMIlPm3Nfyuposx9ZLtQ2rApNuwChf9W%2FYfCa2NRi83JF14TU5pYPttFaUDLKx1ba9kYi96Tg6mvz5oujcSkXkTd3vH5meXT3UQJGsU36nvfT3Pg6BNY%2B74%2BmavqAmide12QEx3dJvK%2FTdOTW"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 11 Sep 2025 02:24:33 GMT
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:11:47 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c6699840f201cb7-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2420
server: cloudflare

GET
H2 200 script.js Show response
santander.app-parametros.com/assets/js/ 540 B
734 B 21ms
16ms Script
application/javascript 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to

Full URL: https://santander.app-parametros.com/assets/js/script.js
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 145d3068fdd7c77dd6a95ca97f834e99e07572db9f36fea83a4a17deada7669f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/login

Response headers

cache-control: max-age=315360000
etag: "66973118-21c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 540
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jul 2024 02:48:56 GMT
server: nginx

GET
H2 200 css2
fonts.googleapis.com/ 17 KB
2 KB 44ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap

Requested by

Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/assets/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

851699a18b631a7bd68efc99598701293a6065b463fced7b68d8d6d9227bd8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 21 Sep 2024 02:24:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 21 Sep 2024 02:24:33 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 21 Sep 2024 01:01:31 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 404 img.jpg
santander.app-parametros.com/assets/imgs/ 3 KB
3 KB 25ms
25ms Image
text/html 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://santander.app-parametros.com/assets/imgs/img.jpg
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/assets/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: d9cd6dfca94282619431285858508adf7a4552a70c2bb6dc4f30b0c83d9b1615

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/assets/css/style.css

Response headers

content-encoding: gzip
date: Sat, 21 Sep 2024 02:24:33 GMT
etag: W/"b96-62291a62cf2ac"
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: nginx
last-modified: Fri, 20 Sep 2024 19:00:13 GMT

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 27ms
7ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://santander.app-parametros.com
Referer: https://fonts.googleapis.com/

Response headers

age: 534193
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 14 Sep 2025 22:01:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 14 Sep 2024 22:01:20 GMT
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48236
x-xss-protection: 0
server: sffe

GET
H2 200 img1.jpg
santander.app-parametros.com/assets/img/ 273 KB
274 KB 19ms
18ms Image
image/jpeg 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://santander.app-parametros.com/assets/img/img1.jpg
Requested by: Host: santander.app-parametros.com
URL: https://santander.app-parametros.com/login
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: c3e14aabc7cfcf98c4f5743bc303e5edea12ba3c5681ec51932f6d7b56e1198f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/login

Response headers

cache-control: max-age=315360000
etag: "66973118-4458a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 279946
date: Sat, 21 Sep 2024 02:24:34 GMT
content-type: image/jpeg
last-modified: Wed, 17 Jul 2024 02:48:56 GMT
server: nginx

GET
H2 200 fav.png
santander.app-parametros.com/assets/img/ 2 KB
2 KB 17ms
16ms Other
image/png 178.215.236.184
STELLARGROUPSAS

General

Check archive.org

Show headers Download Go to

Full URL: https://santander.app-parametros.com/assets/img/fav.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.215.236.184 Ashburn, United States, ASN214961 (STELLARGROUPSAS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 7765a8af829d91265140999f86b0637dea8544566ae9a865bdd5b8db75c0b62f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://santander.app-parametros.com/login

Response headers

cache-control: max-age=315360000
etag: "66973118-7c0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 1984
date: Sat, 21 Sep 2024 02:24:34 GMT
content-type: image/png
last-modified: Wed, 17 Jul 2024 02:48:56 GMT
server: nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			santander.app-parametros.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: m2442rcoalmkra72kp3br7n3fi

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://santander.app-parametros.com/assets/imgs/img.jpg Message: Failed to load resource: the server responded with a status of 404 ()
recommendation	verbose	URL: https://santander.app-parametros.com/login Message: [DOM] Multiple forms should be contained in their own form elements; break up complex forms into ones that represent a single action: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
santander.app-parametros.com
178.215.236.184
2606:4700::6811:180e
2a00:1450:4001:809::2003
2a00:1450:4001:82f::200a
2a04:4e42:600::485
2a04:4e42:600::649
145d3068fdd7c77dd6a95ca97f834e99e07572db9f36fea83a4a17deada7669f
1cc2ac498cda33559a5640e94f39948c62a29df668df94bee6a22d289bd4f45e
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
75d98ec796d5c560f5ad1ac6584cf91d63f3bda996babec81438ac45a96f23b7
7765a8af829d91265140999f86b0637dea8544566ae9a865bdd5b8db75c0b62f
851699a18b631a7bd68efc99598701293a6065b463fced7b68d8d6d9227bd8e7
863dc19bde245c645cafdb6136e0d0daf125f6fe969fa3d35663b1a780c308a8
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
b9738c7a53517a8c02692b7098061982b7fd5ddbcc94a3df650dcec4934bd5fb
c3e14aabc7cfcf98c4f5743bc303e5edea12ba3c5681ec51932f6d7b56e1198f
d9cd6dfca94282619431285858508adf7a4552a70c2bb6dc4f30b0c83d9b1615
e1b6bf8e613fb045fe965b40de380392a94ebc4d09971d9880eca7d9b9266f63
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765

santander.app-parametros.com Open in urlscan Pro 178.215.236.184 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

83 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

799 kBTransfer

1934 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

santander.app-parametros.com Open in urlscan Pro
178.215.236.184 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

799 kB
Transfer

1934 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!