{"report_id":"edd525ec-f0f5-46ed-9225-0cc4519813af","version":0,"status":"done","tags":["santander","financial","phishing"],"date":"2026-07-02T12:49:06Z","url":{"schema":"http","addr":"santander-portugal.com","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"https","addr":"santander-portugal.com/steps/","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"title":"Netbanco Particulares - Santander","dom":{"size":135046,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (24271)","md5":"cdb4cab40b737cbd53fd7a56f43c420e","sha1":"597f048dfa8243ff43e79a96157cbadac554cd34","sha256":"fd5221b1c86d31fa6dc2fe8e1cd87b1ccb334b203fe9deeb31723edbb28b3ac9","sha512":"b88f04930bf2a7d753bd0cb7d0d882b489f19240baded8687200fe24a8691d4a0dd01b0e80b3234aaf885ac94da5b498fe36e12d0a57d1b42e20d7e8bbaaa3ff","ssdeep":"1536:DZafN5nmfZnW2Bg02qyM9npDEZMCbTUd9J5:DZpcM9Gy9J5","tlshash":"dad3215b78a1271ad6d3870996a27a997821ac9ffd334cecf10d63784fcc7e24c1164a","dom_hash":"domhash2aeb9fddd27c84492f3284d70422194a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"santander-portugal.com","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-06T12:49:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Santander","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Santander phishing","tags":["santander","financial","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Santander","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Santander phishing","tags":["santander","financial","phishing"],"meta":null}]},"summary":[{"fqdn":"vsb30.tawk.to","ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":958518,"first_seen":"2020-04-03T17:16:06Z","last_seen":"2026-06-29T12:48:20.895083Z","alert_count":0,"request_count":1,"received_data":417,"sent_data":1113,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"santander-portugal.com","ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2023-04-21T23:25:06Z","last_seen":"2023-12-15T18:38:35Z","alert_count":35,"request_count":10,"received_data":351389,"sent_data":5536,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"PHP:8.2.31","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"embed.tawk.to","ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":52083,"first_seen":"2014-03-19T21:03:49Z","last_seen":"2026-06-29T14:03:07.598914Z","alert_count":0,"request_count":22,"received_data":1155100,"sent_data":10934,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"va.tawk.to","ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":51316,"first_seen":"2017-01-30T04:20:46Z","last_seen":"2026-06-29T14:35:01.523925Z","alert_count":0,"request_count":2,"received_data":4136,"sent_data":1150,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Santander","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Santander phishing","tags":["santander","financial","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-common.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"33b4aa1c3e8720f37177d0abc91ba0b4","sha1":"066980b1ee9220209bcbb7ca65e26d5d7a6ad741","sha256":"e9644a3c75102bcee947d4142ca41570ec23b5cdf0265b1ba7ec77d33ca87b26","sha512":"448ed479d0f343eeebbca9a3a8b92075c375fcd87b323af828b248c3122e2b3f7432deb0c84d3f1b45c194b35ccea8a62d67368b39625c035fd0863cc18395c2","ssdeep":"3072:GEIYgadYqhzhTodiWFW1Wc8fMqAOyCkjQiuIRxLMz9+Z15:dciWFW1WNfMqA8khLMz9o15","tlshash":"7034c69df186b47606a37130501f320af23a685ab45ac4d4f636d8e1bd789cea133f79","size":242008,"data":"","first_seen":"2026-07-02T06:23:48.245619Z","last_seen":"2026-07-03T00:44:15.05758Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-7941cc06.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"060b43a60a7d242e48343a55959ccb86","sha1":"25646ea6d9ea3f884f53625fa06e3502bbd1902e","sha256":"8421f7d546464c427ae9eac17266e905eb13826114b0c391389393015180a892","sha512":"96f586d283a2a1b80ddd2e6b84447ea669924fd5d9f2b135cf0cd1a3f9cd8a854c9f60bcfa4d3dc18f18519ec92bdda00a981883da783f6b1367e0a35120dedf","ssdeep":"768:Vlxfu8+HYUmI+rT1Wf2z+y+Um/+VRJWf/W+Hc1lt7Gj67IW8/JGvgLCBxf6stK41:xfuro0f20UJWfO+Et7GZrC90k","tlshash":"3633d9cdb2d6f4258763632130af3006f27a4964a81dd155f334d8f6b9ece49a226f2d","size":54132,"data":"","first_seen":"2026-06-05T07:45:59.24269Z","last_seen":"2026-07-03T00:24:37.77933Z","times_seen":3012,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-2d224aff.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bdda51ae6cf2c4b3a6ffa58868b6f5cd","sha1":"1fb4e879fe104c9a9a114b83520ee29bb2fd1583","sha256":"50c9d6c7dcacd9ad4e3763676a49446658e2b638098439b54f6b63241d5f54d0","sha512":"4a587452388efb6ec462d1157362c766e3e1bfb56b68524065e5731356c18bda235cc7a9f64368217e3c098da0a2c7034a1a92cb257afb38f3ddc07b021a28df","ssdeep":"384:jqiSR0nIa0kIrCQl2kL3kCfGN//h6LiJq:SzP2DBSLi8","tlshash":"a5822ba6f149311bc925c750605f2228b33b19a9fa1ece7df2745df245a8cc2906af3d","size":18392,"data":"","first_seen":"2026-07-02T06:23:48.229792Z","last_seen":"2026-07-03T00:44:15.018607Z","times_seen":65,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-2d0c8092.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"530951348f352d2723b92c69879395ec","sha1":"6f9bb7ad9952e74c78bdf7c2450e5efbde88445e","sha256":"c21a4a2151aa9ff94526ad8d6ba3c05b8b58815a12b4d5b337188d9a0c7374b8","sha512":"f7732ebe383df62bb2bebdedf73eb3b5f274b5cc48c5c663af724086000736e44cc078e7e381abf96791e6a5b7a6ffe6c4343c2345283493d4d111b88204f020","ssdeep":"96:zNC9Hqt7pEma7hY/rcKWJBPDRIv6hJQ7i16p3n4vkjvxQcsD:zKHhNYULRIvgx43nVY","tlshash":"53b1859af24bb45ac156225150ef3b1df33a281ca61ccdc4b66565f218784cba077b39","size":5261,"data":"","first_seen":"2026-07-02T06:23:48.165934Z","last_seen":"2026-07-03T00:44:14.971996Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-main.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da5bb1dc647470204df0e49f5afac2de","sha1":"f5cbf596ca5e4fe208e4c55af6e45b71f9febbe8","sha256":"705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c","sha512":"d9c0eda8c93df421f8147960ff4b00f8eacd8791b8386b020f04d0478c6b7a4328767a82b52b8cfbb7c3a44cb55cec488c2d1008670bee709d67d8bdbd887c39","ssdeep":"","tlshash":"d4b09b6c1057f86955e8064ed3b7f65d1d961050811104301658a1753321143c61c55b","size":121,"data":"","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-07-03T00:16:07.007841Z","times_seen":88588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-vendor.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3b341e35b39f6195793ecaf5db7c1d63","sha1":"3ef56ed9ac8bfbf5347dc4592653703f59763083","sha256":"548669d6434f5204dca25b9a6f8a02f63301b8c1b58a717b91fec8b6c2918305","sha512":"6b222121b74ffeabd4de7b69f354ad25283d0989376e8e3f6d97f829e28175291eab0a535ca77c22d3f65595250ad9ad3909525c2eb74bf9783f4955c3d7cde2","ssdeep":"768:kURUFvX9zXAfE4dm9+fuDosXRfMySUHM1ONdYO31hY6d/o6cyO4fefHvSAW64F:kURUZXGfzd1uU+8ODY6JORfHBWJF","tlshash":"b483e6dcb295b57117ab20b5417f050bf33a7815a80ac0a4f266f4da7c7848ea06bf7d","size":82913,"data":"","first_seen":"2024-03-08T05:46:53Z","last_seen":"2026-07-03T00:24:37.752347Z","times_seen":62104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-2d0d2b7c.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c2091a992e4303600967e53388cb5c8","sha1":"70cb06404a117829d3c53f5890077f5ff82957c9","sha256":"52edf640b5358d2e388d34d85bae2bf9973c26383165c4187da4e98b7703233a","sha512":"4d379fa96658dead5908f119d36ff91db8ec34d145fad5888370bd681ec575615351eaa0336fba48e4ad102b84e07881286bb1a958ec15ac36f86677de149d15","ssdeep":"192:0CFny7CpmYbZTxcwr40v0zSrj5D6/L6LvGokD36b4hwseQ:08mCTZTJr40v0GF/LvV4hwsR","tlshash":"9332a6b7e0a1107ea316871c106fa610f61f6c8ab2561da5ba7ab46f900ddcfc065f7c","size":10918,"data":"","first_seen":"2026-04-21T04:02:24.334927Z","last_seen":"2026-07-03T00:44:15.100201Z","times_seen":10291,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-3ea2c7ce.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"52698c6dc96b5f2bd13e8f921334e398","sha1":"eb0adbc44ebc73775c5cca0a3851e8a6510d360c","sha256":"37527b07ac54a4567d7e23bde1edfde8ed74c4f30402c96fb56f4c0020c6af42","sha512":"032e41ececcfc651f34c235d15953baacb81e7cfaf492dd919c7fca2a7c49d507ae4a60710064c5419df70eb581254058dffbf1d0d4c53ef47d87bce4e036524","ssdeep":"96:60WlCWYW5rugkENQdx0hZUASzpqrcHZ73abT3Qlgjm6i5cCEsK7oGuyGwDf/2/5N:XBTW5qgNQdAR7c573abF8cCEsK72/5N","tlshash":"b5b11982b251b4668ab5380045cf6f07b07baf4f5d09cd50d783e4a3b230c5a9667e8c","size":5504,"data":"","first_seen":"2025-11-13T12:40:48.559139Z","last_seen":"2026-07-03T00:24:37.777984Z","times_seen":38499,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-4fe9d5dd.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8249fafc9a9fbe0f75d4bef0aae2305a","sha1":"fab6dda0967dfbaf8ba0cfe5cfade8e150d1735d","sha256":"69b650b4d6479fd29987836a9b74147aade85cc9c50024bcacd5dfb2cb793e8d","sha512":"d0bc9a750061e5b4b761db081656b0e1e655126a413aaa22e87ce14cdfaeac34d532acd08eb0d61274707212871f6d84369b8b2a1a6d3e6c3bfd3d4167afa865","ssdeep":"","tlshash":"f9110248f056b8fcdc8af64288df143034627d4a898cf9e6f5f0aad405555ab312bb5f","size":1000,"data":"","first_seen":"2025-04-29T08:39:38.372752Z","last_seen":"2026-07-03T00:24:37.778684Z","times_seen":46123,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-2d0da3af.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"331e0040ebe91244c0d8393531409223","sha1":"02ddad15623953a17b85e0e8620cb414d2eacac9","sha256":"de5460c7c57fb0d7b845ded9b1950f3664f177253bdf80dd868460a6bf53e19f","sha512":"04e6a2589f6fab5eba5be614db4ba48fffa20e08797d32e9c9f3892041f1ae76f561bcc9e97dc1e04d3f27f31d3f6628552ec35b86228a3b14fba34a2c75700c","ssdeep":"384:UJw/U5YK8Hx9KJwThWazJbUZDkM0kWEYPk6F+UtKM5eH:6+9KJwThWazJbUZDkM0kWEYPk6F+92eH","tlshash":"3752d6a7b2a4782d42379712308f3204f33b7d45b215da19f36edcea4aa84c16056f3e","size":14213,"data":"","first_seen":"2026-07-02T06:23:48.249937Z","last_seen":"2026-07-03T00:44:15.01264Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/files/jquery.js","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-07-03T00:51:58.168966Z","times_seen":486594,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/690112fbb22c021953b6327e/1j8m349ri","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1fc10ac6974327752097a7fc3b22edf9","sha1":"dbb164031be9d61dc698d8c989f641690666b41f","sha256":"f9e7a24af1b54793d89d9dc0db00c011376794a46c3cd8e863b93dcf8287dc8a","sha512":"cf2e6ce0742a9c487611174326ec33a3d01089fb780ab3c40816c7466028b3f7ecb367492da7e7c0157ccdc668815e093cbdd8de1430e5e39a1b9be6ce561960","ssdeep":"","tlshash":"da41d1e35b8f6d5be32510d80caefd0e74bb22f64dd85cd287080452f295bad668dd28","size":2123,"data":"","first_seen":"2026-07-02T12:49:09.964257Z","last_seen":"2026-07-02T12:49:09.964257Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-app.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e736e189edb5d0d9d5b8e7f23dd9114a","sha1":"bcabee193f13756fa9154fc492fe420c47140343","sha256":"13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd","sha512":"ea972884c185633ea238bdacea6ac9da0e0e92f88588cd85c214514c3597bc7d811c4dc4cd35b671dd2db97179bedceb38bd5d200abb9653fbcaeac2ca6ec7b5","ssdeep":"","tlshash":"a0c080ac1496fc9c1674154a8377f54a5cd510108055141015d851a11311546560c54d","size":151,"data":"","first_seen":"2023-03-07T01:02:46Z","last_seen":"2026-07-03T00:16:07.029598Z","times_seen":88622,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-vendors.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2fecc9d90ae6ad7f85d676e274e5d4a5","sha1":"0e1300fb36969ed28db617c9bba0c8d0bff72c8e","sha256":"db389f4bb5872ace6ade114d9a15d1afc02e7d411680f6f98fa5a350b0b4ee5c","sha512":"e5fe2e55710dccb04046bf588c1cdfd27a153447b5a8f818af6e4f536abc89f4e38f242c117a4a6f2214a017653008272075811e9a40a5718a08b3900ecd71a0","ssdeep":"6144:jzicBg7MOpWK+1ZWwehNo4TR+5Ar6k+WS:nicBgoO27WwKvC","tlshash":"39744cc8f193b0b946e2a2a5009f5207737b052968e88494f574dfe968e8d5c637bf3c","size":348923,"data":"","first_seen":"2026-05-25T09:57:47.440233Z","last_seen":"2026-07-03T00:44:15.074504Z","times_seen":5336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-6289ff8e.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c58d6a40c2cb323d6a536b775acc6986","sha1":"c797d8fec876da5957982c07a76aae351e1e2981","sha256":"10b3462dd0ca5e62dfc76d7329377ac426f40a87f6d38e2fb6c8434ae016315e","sha512":"3abb64ee0eed2693f888e562d1a0be2526b39ec090baf25e4b713a157f96f31ff1d941bc40ce36b302df9582c2dd5185c029b0ec922b056a4a2290ded5e19147","ssdeep":"1536:BigMTWFu196woffn32j8DegaOqbWbaGlDluK1kVYvdZPkx3u4V5pfYMrlSf:4nmuTcgGHiLx3u4V5pPrlSf","tlshash":"c6a3096ef091b47d8993d26120af3212f3363d55a919d0a8f234cdf859d89c9a127f3e","size":107136,"data":"","first_seen":"2026-07-02T06:23:48.16343Z","last_seen":"2026-07-03T00:44:15.030983Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/steps/","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":true,"md5":"8ceac7f5422bd74914b1e2a351630828","sha1":"75fdc617be0873ee814a4aff6c7ebcdbe5d03b9c","sha256":"8dc38b2a50b05d42d2541ba1a799cc07dc81bd20dba683f5d981ca72daccb3ec","sha512":"08496c837f313c501472ba4df96dc5536a01f3a69b8b7705563aad1cec84e4e043c4e86e95baaaf9f4bcfe0f9e87e7787bdb81f537565f765a527d3d79c679cd","ssdeep":"","tlshash":"4e11102c79a028b88647223a1b3f63483c305623245bc548bc6de6702f29c031d6eb9e","size":981,"data":"","first_seen":"2026-07-02T12:49:09.971633Z","last_seen":"2026-07-02T12:49:09.971633Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/steps/","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":true,"md5":"6dd57418f9227f6e86a1c82edc4d18cb","sha1":"3c0873bdad08292d45700f5fc4d5fb398d7f83a0","sha256":"7e384593962df608a77ee2330c828801a5783200ab52180143a93d119c18cf36","sha512":"6ddfb567bd8dd43a83e03893840202e62dd3b13aea72b238dab57f8b26305921a71d22edcc6fbad7d00fa1e33c9e6549feaf1bac50c946d2b09423dafd21152d","ssdeep":"","tlshash":"7ee0682f29433c25a29ba1b727b7da4834a3302ba609c440bcdf48441f08d494554ea8","size":380,"data":"","first_seen":"2026-06-12T09:35:13.047676Z","last_seen":"2026-07-02T12:49:09.973965Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-runtime.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f042fed46bb04fcecadf64fd200d4834","sha1":"60942d472138fa65026e4cda737d315020190366","sha256":"d25f4ce04d7b57cc32e37bf43f4007785ab4774fdecfd7dbb8f5bdd47da9c803","sha512":"048b43481b2602c57dab916cfadadb27faf7e6817a8584c3217e7be1cf97c6b54b46219d41d587d46dd8104c6747aa9ac51f7719ceb6462f5056d1c3931edabc","ssdeep":"","tlshash":"754183d936e8f9ba834318e1043fa016f6352976097be4c0531dd4f5bc78c49815afb6","size":2306,"data":"","first_seen":"2026-07-02T06:23:48.050746Z","last_seen":"2026-07-03T00:44:15.045266Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"santander-portugal.com/files/SantanderTextW05-Regular.woff","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.241Z","timestamp":1782996523241,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /files/SantanderTextW05-Regular.woff HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/steps/\r\nCookie: PHPSESSID=gjgbrloag22916sl911v7sp68k\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\ncontent-type: font/woff\r\ncontent-length: 69352\r\nlast-modified: Wed, 12 Feb 2025 13:52:40 GMT\r\netag: \"67aca7a8-10ee8\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":69352,"size_decoded":69603,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 69352, version 0.0","md5":"3007e13054b230e9ccd5e4f506ee64fe","sha1":"e9d048202f4ba5aac599d6d6189389fb1b992b70","sha256":"2d2d2cfd7a36307f8ca530948d454dcd9f706830b7c18ee0cc4fa3ec16d96091","sha512":"2bb7c20d6e519056b187d21abba465112ff821c359b9a4f5bfdfcd40d7049a1d54b0977fdbaf0ef52ae13ecb355be5bf01de943cdfea2dc2c92dd71ddf3a4ac7","ssdeep":"1536:3zyXiuGPgGtBENT+37PkwkbKDD5eoRlztr6Bbn:3m18gVNueqlztr2n","tlshash":"9f63c060d777c4d20bcf8232d2b0b76df72da228fa91807571bcd9b4b925688b4819cd","first_seen":"2023-04-12T23:53:21Z","last_seen":"2026-07-02T12:49:09.925878Z","times_seen":56,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Santander","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Santander phishing","tags":["santander","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"santander-portugal.com/ficheros/modern/images/icons/favicon-16x16.png","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.593Z","timestamp":1782996523593,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /ficheros/modern/images/icons/favicon-16x16.png HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/steps/\r\nCookie: PHPSESSID=gjgbrloag22916sl911v7sp68k\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":309,"size_decoded":352,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"cd504ef0e346bb68118578c7ca851213","sha1":"00d498911a98b758508d23f80bd54986efc83cbb","sha256":"4871e26e9cf8b1b46b5e75cf6e528165d7f37417c4e0889a317f5cbfccbf1309","sha512":"1e3a325ad96b24a0fe801b1933211d7fd39d164486477c7af1504299d3136390560e11dc7981c45457728ba945ff799bc766cb48984b0abf02898fc242c26349","ssdeep":"","tlshash":"48e07d8e4052538b041066503dc022d1364513eb747482e9a9c1c84351482bdc8a82ce","first_seen":"2026-07-02T12:49:09.927584Z","last_seen":"2026-07-02T12:49:09.927584Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-common.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.019Z","timestamp":1782996524019,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-common.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"33b4aa1c3e8720f37177d0abc91ba0b4\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nvary: accept-encoding\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc4332d42568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":242008,"size_decoded":68936,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65458)","md5":"33b4aa1c3e8720f37177d0abc91ba0b4","sha1":"066980b1ee9220209bcbb7ca65e26d5d7a6ad741","sha256":"e9644a3c75102bcee947d4142ca41570ec23b5cdf0265b1ba7ec77d33ca87b26","sha512":"448ed479d0f343eeebbca9a3a8b92075c375fcd87b323af828b248c3122e2b3f7432deb0c84d3f1b45c194b35ccea8a62d67368b39625c035fd0863cc18395c2","ssdeep":"3072:GEIYgadYqhzhTodiWFW1Wc8fMqAOyCkjQiuIRxLMz9+Z15:dciWFW1WNfMqA8khLMz9o15","tlshash":"7034c69df186b47606a37130501f320af23a685ab45ac4d4f636d8e1bd789cea133f79","first_seen":"2026-07-02T06:23:48.245619Z","last_seen":"2026-07-03T00:44:15.05758Z","times_seen":73,"resource_available":true,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":303,"receive":143,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"va.tawk.to/v1/session/start","fqdn":"va.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.717Z","timestamp":1782996524717,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"OPTIONS /v1/session/start HTTP/1.1\r\nHost: va.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://santander-portugal.com/\r\nOrigin: https://santander-portugal.com\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 200 \r\nx-served-by: visitor-application-preemptive-0h7p\r\naccess-control-allow-origin: https://santander-portugal.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 3600\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-allow-headers: content-type,x-tawk-token\r\ncache-control: public, s-maxage=600, max-age=600\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc4377d81568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":720,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T01:08:27.327091Z","times_seen":16927562,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-7941cc06.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.205Z","timestamp":1782996525205,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-7941cc06.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"060b43a60a7d242e48343a55959ccb86\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24374\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a8f7f0b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54132,"size_decoded":14771,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (54013)","md5":"060b43a60a7d242e48343a55959ccb86","sha1":"25646ea6d9ea3f884f53625fa06e3502bbd1902e","sha256":"8421f7d546464c427ae9eac17266e905eb13826114b0c391389393015180a892","sha512":"96f586d283a2a1b80ddd2e6b84447ea669924fd5d9f2b135cf0cd1a3f9cd8a854c9f60bcfa4d3dc18f18519ec92bdda00a981883da783f6b1367e0a35120dedf","ssdeep":"768:Vlxfu8+HYUmI+rT1Wf2z+y+Um/+VRJWf/W+Hc1lt7Gj67IW8/JGvgLCBxf6stK41:xfuro0f20UJWfO+Et7GZrC90k","tlshash":"3633d9cdb2d6f4258763632130af3006f27a4964a81dd155f334d8f6b9ece49a226f2d","first_seen":"2026-06-05T07:45:59.24269Z","last_seen":"2026-07-03T00:24:37.77933Z","times_seen":3012,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/steps/","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T12:48:42.860Z","timestamp":1782996522860,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /steps/ HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 23460\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=gjgbrloag22916sl911v7sp68k; path=/\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-powered-by: PHP/8.2.31, PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.2.31","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":125401,"size_decoded":23861,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (24271)","md5":"f83b68a61f45f1a6a3b78c52d8935175","sha1":"487e95a6251c4b7126b5d540211b40b2ad81d430","sha256":"7242e223ea8af4ffbc0824f9f644482fc4014e33c5c8970177412ae30fa046a6","sha512":"979a532c7766aede017be57223a1c4eebfca40688319f55a71506997602907cdb1a076ee5564178cb3819e93a126b510dfa53ccf66cd4f108e91712723060ead","ssdeep":"768:iZ5fN5nmfe1AyynWR9SlzfoYp4qoPur9cqzM4Oh4RpDE88BMN:iZ5fN5nmfZnW2Bg02qzM4xpDEZMN","tlshash":"7ec30b5b38a5271ae6d79709aaa279857810ac9ffd338cdcf00d63784fcc7e24c1564a","first_seen":"2026-07-02T12:49:09.935894Z","last_seen":"2026-07-02T12:49:09.935894Z","times_seen":1,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/files/jquery.js","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.146Z","timestamp":1782996523146,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /files/jquery.js HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/steps/\r\nCookie: PHPSESSID=gjgbrloag22916sl911v7sp68k\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\ncontent-type: text/javascript\r\nlast-modified: Wed, 12 Feb 2025 13:52:40 GMT\r\netag: W/\"67aca7a8-15d9d\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":89501,"size_decoded":30349,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-07-03T00:51:58.168966Z","times_seen":486594,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Santander","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Santander phishing","tags":["santander","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-app.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.025Z","timestamp":1782996524025,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-app.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript\r\netag: W/\"e736e189edb5d0d9d5b8e7f23dd9114a\"\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\ncf-ray: a14dc4332d44568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":151,"size_decoded":671,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"e736e189edb5d0d9d5b8e7f23dd9114a","sha1":"bcabee193f13756fa9154fc492fe420c47140343","sha256":"13cf82e6f9d48221cd55f8b3c3d206f7bdb83f291034b478e484ccfef7d500dd","sha512":"ea972884c185633ea238bdacea6ac9da0e0e92f88588cd85c214514c3597bc7d811c4dc4cd35b671dd2db97179bedceb38bd5d200abb9653fbcaeac2ca6ec7b5","ssdeep":"","tlshash":"a0c080ac1496fc9c1674154a8377f54a5cd510108055141015d851a11311546560c54d","first_seen":"2023-03-07T01:02:46Z","last_seen":"2026-07-03T00:16:07.029598Z","times_seen":88622,"resource_available":true,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/languages/en.json","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.709Z","timestamp":1782996524709,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/languages/en.json HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://santander-portugal.com/\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/json\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"17fa2497bdae7324a17eaedfe6fc8650\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nvary: accept-encoding\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc4377d7e568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11596,"size_decoded":4366,"mime_type":"application/json","magic":"JSON text data","md5":"17fa2497bdae7324a17eaedfe6fc8650","sha1":"27bce6a96d49d0077bc16228801a3089fce5be2a","sha256":"cce37a30801a132937edb0ac257f4ed917559c00d6a648716bd9ac406cfc62b1","sha512":"f4155fcb97d0180daa46cb293cd70f01b984c39f9895f76a0acc098b0c5f86f883378620e75f8fb79b0e0b1e5033e4ace16046bc48ca2a9c2127053ae48be305","ssdeep":"192:wmr65/bLHzPrquLUVid+BCzfF+npqpe9KvKGC6KEt1aZwf1E:fCbLHzxUVid+BEfF+np59t3Zwfi","tlshash":"98323169ce504ea702d29646399f35437624829b1f54342eb78c91ac0f8ec6fa1f77ce","first_seen":"2026-05-13T09:28:21.606546Z","last_seen":"2026-07-03T00:44:14.971323Z","times_seen":6807,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/css/message-preview.css","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.259Z","timestamp":1782996525259,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/css/message-preview.css HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 02 Jul 2026 06:02:09 GMT\r\netag: W/\"39f38fff97bceb6dd38d255228384ab9\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24373\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43aef850b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54016,"size_decoded":12895,"mime_type":"text/css","magic":"ASCII text, with very long lines (53968)","md5":"39f38fff97bceb6dd38d255228384ab9","sha1":"4f9d5ac34f834ec7f160fe555097691b45d47d39","sha256":"d9b57cfbaea5a38c3d279ba0a64a2fa0ccb499f94dfac8dc8845ac1c0f22f829","sha512":"cf1a36ed2530d962ee9a8013cfa3585dad4e85857e225c6a5670c92a574769d771b6a0f1ff2ae31c176ca078e7f747b704746996fe7dcbf826d906754e5545ed","ssdeep":"1536:fGUifm7kUdwddCriQiLc0Lg261F2BBCsEZf:J1V","tlshash":"cc3322b2f56710ccb363c22292d1f6bc202ae770d746ce96f427766c4ad12a63551fac","first_seen":"2026-01-16T00:46:03.995467Z","last_seen":"2026-07-03T00:24:37.767537Z","times_seen":30688,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/files/login-image-0.svg","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.158Z","timestamp":1782996523158,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /files/login-image-0.svg HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/steps/\r\nCookie: PHPSESSID=gjgbrloag22916sl911v7sp68k\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 13966\r\nlast-modified: Wed, 12 Feb 2025 13:52:40 GMT\r\netag: \"67aca7a8-368e\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13966,"size_decoded":14220,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e585d0b68c6e4977116b9aaed6d2e293","sha1":"b9fcd88fe806907b98a4ba1d9e5deda75b825c9c","sha256":"768a38021128a2657d6267b5681dc037f9cd59f7b3b2c42a9c39879811089b16","sha512":"8ed1b84df17c3e210b74acfe6cd2969a10d4d7025fe1d58ae4d498c6e4e21250bb7606ffdbc58b2f02703aee2cf10da9afaf6f99261aa422575cd10af7100592","ssdeep":"192:VOc/8I1zESHPlwtHUhe7l7PpljzeLUY3V3q+rqK3sx9G6DE:VJEI1ztPlwqhqhljzGUY3NeVxc3","tlshash":"00523ef120f89a94ae400340dbd99ce9163cf1ef716314d8b31d25b68fa05bb369e766","first_seen":"2023-05-04T14:35:32Z","last_seen":"2026-07-02T12:49:09.942537Z","times_seen":26,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Santander","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Santander phishing","tags":["santander","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"santander-portugal.com/ficheros/modern/images/icons/apple-touch-icon.png","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.592Z","timestamp":1782996523592,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /ficheros/modern/images/icons/apple-touch-icon.png HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/steps/\r\nCookie: PHPSESSID=gjgbrloag22916sl911v7sp68k\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":309,"size_decoded":352,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"cd504ef0e346bb68118578c7ca851213","sha1":"00d498911a98b758508d23f80bd54986efc83cbb","sha256":"4871e26e9cf8b1b46b5e75cf6e528165d7f37417c4e0889a317f5cbfccbf1309","sha512":"1e3a325ad96b24a0fe801b1933211d7fd39d164486477c7af1504299d3136390560e11dc7981c45457728ba945ff799bc766cb48984b0abf02898fc242c26349","ssdeep":"","tlshash":"48e07d8e4052538b041066503dc022d1364513eb747482e9a9c1c84351482bdc8a82ce","first_seen":"2026-07-02T12:49:09.927584Z","last_seen":"2026-07-02T12:49:09.927584Z","times_seen":1,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-main.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.009Z","timestamp":1782996524009,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-main.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript\r\netag: W/\"da5bb1dc647470204df0e49f5afac2de\"\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\ncf-ray: a14dc4331d3d568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121,"size_decoded":647,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"da5bb1dc647470204df0e49f5afac2de","sha1":"f5cbf596ca5e4fe208e4c55af6e45b71f9febbe8","sha256":"705186becc9e0a306a6b4867ae2768aa9dd3b8c12393d9f9c52029e9a6fcf31c","sha512":"d9c0eda8c93df421f8147960ff4b00f8eacd8791b8386b020f04d0478c6b7a4328767a82b52b8cfbb7c3a44cb55cec488c2d1008670bee709d67d8bdbd887c39","ssdeep":"","tlshash":"d4b09b6c1057f86955e8064ed3b7f65d1d961050811104301658a1753321143c61c55b","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-07-03T00:16:07.007841Z","times_seen":88588,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-vendor.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.011Z","timestamp":1782996524011,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-vendor.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"3b341e35b39f6195793ecaf5db7c1d63\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nvary: accept-encoding\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc4331d3e568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":82913,"size_decoded":32869,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65472)","md5":"3b341e35b39f6195793ecaf5db7c1d63","sha1":"3ef56ed9ac8bfbf5347dc4592653703f59763083","sha256":"548669d6434f5204dca25b9a6f8a02f63301b8c1b58a717b91fec8b6c2918305","sha512":"6b222121b74ffeabd4de7b69f354ad25283d0989376e8e3f6d97f829e28175291eab0a535ca77c22d3f65595250ad9ad3909525c2eb74bf9783f4955c3d7cde2","ssdeep":"768:kURUFvX9zXAfE4dm9+fuDosXRfMySUHM1ONdYO31hY6d/o6cyO4fefHvSAW64F:kURUZXGfzd1uU+8ODY6JORfHBWJF","tlshash":"b483e6dcb295b57117ab20b5417f050bf33a7815a80ac0a4f266f4da7c7848ea06bf7d","first_seen":"2024-03-08T05:46:53Z","last_seen":"2026-07-03T00:24:37.752347Z","times_seen":62104,"resource_available":true,"data":null}},"time_used":314,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-6289ff8e.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.207Z","timestamp":1782996525207,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-6289ff8e.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"c58d6a40c2cb323d6a536b775acc6986\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24373\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a8f800b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":107136,"size_decoded":27554,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c58d6a40c2cb323d6a536b775acc6986","sha1":"c797d8fec876da5957982c07a76aae351e1e2981","sha256":"10b3462dd0ca5e62dfc76d7329377ac426f40a87f6d38e2fb6c8434ae016315e","sha512":"3abb64ee0eed2693f888e562d1a0be2526b39ec090baf25e4b713a157f96f31ff1d941bc40ce36b302df9582c2dd5185c029b0ec922b056a4a2290ded5e19147","ssdeep":"1536:BigMTWFu196woffn32j8DegaOqbWbaGlDluK1kVYvdZPkx3u4V5pfYMrlSf:4nmuTcgGHiLx3u4V5pPrlSf","tlshash":"c6a3096ef091b47d8993d26120af3212f3363d55a919d0a8f234cdf859d89c9a127f3e","first_seen":"2026-07-02T06:23:48.16343Z","last_seen":"2026-07-03T00:44:15.030983Z","times_seen":62,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"wss://vsb30.tawk.to/s/?k=6a465e2dd6e4cc1741ca0f60\u0026cver=0\u0026pop=false\u0026asver=50\u0026tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI2OTAxMTJmYmIyMmMwMjE5NTNiNjMyN2UiLCJ2aWQiOiI2OTAxMTJmYmIyMmMwMjE5NTNiNjMyN2UtczRLMVNNZTVJak9lOFFzYmRpWHBRIiwic2lkIjoiNmE0NjVlMmRkNmU0Y2MxNzQxY2EwZjYwIiwiaWF0IjoxNzgyOTk2NTI1LCJleHAiOjE3ODI5OTgzMjUsImp0aSI6IlNCMUctREtjdDV6TTg0eHF5eUlwbCJ9.R5fiM8AtYWGd6N0m-jwZj2hg11kzGFfX4zh-21gyhLYGe_m6DqmP8D33Pe-MB7Rf0KFfzPKE-8_dayzc1e3KdQ\u0026EIO=3\u0026transport=websocket\u0026__t=PyYt-2F","fqdn":"vsb30.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.228Z","timestamp":1782996525228,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /s/?k=6a465e2dd6e4cc1741ca0f60\u0026cver=0\u0026pop=false\u0026asver=50\u0026tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI2OTAxMTJmYmIyMmMwMjE5NTNiNjMyN2UiLCJ2aWQiOiI2OTAxMTJmYmIyMmMwMjE5NTNiNjMyN2UtczRLMVNNZTVJak9lOFFzYmRpWHBRIiwic2lkIjoiNmE0NjVlMmRkNmU0Y2MxNzQxY2EwZjYwIiwiaWF0IjoxNzgyOTk2NTI1LCJleHAiOjE3ODI5OTgzMjUsImp0aSI6IlNCMUctREtjdDV6TTg0eHF5eUlwbCJ9.R5fiM8AtYWGd6N0m-jwZj2hg11kzGFfX4zh-21gyhLYGe_m6DqmP8D33Pe-MB7Rf0KFfzPKE-8_dayzc1e3KdQ\u0026EIO=3\u0026transport=websocket\u0026__t=PyYt-2F HTTP/1.1\r\nHost: vsb30.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-WebSocket-Version: 13\r\nOrigin: https://santander-portugal.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: NLjuRQ/8xVQVtjcunCqGJA==\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: Upgrade\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Thu, 02 Jul 2026 12:48:45 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: MfLNNngu6Fqfwgks4zLFJQ4emx4=\r\nSec-WebSocket-Extensions: permessage-deflate\r\nStrict-Transport-Security: max-age=0; includeSubDomains; preload\r\ncf-cache-status: DYNAMIC\r\nX-Content-Type-Options: nosniff\r\nServer: cloudflare\r\nCF-RAY: a14dc43add2e120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":417,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T01:08:27.327091Z","times_seen":16927562,"resource_available":true,"data":null}},"time_used":640,"timings":{"blocked":-1,"dns":16,"connect":15,"send":0,"wait":603,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T12:48:42.593Z","timestamp":1782996522593,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: /steps/\r\nx-powered-by: PHP/8.2.31, PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.2.31","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T01:08:27.327091Z","times_seen":16927562,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":164,"connect":20,"send":0,"wait":31,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/files/login_and_register.css","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.150Z","timestamp":1782996523150,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /files/login_and_register.css HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/steps/\r\nCookie: PHPSESSID=gjgbrloag22916sl911v7sp68k\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 12 Feb 2025 13:52:40 GMT\r\netag: W/\"67aca7a8-a992\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43410,"size_decoded":7418,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"3ffafedb2707cef73b56a742c5bc6945","sha1":"582b592c04d3eb755cdb9cf73d6ebb70fd360505","sha256":"185456303d594632fd02d0bf53587e7fd8c2be39c3dd9983166a646485d75b6e","sha512":"074e2155b16fd3be44d68c38c85ccdd2f2d5ed6d5943ff8c6b955626b6b262a743498d2b6e53ccdaf5ec9927a6ac405bec68670ca72d7da70b80a6172d158d24","ssdeep":"768:sqbFW/YHoDllk9oetCzzwVWvj/FTFfGv3FiFeBLSDfBFYfUW9wug4bXxLEMD6HyO:soClfebVWbpRe3ITDfBKfUWxg4bBLfrO","tlshash":"5b1312965eb31949b50bd15c6febd301f2285043a50ece787f8c7288cf491e19a6eb8d","first_seen":"2025-08-30T08:05:42.011813Z","last_seen":"2026-07-02T12:49:09.946566Z","times_seen":11,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/languages/pt.json","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.157Z","timestamp":1782996525157,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/languages/pt.json HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://santander-portugal.com/\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/json\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"26cfe5087510ee77af718d4cb9827109\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nvary: accept-encoding\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a3dcd568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12820,"size_decoded":5035,"mime_type":"application/json","magic":"JSON text data","md5":"55532a6b1d343fe1398ee94c67f7ac81","sha1":"c9d79a5501d1ef25b26c8c7724c019551bb0bf8f","sha256":"c895511bbc3c356df75f86dbb510924f85f8a32c974aadd9a714df7e905dc4f0","sha512":"85a52f254d9139a83589100479f55e56e0122cbf25d13062f3b673414a4e94d4f816fd78b5877c07cd22255cc3113dd69bf4d7a111c4fe3a206ab27fac166ced","ssdeep":"192:uGZR/jeKvgu0oAsBj1QjJZk74XiB7itWwVhwMgJ94FzKxtrnM5e9dMD85HvTKs3:v/Jvf1iiQ8w0Fkd6nM8MIpTKc","tlshash":"55423f55ce604eb7418693013a8b7453266041870f94b86abb5c86ae0fced6fe1f778d","first_seen":"2025-06-20T13:58:02.911561Z","last_seen":"2026-07-02T15:48:18.581282Z","times_seen":176,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":465,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-2d224aff.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.196Z","timestamp":1782996525196,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-2d224aff.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"bdda51ae6cf2c4b3a6ffa58868b6f5cd\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24373\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a7f7b0b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18392,"size_decoded":5824,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (18392), with no line terminators","md5":"bdda51ae6cf2c4b3a6ffa58868b6f5cd","sha1":"1fb4e879fe104c9a9a114b83520ee29bb2fd1583","sha256":"50c9d6c7dcacd9ad4e3763676a49446658e2b638098439b54f6b63241d5f54d0","sha512":"4a587452388efb6ec462d1157362c766e3e1bfb56b68524065e5731356c18bda235cc7a9f64368217e3c098da0a2c7034a1a92cb257afb38f3ddc07b021a28df","ssdeep":"384:jqiSR0nIa0kIrCQl2kL3kCfGN//h6LiJq:SzP2DBSLi8","tlshash":"a5822ba6f149311bc925c750605f2228b33b19a9fa1ece7df2745df245a8cc2906af3d","first_seen":"2026-07-02T06:23:48.229792Z","last_seen":"2026-07-03T00:44:15.018607Z","times_seen":65,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-2d0c8092.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.210Z","timestamp":1782996525210,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-2d0c8092.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"530951348f352d2723b92c69879395ec\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24373\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a9f810b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5261,"size_decoded":2631,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5261), with no line terminators","md5":"530951348f352d2723b92c69879395ec","sha1":"6f9bb7ad9952e74c78bdf7c2450e5efbde88445e","sha256":"c21a4a2151aa9ff94526ad8d6ba3c05b8b58815a12b4d5b337188d9a0c7374b8","sha512":"f7732ebe383df62bb2bebdedf73eb3b5f274b5cc48c5c663af724086000736e44cc078e7e381abf96791e6a5b7a6ffe6c4343c2345283493d4d111b88204f020","ssdeep":"96:zNC9Hqt7pEma7hY/rcKWJBPDRIv6hJQ7i16p3n4vkjvxQcsD:zKHhNYULRIvgx43nVY","tlshash":"53b1859af24bb45ac156225150ef3b1df33a281ca61ccdc4b66565f218784cba077b39","first_seen":"2026-07-02T06:23:48.165934Z","last_seen":"2026-07-03T00:44:14.971996Z","times_seen":63,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/css/branding-widget.css","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.273Z","timestamp":1782996525273,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/css/branding-widget.css HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 02 Jul 2026 06:02:09 GMT\r\netag: W/\"fe979c92a5ad992510e5629b84a23526\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24361\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43aff870b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19329,"size_decoded":4799,"mime_type":"text/css","magic":"ASCII text, with very long lines (19281)","md5":"fe979c92a5ad992510e5629b84a23526","sha1":"4fee6cd9de53fa82feef4042aa83202f4cd194a5","sha256":"de84306c96c98314e1a796f26df99a70f20590c535a678215d89560007b4dacf","sha512":"633913cef35247da29e85dde7c279353761606e6c508690d4d5924aa89f563354e44c51b053f785800fd3b599feb8fd2d69a2fe55162b4ccab95c84f8ed8739d","ssdeep":"192:XeI2u2acuBLZNgxYe4fbfYLFFDw25lYVRgtUramxi71NZcFRKV7:uTTacuVZNgxYe4fbgL3w23U3xi7vD1","tlshash":"af92dca3b9e310dcd557c632c0d1f67ca82f9a24c357c6e3a9037bb986827d7264198c","first_seen":"2025-05-21T12:18:34.239407Z","last_seen":"2026-07-03T00:24:37.808294Z","times_seen":36398,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-3ea2c7ce.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.199Z","timestamp":1782996525199,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-3ea2c7ce.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"52698c6dc96b5f2bd13e8f921334e398\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24374\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a8f7c0b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5504,"size_decoded":2975,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5496), with no line terminators","md5":"52698c6dc96b5f2bd13e8f921334e398","sha1":"eb0adbc44ebc73775c5cca0a3851e8a6510d360c","sha256":"37527b07ac54a4567d7e23bde1edfde8ed74c4f30402c96fb56f4c0020c6af42","sha512":"032e41ececcfc651f34c235d15953baacb81e7cfaf492dd919c7fca2a7c49d507ae4a60710064c5419df70eb581254058dffbf1d0d4c53ef47d87bce4e036524","ssdeep":"96:60WlCWYW5rugkENQdx0hZUASzpqrcHZ73abT3Qlgjm6i5cCEsK7oGuyGwDf/2/5N:XBTW5qgNQdAR7c573abF8cCEsK72/5N","tlshash":"b5b11982b251b4668ab5380045cf6f07b07baf4f5d09cd50d783e4a3b230c5a9667e8c","first_seen":"2025-11-13T12:40:48.559139Z","last_seen":"2026-07-03T00:24:37.777984Z","times_seen":38499,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/css/min-widget.css","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.248Z","timestamp":1782996525248,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/css/min-widget.css HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 02 Jul 2026 06:02:09 GMT\r\netag: W/\"af9830eef563b4df395870a483ce549c\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24373\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43acf840b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36092,"size_decoded":8710,"mime_type":"text/css","magic":"ASCII text, with very long lines (36049)","md5":"af9830eef563b4df395870a483ce549c","sha1":"2c678a245c7b8984569447c9bbfe182583ef7e56","sha256":"5d919993a3fe6ec4c27ec6696b643900c02b95584a4a21a518eb8809edf12531","sha512":"16416617f0c79b40d196c1a7df699f1e01a130e3df75a4f437b4adfc04fa666ac7987d080bbfe759b849bd81860e6bab5b2af02356a8814f0dd1fa9a64b726d4","ssdeep":"384:uTTacuVZNgxYe4fbgL3w23U3xi7vxEbXR+ziLwH0Lg26/tFTiBB6TX3DYC8:yeyna+ziLwH0Lg261F2BBCX3DZ8","tlshash":"47f2bef1f4b700c8b363c122c3d5f67c6459b770ca86ce92f427666c49e16a63581abc","first_seen":"2025-05-21T12:18:34.219676Z","last_seen":"2026-07-03T00:24:37.795458Z","times_seen":45989,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/files/santander-logo-red.svg","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.156Z","timestamp":1782996523156,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /files/santander-logo-red.svg HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/steps/\r\nCookie: PHPSESSID=gjgbrloag22916sl911v7sp68k\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 3011\r\nlast-modified: Wed, 12 Feb 2025 13:52:40 GMT\r\netag: \"67aca7a8-bc3\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":3011,"size_decoded":3263,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6be2506c31b65614e7bc3acc8dd0c2df","sha1":"ae45dbd73b311e5ecd61247a5eac95519c2f3ca0","sha256":"5ba78ace4566a255ad507449ba7d10f5013f5e6ef6bc027dfcf762c3817aeac2","sha512":"7d94a38f30fa8276758b7672fa6db1dbc95b8218243a872c8291830962abbd1665f40e776d9726bb7bb3b95d33c99b73dc7fae552ca707a8ad1c9672905441dc","ssdeep":"","tlshash":"f651437383a592f498c44f1c1b5071a873e6ae55b0b296c86b7f1454fc489e3527ccf9","first_seen":"2023-05-04T14:35:32Z","last_seen":"2026-07-02T12:49:09.952839Z","times_seen":43,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Santander","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Santander phishing","tags":["santander","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-runtime.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.020Z","timestamp":1782996524020,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-runtime.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"f042fed46bb04fcecadf64fd200d4834\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nvary: accept-encoding\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc4332d43568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2306,"size_decoded":1752,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2306), with no line terminators","md5":"f042fed46bb04fcecadf64fd200d4834","sha1":"60942d472138fa65026e4cda737d315020190366","sha256":"d25f4ce04d7b57cc32e37bf43f4007785ab4774fdecfd7dbb8f5bdd47da9c803","sha512":"048b43481b2602c57dab916cfadadb27faf7e6817a8584c3217e7be1cf97c6b54b46219d41d587d46dd8104c6747aa9ac51f7719ceb6462f5056d1c3931edabc","ssdeep":"","tlshash":"754183d936e8f9ba834318e1043fa016f6352976097be4c0531dd4f5bc78c49815afb6","first_seen":"2026-07-02T06:23:48.050746Z","last_seen":"2026-07-03T00:44:15.045266Z","times_seen":73,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"va.tawk.to/v1/widget-settings?propertyId=690112fbb22c021953b6327e\u0026widgetId=1j8m349ri\u0026sv=null","fqdn":"va.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.699Z","timestamp":1782996524699,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /v1/widget-settings?propertyId=690112fbb22c021953b6327e\u0026widgetId=1j8m349ri\u0026sv=null HTTP/1.1\r\nHost: va.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://santander-portugal.com/\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nx-served-by: visitor-application-preemptive-c9z0\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3600\r\naccess-control-allow-methods: GET,OPTIONS\r\naccess-control-allow-headers: content-type,x-tawk-token\r\ncache-control: public, max-age=7200, s-maxage=1800\r\netag: W/\"2-49-0\"\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\ncf-ray: a14dc4376d7d568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2757,"size_decoded":1840,"mime_type":"application/json","magic":"JSON text data","md5":"13bb65ce38edc14b7f969902afa14188","sha1":"50dbadc304ba58fb0938366345866ad9defdb499","sha256":"2d845a694c3e60dc2415c3851027d42d3afdff9c0ac74d10c2a1f46105633953","sha512":"82f39342f9f54aeb9f38a0c8db5bb6cb14a3f3ba083820431617a3ccc766f1465acc0111045c55b1f9ce144dd50826a61c9a79178c25947fb429ceeca5f8aeb5","ssdeep":"","tlshash":"6051662b48159d3cab8d865371ef7b17793ca126b384550de0dc993c83e758d231175b","first_seen":"2026-07-02T12:49:09.95722Z","last_seen":"2026-07-02T12:49:09.95722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":0,"dns":2,"connect":1,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/languages/en_dev.json","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.711Z","timestamp":1782996524711,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/languages/en_dev.json HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://santander-portugal.com/\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/json\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"73eea1de9215521cb137b51419ba55a9\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nvary: accept-encoding\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc4377d7f568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10839,"size_decoded":4359,"mime_type":"application/json","magic":"JSON text data","md5":"73eea1de9215521cb137b51419ba55a9","sha1":"a8876b573146cd5450adc92a5450febea8d33f22","sha256":"df1d970dbd95be40780e8c006102fa7892bfe26bc989ee0c9222b089038542ee","sha512":"277849fa8a9d59430663b5c1aac29a198436731ab59bc5968ed9fcfb839f00a31e6e278c3c78547f6e1c20d94847963375de011be6493af268a7bac25cd15257","ssdeep":"192:ImwHq/LrnzPLEgIE1iN+xiDgGOy+HpVHnKWyay8V1K5Av+cE:s6LrnzCE1iN+xkDOy+Hp8/5Avy","tlshash":"c7224269ce504ea702c29647399f35437624429b1f54382eb78891ac0f8ec6f71f779e","first_seen":"2026-02-18T09:54:55.751197Z","last_seen":"2026-07-03T00:24:37.811631Z","times_seen":24521,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-2d0da3af.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.201Z","timestamp":1782996525201,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-2d0da3af.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"331e0040ebe91244c0d8393531409223\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24374\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a8f7d0b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14213,"size_decoded":5489,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14213), with no line terminators","md5":"331e0040ebe91244c0d8393531409223","sha1":"02ddad15623953a17b85e0e8620cb414d2eacac9","sha256":"de5460c7c57fb0d7b845ded9b1950f3664f177253bdf80dd868460a6bf53e19f","sha512":"04e6a2589f6fab5eba5be614db4ba48fffa20e08797d32e9c9f3892041f1ae76f561bcc9e97dc1e04d3f27f31d3f6628552ec35b86228a3b14fba34a2c75700c","ssdeep":"384:UJw/U5YK8Hx9KJwThWazJbUZDkM0kWEYPk6F+UtKM5eH:6+9KJwThWazJbUZDkM0kWEYPk6F+92eH","tlshash":"3752d6a7b2a4782d42379712308f3204f33b7d45b215da19f36edcea4aa84c16056f3e","first_seen":"2026-07-02T06:23:48.249937Z","last_seen":"2026-07-03T00:44:15.01264Z","times_seen":61,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-4fe9d5dd.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.202Z","timestamp":1782996525202,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-4fe9d5dd.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"8249fafc9a9fbe0f75d4bef0aae2305a\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24298\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a8f7e0b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1000,"size_decoded":1080,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1000), with no line terminators","md5":"8249fafc9a9fbe0f75d4bef0aae2305a","sha1":"fab6dda0967dfbaf8ba0cfe5cfade8e150d1735d","sha256":"69b650b4d6479fd29987836a9b74147aade85cc9c50024bcacd5dfb2cb793e8d","sha512":"d0bc9a750061e5b4b761db081656b0e1e655126a413aaa22e87ce14cdfaeac34d532acd08eb0d61274707212871f6d84369b8b2a1a6d3e6c3bfd3d4167afa865","ssdeep":"","tlshash":"f9110248f056b8fcdc8af64288df143034627d4a898cf9e6f5f0aad405555ab312bb5f","first_seen":"2025-04-29T08:39:38.372752Z","last_seen":"2026-07-03T00:24:37.778684Z","times_seen":46123,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"santander-portugal.com/files/nbp_popin.css","fqdn":"santander-portugal.com","domain":"santander-portugal.com","tld":"com"},"ip":{"addr":"102.135.105.190","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.151Z","timestamp":1782996523151,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santander-portugal.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Jul 2026 16:38:56 GMT","end":"Tue, 29 Sep 2026 16:38:55 GMT"},"fingerprint":{"sha1":"C9:8D:8F:C9:77:22:9E:FD:75:D7:9E:C6:A5:16:58:5C:7B:D8:6A:A8","sha256":"F7:45:37:19:7E:4F:25:25:E9:38:0B:7F:C2:D7:2C:32:AF:38:55:92:DE:91:40:F3:88:64:62:D3:49:47:AE:7B"}}},"request":{"raw":"GET /files/nbp_popin.css HTTP/1.1\r\nHost: santander-portugal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/steps/\r\nCookie: PHPSESSID=gjgbrloag22916sl911v7sp68k\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 12 Feb 2025 13:52:40 GMT\r\netag: W/\"67aca7a8-ebc\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3772,"size_decoded":1274,"mime_type":"text/css","magic":"ASCII text","md5":"6d4f4b391adfc2a3a83d91c8f0ef4bb3","sha1":"ee46ca4cb25b8367cf10f684fbb81b4b35184e99","sha256":"a19999a6c4c3ced7c5b10218a9c57b2dbc23284893ca44c9e3ff15cfa1379386","sha512":"c2b1ff5a21513dd227b30e8fe4afcd5f13d310db6a2d12b9d55f25e5c43f18b920dcf8c52241e33dafb3ad89ca8af2dc24f312d527a60973295d2f19f7c6ffb8","ssdeep":"","tlshash":"517130c6ce632941f40aa05a3bfb8724231c5697715fec2a3ad9b509cfc529ca171fc9","first_seen":"2023-05-25T14:35:52Z","last_seen":"2026-07-02T12:49:09.963178Z","times_seen":16,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"santander-portugal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Santander","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Santander phishing","tags":["santander","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"embed.tawk.to/690112fbb22c021953b6327e/1j8m349ri","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:43.481Z","timestamp":1782996523481,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /690112fbb22c021953b6327e/1j8m349ri HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-type: application/x-javascript\r\npriority: u=3,i=?0\r\ncache-control: public, max-age=7200, s-maxage=3600\r\netag: W/\"stable-v4-6a45feba358\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ndate: Thu, 02 Jul 2026 12:48:43 GMT\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc42fed1e568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2123,"size_decoded":1217,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text","md5":"1fc10ac6974327752097a7fc3b22edf9","sha1":"dbb164031be9d61dc698d8c989f641690666b41f","sha256":"f9e7a24af1b54793d89d9dc0db00c011376794a46c3cd8e863b93dcf8287dc8a","sha512":"cf2e6ce0742a9c487611174326ec33a3d01089fb780ab3c40816c7466028b3f7ecb367492da7e7c0157ccdc668815e093cbdd8de1430e5e39a1b9be6ce561960","ssdeep":"","tlshash":"da41d1e35b8f6d5be32510d80caefd0e74bb22f64dd85cd287080452f295bad668dd28","first_seen":"2026-07-02T12:49:09.964257Z","last_seen":"2026-07-02T12:49:09.964257Z","times_seen":1,"resource_available":true,"data":null}},"time_used":500,"timings":{"blocked":-1,"dns":3,"connect":15,"send":0,"wait":482,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-vendors.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:44.017Z","timestamp":1782996524017,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-vendors.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://santander-portugal.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"2fecc9d90ae6ad7f85d676e274e5d4a5\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nvary: accept-encoding\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc4331d40568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":348923,"size_decoded":117185,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"2fecc9d90ae6ad7f85d676e274e5d4a5","sha1":"0e1300fb36969ed28db617c9bba0c8d0bff72c8e","sha256":"db389f4bb5872ace6ade114d9a15d1afc02e7d411680f6f98fa5a350b0b4ee5c","sha512":"e5fe2e55710dccb04046bf588c1cdfd27a153447b5a8f818af6e4f536abc89f4e38f242c117a4a6f2214a017653008272075811e9a40a5718a08b3900ecd71a0","ssdeep":"6144:jzicBg7MOpWK+1ZWwehNo4TR+5Ar6k+WS:nicBgoO27WwKvC","tlshash":"39744cc8f193b0b946e2a2a5009f5207737b052968e88494f574dfe968e8d5c637bf3c","first_seen":"2026-05-25T09:57:47.440233Z","last_seen":"2026-07-03T00:44:15.074504Z","times_seen":5336,"resource_available":true,"data":null}},"time_used":586,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":286,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/js/twk-chunk-2d0d2b7c.js","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.194Z","timestamp":1782996525194,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/js/twk-chunk-2d0d2b7c.js HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 02 Jul 2026 06:02:10 GMT\r\netag: W/\"8c2091a992e4303600967e53388cb5c8\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24374\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43a7f7a0b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10918,"size_decoded":3755,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10918), with no line terminators","md5":"8c2091a992e4303600967e53388cb5c8","sha1":"70cb06404a117829d3c53f5890077f5ff82957c9","sha256":"52edf640b5358d2e388d34d85bae2bf9973c26383165c4187da4e98b7703233a","sha512":"4d379fa96658dead5908f119d36ff91db8ec34d145fad5888370bd681ec575615351eaa0336fba48e4ad102b84e07881286bb1a958ec15ac36f86677de149d15","ssdeep":"192:0CFny7CpmYbZTxcwr40v0zSrj5D6/L6LvGokD36b4hwseQ:08mCTZTJr40v0GF/LvV4hwsR","tlshash":"9332a6b7e0a1107ea316871c106fa610f61f6c8ab2561da5ba7ab46f900ddcfc065f7c","first_seen":"2026-04-21T04:02:24.334927Z","last_seen":"2026-07-03T00:44:15.100201Z","times_seen":10291,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"embed.tawk.to/_s/v4/app/6a45feba358/css/max-widget.css","fqdn":"embed.tawk.to","domain":"tawk.to","tld":"to"},"ip":{"addr":"104.20.42.169","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://santander-portugal.com/steps/","date":"2026-07-02T12:48:45.312Z","timestamp":1782996525312,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tawk.to","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 04 May 2026 11:24:07 GMT","end":"Sun, 02 Aug 2026 12:24:06 GMT"},"fingerprint":{"sha1":"5D:D6:F5:FD:F8:CB:78:44:A8:2A:49:EF:03:C0:C8:B5:0C:1B:79:99","sha256":"65:9D:D6:CF:E0:10:86:0F:22:8C:9E:D6:AD:88:47:05:8D:FB:5F:4A:85:E4:06:8F:C1:BC:1D:F0:CA:87:D0:5A"}}},"request":{"raw":"GET /_s/v4/app/6a45feba358/css/max-widget.css HTTP/1.1\r\nHost: embed.tawk.to\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://santander-portugal.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 02 Jul 2026 06:02:09 GMT\r\netag: W/\"1419f2a1837ad0239c12ed0298d67590\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\nage: 24373\r\nvary: accept-encoding\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\ncf-ray: a14dc43b3f890b41-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":102656,"size_decoded":23013,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"1419f2a1837ad0239c12ed0298d67590","sha1":"45d8dbfeeecc27db2ef5707a1f3808a66c1d2b9f","sha256":"6dd414390ef7f11315507ed32ddfef2b85d3f9a683db2bfb8cdef66b6264ab70","sha512":"c41f632c69630b0f20ee3523e6da536d10fe5e109b8a2ec2fc3305c3b8f0b7185695d980229e6ee57db83823a1ab2f120c9677670a555dd9a681b3b2f50c3a19","ssdeep":"1536:f/Uifm7kUdwddCri1iLc0Lg261F2BBC4ikauV3cGiH27PNWE98MGfU0nPROpmi0m:xfuVLmi0V0Z+tKaK","tlshash":"41a399b2e56710cc7363c22692c1faac1029e370c757caa9f827767d4bc25963562f9c","first_seen":"2026-07-02T06:23:48.069239Z","last_seen":"2026-07-03T00:44:15.102394Z","times_seen":56,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
