login-santander.com Open in urlscan Pro
91.215.85.14 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://login-santander.com/
Effective URL:
https://login-santander.com/app/
Submission: On January 11 via automatic, source certstream-suspicious (January 11th 2024, 6:19:22 pm UTC) — Scanned from DE

Summary HTTP 16 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 16 HTTP transactions. The main IP is 91.215.85.14, located in Russian Federation and belongs to PROSPERO-AS, RU. The main domain is login-santander.com.
TLS certificate: Issued by R3 on January 11th 2024. Valid for: 3 months.

This is the only time login-santander.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 15	91.215.85.14 91.215.85.14	200593 (PROSPERO-AS) (PROSPERO-AS)
1	104.122.37.29 104.122.37.29	16625 (AKAMAI-AS) (AKAMAI-AS)
2	45.223.164.57 45.223.164.57	19551 (INCAPSULA) (INCAPSULA)
16	3

15 91.215.85.14 (Russian Federation) 2 redirects

ASN200593 (PROSPERO-AS, RU)

login-santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.122.37.29 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-122-37-29.deploy.static.akamaitechnologies.com

rolb.santanderbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.223.164.57 (United States)

ASN19551 (INCAPSULA, US)

global.sanbot.sandigital.santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	login-santander.com 2 redirects login-santander.com	218 KB
2	santander.com global.sanbot.sandigital.santander.com — Cisco Umbrella Rank: 498199	93 KB
1	santanderbank.com rolb.santanderbank.com — Cisco Umbrella Rank: 269800
16	3

	Domain	Requested by
15	login-santander.com	2 redirects login-santander.com
2	global.sanbot.sandigital.santander.com	login-santander.com
1	rolb.santanderbank.com	login-santander.com
16	3

This site contains links to these domains. Also see Links.

Domain
rolb.santanderbank.com
www.santanderbank.com
customerservice.santanderbank.com
www.santander.com

Subject Issuer	Validity	Valid
login-santander.com R3	`2024-01-11` - `2024-04-10`	3 months	crt.sh
www.santanderbank.com Entrust Certification Authority - L1M	`2023-06-09` - `2024-07-07`	a year	crt.sh
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q4	`2023-12-23` - `2024-06-20`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://login-santander.com/app/
Frame ID: 9EFB92A6C4DAAEC4565A0C4A6EC3932A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Santander Online Banking Login

Page URL History Show full URLs

https://login-santander.com/ HTTP 302
https://login-santander.com/app HTTP 301
https://login-santander.com/app/ Page URL

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

310 kB
Transfer

809 kB
Size

1
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://rolb.santanderbank.com/OnlineBanking/login#main-content
Title: Go to main content

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/business/bob-login
Title: Business

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/commercial
Title: Corporate

Search URL Search Domain Scan URL

URL: https://rolb.santanderbank.com/OnlineBanking/retrieve-user-id
Title: Link Your User ID Forgot Your User ID?

Search URL Search Domain Scan URL

URL: https://rolb.santanderbank.com/OnlineBanking/reset-your-password
Title: Link Forgot Your Password Forgot Your Password?

Search URL Search Domain Scan URL

URL: https://rolb.santanderbank.com/OnlineBanking/enrollment
Title: Link to Enroll Now Enroll Now

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/online-banking-agreement
Title: Link Digital Banking Agreement Digital Banking Agreement

Search URL Search Domain Scan URL

URL: https://customerservice.santanderbank.com/app/answers/list/kw/online%20banking/r_id/102441/search/1
Title: (Open in a new tab) search our FAQs. go to FAQs

Search URL Search Domain Scan URL

URL: https://rolb.santanderbank.com/OnlineBanking/
Title: Online Banking feedback go to Feedback

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/atm-branch-locator
Title: (Open in new tab)Find an ATM/Branch

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/personal/contact-us
Title: (Open in new tab)Customer Service

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/sitemap
Title: (Open in new tab)Site Map

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/accessibility
Title: (Open in new tab)Accessibility

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/privacyandsecurity
Title: (Open in new tab)Privacy and Security

Search URL Search Domain Scan URL

URL: https://www.santander.com/en/shareholders-and-investors
Title: (Open in new tab)Investor Relations

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/about/media-center
Title: (Open in new tab)Media Center

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/about/careers
Title: (Open in new tab)Careers

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/about/about-us
Title: (Open in new tab)About Santander

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/online-privacy-policy
Title: (Open in new tab)Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/terms-and-conditions
Title: (Open in new tab)Terms of Use

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://login-santander.com/ HTTP 302
https://login-santander.com/app HTTP 301
https://login-santander.com/app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
login-santander.com/app/
Redirect Chain

https://login-santander.com/
https://login-santander.com/app
https://login-santander.com/app/

228 KB
30 KB

302ms
302ms

Document
text/html

91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-santander.com/app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: e9ee57215c2569dee84dfa4ec97b152f897f9940403049db71c79a29b951e84d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 11 Jan 2024 18:19:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
vary: Accept-Encoding

Redirect headers

content-length: 707
content-type: text/html
date: Thu, 11 Jan 2024 18:19:17 GMT
location: https://login-santander.com/app/

GET
H3 200 styles.2b4ba21e3013d4d0cc68.css
login-santander.com/libraries/ 292 KB
34 KB 78ms
77ms Stylesheet
text/css 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-santander.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: a1ca8c9c2dc1d88ee09adccbadbf48b3c031787871be7948c694ef0644d697d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Mon, 08 Aug 2022 02:46:58 GMT
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 35021
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 AAFF_SANDI_SYMBOL_CMYK.SVG
login-santander.com/libraries/ 790 B
441 B 79ms
78ms Image
image/svg+xml 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-santander.com/libraries/AAFF_SANDI_SYMBOL_CMYK.SVG
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: 64105e43a16700f1acef6a731ab0967fcd29210674a967b0ddaa57c8291c6fd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Sun, 07 Aug 2022 21:47:04 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 384
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 infoIcon.svg
login-santander.com/libraries/ 660 B
320 B 79ms
79ms Image
image/svg+xml 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-santander.com/libraries/infoIcon.svg
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: 7985c151ce7d5f67907c31678a8f3b71a94fbd71223732c022bc28ef65248078

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Sun, 07 Aug 2022 21:47:04 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 299
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 minimizeIcon.svg
login-santander.com/libraries/ 871 B
433 B 70ms
69ms Image
image/svg+xml 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-santander.com/libraries/minimizeIcon.svg
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: 45245d728ae416657a19434010ab049cb89534a946d272b100287c9f95b2dc8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Sun, 07 Aug 2022 21:47:06 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 389
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 closeIcon.svg
login-santander.com/libraries/ 43 KB
6 KB 70ms
69ms Image
image/svg+xml 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-santander.com/libraries/closeIcon.svg
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: 243493557f9376768c43bb06174937c435a3f332c9c6a006306263ec6ac25743

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Sun, 07 Aug 2022 21:47:06 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6345
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H/1.1 200
OK /
rolb.santanderbank.com/OnlineBanking/ 0
0 556ms
299ms Image
text/html 104.122.37.29
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rolb.santanderbank.com/OnlineBanking/
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.122.37.29 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-122-37-29.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H3 200 FA_SANTANDER_PVR_POS_RGB.6b6950e7c85225731399.svg
login-santander.com/libraries/ 7 KB
3 KB 61ms
60ms Image
image/svg+xml 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-santander.com/libraries/FA_SANTANDER_PVR_POS_RGB.6b6950e7c85225731399.svg
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: 139d3dbccd39273e5a54ce739881c97defec84da46686636045e6d320ab8b13d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Mon, 08 Aug 2022 02:11:44 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3043
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 icon-login-faqs.444e81bc2593c635b5a8.svg
login-santander.com/libraries/ 947 B
464 B 61ms
61ms Image
image/svg+xml 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-santander.com/libraries/icon-login-faqs.444e81bc2593c635b5a8.svg
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: 2d495a010c8c1f13b69bdab834640b1896ac0de7dcb8d125b19af50d91071f27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Mon, 08 Aug 2022 02:21:56 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 421
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 icon-login-feedback.3b28365c5184221bebf9.svg
login-santander.com/libraries/ 2 KB
1 KB 61ms
61ms Image
image/svg+xml 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-santander.com/libraries/icon-login-feedback.3b28365c5184221bebf9.svg
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: 63d4e44221cbadea57451110791ca86c7ba695f8de73dd0084251916bce838ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Mon, 08 Aug 2022 02:16:04 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 992
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 equal-housing-lender.8917480a90573d942deb.svg
login-santander.com/libraries/ 3 KB
1 KB 102ms
102ms Image
image/svg+xml 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-santander.com/libraries/equal-housing-lender.8917480a90573d942deb.svg
Requested by: Host: login-santander.com
URL: https://login-santander.com/app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: fa1cb3c1018fd2a175c77b01fceb6bbb6151aca9cb7cc26ec86b0d55c43abe9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login-santander.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
content-encoding: br
last-modified: Mon, 08 Aug 2022 02:15:56 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1323
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
login-santander.com/libraries/ 46 KB
46 KB 61ms
60ms Font
font/woff2 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-santander.com/libraries/SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
Requested by: Host: login-santander.com
URL: https://login-santander.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b

Request headers

Referer: https://login-santander.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Origin: https://login-santander.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-type: font/woff2
date: Thu, 11 Jan 2024 18:19:18 GMT
cache-control: public, max-age=604800
last-modified: Mon, 08 Aug 2022 02:14:56 GMT
accept-ranges: bytes
content-length: 46640
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
login-santander.com/libraries/ 46 KB
46 KB 82ms
81ms Font
font/woff2 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-santander.com/libraries/SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
Requested by: Host: login-santander.com
URL: https://login-santander.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: 535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8

Request headers

Referer: https://login-santander.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Origin: https://login-santander.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-type: font/woff2
date: Thu, 11 Jan 2024 18:19:18 GMT
cache-control: public, max-age=604800
last-modified: Mon, 08 Aug 2022 02:15:24 GMT
accept-ranges: bytes
content-length: 46788
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H3 200 SantanderTextW05-Bold.a48c0132fe41abde8dbf.woff2
login-santander.com/libraries/ 48 KB
48 KB 122ms
121ms Font
font/woff2 91.215.85.14
PROSPERO-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://login-santander.com/libraries/SantanderTextW05-Bold.a48c0132fe41abde8dbf.woff2
Requested by: Host: login-santander.com
URL: https://login-santander.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software: /
Resource Hash: ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29

Request headers

Referer: https://login-santander.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Origin: https://login-santander.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-type: font/woff2
date: Thu, 11 Jan 2024 18:19:18 GMT
cache-control: public, max-age=604800
last-modified: Mon, 08 Aug 2022 02:15:24 GMT
accept-ranges: bytes
content-length: 49072
expires: Thu, 18 Jan 2024 18:19:18 GMT

GET
H2 200 SantanderHeadlineW05-Rg.woff2
global.sanbot.sandigital.santander.com/content/assets/fonts/ 46 KB
46 KB 327ms
143ms Font
application/octet-stream 45.223.164.57
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://global.sanbot.sandigital.santander.com/content/assets/fonts/SantanderHeadlineW05-Rg.woff2

Requested by

Host: login-santander.com
URL: https://login-santander.com/app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.164.57 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://login-santander.com/
Origin: https://login-santander.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:35:22 GMT
x-cdn: Imperva
content-md5: ft7rcrCP+biwNWUUMxpMxA==
etag: "0x8DBFC6ED8FE9AD0"
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 451a8517-601e-0065-5aba-44eb35000000
x-iinfo: 9-22560453-22560462 NNNN CT(11 28 0) RT(1704997157978 42) q(0 0 0 13) r(0 0) U12
x-incap-sess-cookie-hdr: RrkdbxiEBGUTBV7eHObfESYxoGUAAAAANQXQh1jjQMNyOxzASzM3EA==
x-ms-version: 2018-03-28
accept-ranges: bytes
content-length: 46788

GET
H2 200 SantanderTextW05-Regular.woff2
global.sanbot.sandigital.santander.com/content/assets/fonts/ 46 KB
46 KB 288ms
105ms Font
application/octet-stream 45.223.164.57
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://global.sanbot.sandigital.santander.com/content/assets/fonts/SantanderTextW05-Regular.woff2

Requested by

Host: login-santander.com
URL: https://login-santander.com/app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.164.57 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://login-santander.com/
Origin: https://login-santander.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 18:19:18 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:35:22 GMT
x-cdn: Imperva
content-md5: tcgbLFFoTnHPRqxzGGEekA==
etag: "0x8DBFC6ED910C1BD"
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 2600aa60-501e-0041-57ba-441d95000000
x-iinfo: 9-22560453-22560461 NNNN CT(10 28 0) RT(1704997157978 42) q(0 0 0 11) r(0 0) U12
x-incap-sess-cookie-hdr: 1kW2JPRw/BUTBV7eHObfESYxoGUAAAAAmWbBWeGwN5pJw3/TnltaqA==
x-ms-version: 2018-03-28
accept-ranges: bytes
content-length: 46640

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			login-santander.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2cd257017e0f52908553d39a4bc7f222

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

global.sanbot.sandigital.santander.com
login-santander.com
rolb.santanderbank.com
104.122.37.29
45.223.164.57
91.215.85.14
139d3dbccd39273e5a54ce739881c97defec84da46686636045e6d320ab8b13d
243493557f9376768c43bb06174937c435a3f332c9c6a006306263ec6ac25743
2d495a010c8c1f13b69bdab834640b1896ac0de7dcb8d125b19af50d91071f27
45245d728ae416657a19434010ab049cb89534a946d272b100287c9f95b2dc8e
535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8
63d4e44221cbadea57451110791ca86c7ba695f8de73dd0084251916bce838ed
64105e43a16700f1acef6a731ab0967fcd29210674a967b0ddaa57c8291c6fd8
7985c151ce7d5f67907c31678a8f3b71a94fbd71223732c022bc28ef65248078
a1ca8c9c2dc1d88ee09adccbadbf48b3c031787871be7948c694ef0644d697d4
df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9ee57215c2569dee84dfa4ec97b152f897f9940403049db71c79a29b951e84d
ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29
fa1cb3c1018fd2a175c77b01fceb6bbb6151aca9cb7cc26ec86b0d55c43abe9e

login-santander.com Open in urlscan Pro 91.215.85.14 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

310 kBTransfer

809 kBSize

1 Cookies

20 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

login-santander.com Open in urlscan Pro
91.215.85.14 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

310 kB
Transfer

809 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!