services.upd00387h.workers.dev Open in urlscan Pro
188.114.96.9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://services.upd00387h.workers.dev/enrollment_files/
Effective URL:
https://services.upd00387h.workers.dev/enrollment_files/
Submission: On July 03 via manual (July 3rd 2024, 2:08:19 pm UTC) from ES — Scanned from NL

Summary HTTP 22 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 22 HTTP transactions. The main IP is 188.114.96.9, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is services.upd00387h.workers.dev.
TLS certificate: Issued by WE1 on June 27th 2024. Valid for: 3 months.

This is the only time services.upd00387h.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
13	188.114.96.9 188.114.96.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2620:100:6022... 2620:100:6022:15::a27d:420f	19679 (DROPBOX) (DROPBOX)
2	23.197.133.150 23.197.133.150	16625 (AKAMAI-AS) (AKAMAI-AS)
22	3

13 188.114.96.9 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

services.upd00387h.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2620:100:6022:15::a27d:420f (United States)

ASN19679 (DROPBOX, US)

dl.dropboxusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.197.133.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-133-150.deploy.static.akamaitechnologies.com

rolb.santanderbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	workers.dev services.upd00387h.workers.dev	768 KB
7	dropboxusercontent.com dl.dropboxusercontent.com — Cisco Umbrella Rank: 20110	201 KB
2	santanderbank.com rolb.santanderbank.com — Cisco Umbrella Rank: 170909	8 KB
22	3

	Domain	Requested by
13	services.upd00387h.workers.dev	services.upd00387h.workers.dev
7	dl.dropboxusercontent.com	services.upd00387h.workers.dev dl.dropboxusercontent.com
2	rolb.santanderbank.com	services.upd00387h.workers.dev
22	3

This site contains links to these domains. Also see Links.

Domain
rolb.santanderbank.com

Subject Issuer	Validity	Valid
upd00387h.workers.dev WE1	`2024-06-27` - `2024-09-25`	3 months	crt.sh
*.dl.dropboxusercontent.com DigiCert TLS RSA SHA256 2020 CA1	`2024-03-25` - `2025-03-11`	a year	crt.sh
www.santanderbank.com Entrust Certification Authority - L1M	`2024-06-12` - `2025-07-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://services.upd00387h.workers.dev/enrollment_files/
Frame ID: 4CFCF68AE18DB61B7646DCE84426504E
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Enrollment

Page URL History Show full URLs

http://services.upd00387h.workers.dev/enrollment_files/ HTTP 307
https://services.upd00387h.workers.dev/enrollment_files/ Page URL

Page Statistics

22
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

977 kB
Transfer

7581 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://rolb.santanderbank.com/OnlineBanking/enrollment#main-content
Title: Go to main content

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://services.upd00387h.workers.dev/enrollment_files/ HTTP 307
https://services.upd00387h.workers.dev/enrollment_files/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
services.upd00387h.workers.dev/enrollment_files/
Redirect Chain

http://services.upd00387h.workers.dev/enrollment_files/
https://services.upd00387h.workers.dev/enrollment_files/

509 KB
37 KB

95ms
43ms

Document
text/html

188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 89d772451fbf665c-AMS
content-encoding: br
content-type: text/html;charset=UTF-8
date: Wed, 03 Jul 2024 14:08:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pRfnjbj1YevShnuA1VaiCPOCMzx2AO8ftHXfOtFL4R09YC9gEJDQyHiA1mYg5sCz9J%2BvKF8bHpkumy0Os35xt9nJHEtUY8dn9AtcTHnvjUvcoUxRiFdfm%2BIP%2BZ9k937%2F2CNATrkQ9hUHUBBqUMI%2FCmc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://services.upd00387h.workers.dev/enrollment_files/
Non-Authoritative-Reason: HSTS

GET
H2 200 styles.css
dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/ 163 KB
29 KB 657ms
588ms Stylesheet
text/css 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0

Requested by

Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

a488b85670482af033283088465530172f719919e9ed256b51ab1e45236d0bb3

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Wed, 03 Jul 2024 14:08:13 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: b9dd841191e04ee99d2f0a012ee61afe
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
pragma: public
server: envoy
x-server-response-time: 418
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H3 200 utag_004.js Show response
services.upd00387h.workers.dev/enrollment_files/enrollment_files/ 509 KB
37 KB 25ms
24ms Script
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/enrollment_files/utag_004.js
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=naLJm4kdGVoHVDgfiA6BtSEwTGcKT%2BowWENUoIo8b6%2BToOY8A6VF8YRPk3PXIbPpan%2F3XB5%2BXEQ1wwO3S8rNquN86LRNbdceov06h21g%2BEby%2Fyi%2B3t6J5EKs99AiHaIBE1pJ6OKN8nEmgbAlaIN7Q9w%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77245d876665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 utag_006.js Show response
services.upd00387h.workers.dev/enrollment_files/enrollment_files/ 509 KB
37 KB 28ms
27ms Script
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/enrollment_files/utag_006.js
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Zd%2FTjCCg008aC9opXW5VEOrB6EQiM3FjfDYqQzmscGMFpC8qTgA7vCZZeucF0tjDAstT6630B2q%2FQroinCwk3HFKaDJr5DMMzWtnC3z02lnS0jm7Uf04uzkqcJZoxDe2qDMku69UVqnoWQ0YgEfwgQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77245d878665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 utag.js Show response
services.upd00387h.workers.dev/enrollment_files/enrollment_files/ 509 KB
37 KB 36ms
35ms Script
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/enrollment_files/utag.js
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o1Y59qh4nxAcn2JxTL5ggWiU%2FeGqkWkm%2BXE3eDrNs%2BD%2F%2FGJCivAsFXBHNLcnEkxXgNNIEmZdkACARCXubB152SnhjJjvR%2FnUNcIKVY%2B6rDgEh4koA5zbDNAhkaIMwUm2YQFsD%2FXVO0b0ytj%2B%2BRld%2B74%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77245d87b665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 utag_003.js Show response
services.upd00387h.workers.dev/enrollment_files/enrollment_files/ 509 KB
37 KB 43ms
42ms Script
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/enrollment_files/utag_003.js
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ryKsLfmXl2MiUlLpLURUt3u1mrPFbWQB4Bi7fvP2vTiiD5v%2FQUwscfdCh0DEyQhbZwj4gyyiQCpINXL4IuUDW%2F7D9r44mewIhTBuCz9v7IoGHDmEKtA2lbQpgDThbqCWbNCFle%2F3u%2FlTpuExaR%2FvL5U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77245d87e665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 utag_007.js Show response
services.upd00387h.workers.dev/enrollment_files/enrollment_files/ 509 KB
37 KB 85ms
84ms Script
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/enrollment_files/utag_007.js
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uq4di7tYMwrBTKLMIurXUvUIOrRKviOAj6uMGnAse3unle8GaZg5WPTAHDu1xCBormZZZLaviW7xjo5FILgZ2nzsZqeskKgHq%2FY9rGzwnX6VU7nQ0MggsONU%2FIiobes%2BoSEPMOoJdn88amJUoZdAXiY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77245d880665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK FA_SANTANDER_PVR_POS_RGB.6b6950e7c85225731399.svg
rolb.santanderbank.com/OnlineBanking/ 7 KB
6 KB 237ms
54ms Image
image/svg+xml 23.197.133.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rolb.santanderbank.com/OnlineBanking/FA_SANTANDER_PVR_POS_RGB.6b6950e7c85225731399.svg

Requested by

Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.197.133.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-133-150.deploy.static.akamaitechnologies.com

Software

Resource Hash

139d3dbccd39273e5a54ce739881c97defec84da46686636045e6d320ab8b13d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src https://.santanderbank.com https://.digital-cloud.medallia.com https://.cdn.optimizely.com https://.santandersandi.com 'self'; connect-src https://.dotomi.com https://.santanderbank.com https://.kampyle.com https://.digital-cloud.medallia.com https://.tiqcdn.com https://.google-analytics.com https://.optimizely.com https://.tealiumiq.com https://.google.com https://.doubleclick.net https://.santandersandi.com https://.online-metrix.net https://.santander.com 'self'; script-src https://shdwrolb.santanderbank.com https://.santanderbank.com https://.kampyle.com https://.digital-cloud.medallia.com https://.tiqcdn.com https://.google-analytics.com https://.optimizely.com https://.googletagmanager.com https://.tealiumiq.com https://.google.com https://.doubleclick.net https://.santandersandi.com https://.dotomi.com https://.online-metrix.net 'unsafe-inline' 'unsafe-eval' 'self'; img-src data: https://.google.com https://.kampyle.com/ https://.online-metrix.net https://.santanderbank.com https://.digital-cloud.medallia.com https://.optimizely.com https://.google-analytics.com https://.santandersandi.com 'self'; style-src https://.kampyle.com https://.digital-cloud.medallia.com https://.santanderbank.com https://.santandersandi.com 'unsafe-inline' 'self'; object-src 'none'; form-action https://.santanderbank.com https://.digital-cloud.medallia.com https://.santandersandi.com https://.santanderrewards.com 'self'; frame-ancestors 'self'; report-to csp-endpoint; frame-src https://.santander.com https://.doubleclick.net https://.cdn.optimizely.com https://.digital-cloud.medallia.com https://.santanderbank.com https://.santandersandi.com https://.online-metrix.net mailto: tel: 'self'; worker-src blob: https://.santanderbank.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: default-src 'self'; font-src https://*.santanderbank.com https://*.digital-cloud.medallia.com https://*.cdn.optimizely.com https://*.santandersandi.com 'self'; connect-src https://*.dotomi.com https://*.santanderbank.com https://*.kampyle.com https://*.digital-cloud.medallia.com https://*.tiqcdn.com https://*.google-analytics.com https://*.optimizely.com https://*.tealiumiq.com https://*.google.com https://*.doubleclick.net https://*.santandersandi.com https://*.online-metrix.net https://*.santander.com 'self'; script-src https://shdwrolb.santanderbank.com https://*.santanderbank.com https://*.kampyle.com https://*.digital-cloud.medallia.com https://*.tiqcdn.com https://*.google-analytics.com https://*.optimizely.com https://*.googletagmanager.com https://*.tealiumiq.com https://*.google.com https://*.doubleclick.net https://*.santandersandi.com https://*.dotomi.com https://*.online-metrix.net 'unsafe-inline' 'unsafe-eval' 'self'; img-src data: https://*.google.com https://*.kampyle.com/ https://*.online-metrix.net https://*.santanderbank.com https://*.digital-cloud.medallia.com https://*.optimizely.com https://*.google-analytics.com https://*.santandersandi.com 'self'; style-src https://*.kampyle.com https://*.digital-cloud.medallia.com https://*.santanderbank.com https://*.santandersandi.com 'unsafe-inline' 'self'; object-src 'none'; form-action https://*.santanderbank.com https://*.digital-cloud.medallia.com https://*.santandersandi.com https://*.santanderrewards.com 'self'; frame-ancestors 'self'; report-to csp-endpoint; frame-src https://*.santander.com https://*.doubleclick.net https://*.cdn.optimizely.com https://*.digital-cloud.medallia.com https://*.santanderbank.com https://*.santandersandi.com https://*.online-metrix.net mailto: tel: 'self'; worker-src blob: https://*.santanderbank.com;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Wed, 03 Jul 2024 14:08:13 GMT
Strict-Transport-Security: max-age=31536000
Server-Timing: dtSInfo;desc="0", dtRpid;desc="351805594"
Connection: keep-alive
Content-Length: 3234
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Dec 2022 23:45:21 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, OPTIONS, GET
Content-Type: image/svg+xml
Vary: Accept-Encoding
Cache-Control: public, max-age=343508
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
X-Robots-Tag: noindex, nofollow, noarchive
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token, Access-Control-Allow-Origin

GET
H3 200 visibility_off.547778c9d6dc60e860a7.svg
services.upd00387h.workers.dev/enrollment_files/ 320 KB
320 KB 79ms
79ms Image
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://services.upd00387h.workers.dev/enrollment_files/visibility_off.547778c9d6dc60e860a7.svg
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4bFiZzvJAwME9ktKSeqz66mpyRxcE1XX%2BhDPNu7Hso2YfpVbI0bEcXuwNm9IllIOT%2ByipcjZ2cAxdz22PqSZ2tsdaJ6u6163iWMpPU8wRjF54YCIUpGOlxsdqxlwT1IpBrStE37OGkARm9Gj0yHx3vg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77245e891665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
services.upd00387h.workers.dev/enrollment_files/ 509 KB
37 KB 72ms
71ms Font
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mApZsRmdN%2BRrttE7e4u2QTZmKjFU6ew5ahT1O%2BhtR8%2FALsnhDU6DnB1hrWFZAQl0SPbTBQqnfHUZcUdhHLziqX7OijcdkFIqaBVDNR68YA5%2FymB0EqdFaR2%2BysF7oHkACeNxM00hBuJzVZsZJDfAmms%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77245f8a3665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
services.upd00387h.workers.dev/enrollment_files/ 509 KB
37 KB 83ms
83ms Font
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RGuvjb9JD6Gki%2B6CQ3vfzhn%2FB%2FsHN4CKfproTROIW8e5c%2BqsUV%2BoJzFNjL9kcmOH0ZaCwY4Pvg6pFL5UDeWdgk27HqZEavJXLReJ3iK%2F5B5A6Va9UGCMgKRKWRaPmfajbdzI2Nyx4JoMCzjaUvv2SbI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77245f8a8665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 SantanderTextW05-Regular.746c91a0576679ec8313.woff
services.upd00387h.workers.dev/enrollment_files/ 509 KB
37 KB 25ms
24ms Font
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.746c91a0576679ec8313.woff
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=87D36LSP%2BIjIQ2h7%2BWe9pgR4RcY0v18ZeYrqwDfQY%2BEv2Jh9GSELKALyhX6%2BhiPB9AL5RvgtYPAfgi7FZUk7zNXR%2Frflmkj7oKBYK%2BKC%2FoRhKAqWxcrbXyQsHVP9rM%2BXnc4TDuX7hI%2FAjffSaOvfmMk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77246890c665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 SantanderHeadlineW05-Rg.5c1d935ec8fb2c9501f6.woff
services.upd00387h.workers.dev/enrollment_files/ 509 KB
37 KB 26ms
25ms Font
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.5c1d935ec8fb2c9501f6.woff
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nU%2BaP0KVt221Y2JQ7iIb%2FLAxqAdDIkVm9m4icBdPq9%2Bt6WxKW60pzdnOSj%2BABU4Y%2FC402H7P2sF3nXfxeWDpiQgRGlYj%2BWzF9pxCPmhW8%2BYDvs1WO4N5ECexYCBISilkZ2FCyEuxBns5pN7lejnPSVg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77246890f665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 SantanderTextW05-Regular.6a5a76a9dacb02d74ea4.ttf
services.upd00387h.workers.dev/enrollment_files/ 509 KB
37 KB 25ms
24ms Font
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.6a5a76a9dacb02d74ea4.ttf
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FmrOmulcQcYrImOrrsoEHDBIJ61yoeigESQKy%2B19kfHKczgaRQPMtPjuIVNpkgbaYPmeZk1rhwuc2AV3B3wqYz5mfGuxLzWUpjU7WIfsnHxPV0lb0ikZHiS2k6omwxb8yHkgEA2vtwsx0byEIBK6bJg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77246c939665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 SantanderHeadlineW05-Rg.7d2aeda93a34f6652127.ttf
services.upd00387h.workers.dev/enrollment_files/ 509 KB
37 KB 25ms
25ms Font
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.7d2aeda93a34f6652127.ttf
Requested by: Host: services.upd00387h.workers.dev
URL: https://services.upd00387h.workers.dev/enrollment_files/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/enrollment_files/
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 14:08:13 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2FCR6r%2Fy%2FS2kTNZ0uCniaYd%2FMuPxWX2W8oRBf1duYwjiInsxEG3IOi1mXD6bIrrQzmu3vJAo1wJOGaSDIZIKKjLXl81CVEdUVhg0QWLVJcAencSTneHY%2BJz0lulX0xS%2B4%2FJctn%2BcCzbyaQCwjrgEwlU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 89d77246c93a665c-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/ 163 KB
29 KB 661ms
616ms Font
text/css 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2

Requested by

Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

a488b85670482af033283088465530172f719919e9ed256b51ab1e45236d0bb3

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Wed, 03 Jul 2024 14:08:14 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: dafd70a973c9496bb9a4bfe8000f8bb2
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
pragma: public
server: envoy
x-server-response-time: 437
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/ 163 KB
29 KB 519ms
474ms Font
text/css 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2

Requested by

Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

a488b85670482af033283088465530172f719919e9ed256b51ab1e45236d0bb3

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Wed, 03 Jul 2024 14:08:14 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: 534fc9f948dc44598195253064fa5070
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
pragma: public
server: envoy
x-server-response-time: 343
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H/1.1 200
OK favicon.ico
rolb.santanderbank.com/OnlineBanking/ 1 KB
3 KB 40ms
40ms Other
image/x-icon 23.197.133.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rolb.santanderbank.com/OnlineBanking/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.197.133.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-133-150.deploy.static.akamaitechnologies.com

Software

Resource Hash

969c5f950ea984e22de86acd8829be576f932fbd3306befa0905e36b98069d15

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src https://.santanderbank.com https://.digital-cloud.medallia.com https://.cdn.optimizely.com https://.santandersandi.com 'self'; connect-src https://.dotomi.com https://.santanderbank.com https://.kampyle.com https://.digital-cloud.medallia.com https://.tiqcdn.com https://.google-analytics.com https://.optimizely.com https://.tealiumiq.com https://.google.com https://.doubleclick.net https://.santandersandi.com https://.online-metrix.net https://.santander.com 'self'; script-src https://shdwrolb.santanderbank.com https://.santanderbank.com https://.kampyle.com https://.digital-cloud.medallia.com https://.tiqcdn.com https://.google-analytics.com https://.optimizely.com https://.googletagmanager.com https://.tealiumiq.com https://.google.com https://.doubleclick.net https://.santandersandi.com https://.dotomi.com https://.online-metrix.net 'unsafe-inline' 'unsafe-eval' 'self'; img-src data: https://.google.com https://.kampyle.com/ https://.online-metrix.net https://.santanderbank.com https://.digital-cloud.medallia.com https://.optimizely.com https://.google-analytics.com https://.santandersandi.com 'self'; style-src https://.kampyle.com https://.digital-cloud.medallia.com https://.santanderbank.com https://.santandersandi.com 'unsafe-inline' 'self'; object-src 'none'; form-action https://.santanderbank.com https://.digital-cloud.medallia.com https://.santandersandi.com https://.santanderrewards.com 'self'; frame-ancestors 'self'; report-to csp-endpoint; frame-src https://.santander.com https://.doubleclick.net https://.cdn.optimizely.com https://.digital-cloud.medallia.com https://.santanderbank.com https://.santandersandi.com https://.online-metrix.net mailto: tel: 'self'; worker-src blob: https://.santanderbank.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://services.upd00387h.workers.dev/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: default-src 'self'; font-src https://*.santanderbank.com https://*.digital-cloud.medallia.com https://*.cdn.optimizely.com https://*.santandersandi.com 'self'; connect-src https://*.dotomi.com https://*.santanderbank.com https://*.kampyle.com https://*.digital-cloud.medallia.com https://*.tiqcdn.com https://*.google-analytics.com https://*.optimizely.com https://*.tealiumiq.com https://*.google.com https://*.doubleclick.net https://*.santandersandi.com https://*.online-metrix.net https://*.santander.com 'self'; script-src https://shdwrolb.santanderbank.com https://*.santanderbank.com https://*.kampyle.com https://*.digital-cloud.medallia.com https://*.tiqcdn.com https://*.google-analytics.com https://*.optimizely.com https://*.googletagmanager.com https://*.tealiumiq.com https://*.google.com https://*.doubleclick.net https://*.santandersandi.com https://*.dotomi.com https://*.online-metrix.net 'unsafe-inline' 'unsafe-eval' 'self'; img-src data: https://*.google.com https://*.kampyle.com/ https://*.online-metrix.net https://*.santanderbank.com https://*.digital-cloud.medallia.com https://*.optimizely.com https://*.google-analytics.com https://*.santandersandi.com 'self'; style-src https://*.kampyle.com https://*.digital-cloud.medallia.com https://*.santanderbank.com https://*.santandersandi.com 'unsafe-inline' 'self'; object-src 'none'; form-action https://*.santanderbank.com https://*.digital-cloud.medallia.com https://*.santandersandi.com https://*.santanderrewards.com 'self'; frame-ancestors 'self'; report-to csp-endpoint; frame-src https://*.santander.com https://*.doubleclick.net https://*.cdn.optimizely.com https://*.digital-cloud.medallia.com https://*.santanderbank.com https://*.santandersandi.com https://*.online-metrix.net mailto: tel: 'self'; worker-src blob: https://*.santanderbank.com;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Wed, 03 Jul 2024 14:08:14 GMT
Strict-Transport-Security: max-age=31536000
Server-Timing: dtSInfo;desc="0", dtRpid;desc="2093732271"
Connection: keep-alive
Content-Length: 122
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 28 May 2024 18:39:36 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, OPTIONS, GET
Content-Type: image/x-icon
Vary: Accept-Encoding
Cache-Control: public, max-age=186459
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
X-Robots-Tag: noindex, nofollow, noarchive
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token, Access-Control-Allow-Origin

GET
H2 200 SantanderHeadlineW05-Rg.5c1d935ec8fb2c9501f6.woff
dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/ 163 KB
29 KB 669ms
668ms Font
text/css 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderHeadlineW05-Rg.5c1d935ec8fb2c9501f6.woff

Requested by

Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

a488b85670482af033283088465530172f719919e9ed256b51ab1e45236d0bb3

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Wed, 03 Jul 2024 14:08:15 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: 20bd7cad4cb04c148be25c66b0a000f2
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
pragma: public
server: envoy
x-server-response-time: 524
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 SantanderTextW05-Regular.746c91a0576679ec8313.woff
dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/ 163 KB
29 KB 610ms
609ms Font
text/css 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderTextW05-Regular.746c91a0576679ec8313.woff

Requested by

Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

a488b85670482af033283088465530172f719919e9ed256b51ab1e45236d0bb3

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Wed, 03 Jul 2024 14:08:15 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: 4300274f742c45dbb372b388c75354da
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
pragma: public
server: envoy
x-server-response-time: 440
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 SantanderHeadlineW05-Rg.7d2aeda93a34f6652127.ttf
dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/ 163 KB
29 KB 585ms
584ms Font
text/css 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderHeadlineW05-Rg.7d2aeda93a34f6652127.ttf

Requested by

Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

a488b85670482af033283088465530172f719919e9ed256b51ab1e45236d0bb3

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Wed, 03 Jul 2024 14:08:16 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: 82971a77d9f048d991939120c37bf656
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
pragma: public
server: envoy
x-server-response-time: 447
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 SantanderTextW05-Regular.6a5a76a9dacb02d74ea4.ttf
dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/ 163 KB
29 KB 664ms
663ms Font
text/css 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderTextW05-Regular.6a5a76a9dacb02d74ea4.ttf

Requested by

Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

a488b85670482af033283088465530172f719919e9ed256b51ab1e45236d0bb3

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/styles.css?dl=0
Origin: https://services.upd00387h.workers.dev
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Wed, 03 Jul 2024 14:08:16 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: 6b918520886a4f32ae7c5bdf9af8be78
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
pragma: public
server: envoy
x-server-response-time: 493
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.dropboxusercontent.com/	1969-12-31 23:59:59	Name: uc_session Value: gPpioNgil65XEPBRWzr1qa2DYpr6LxH6e9AuNWwe8JJMESAlyEoOvugZ7bQ1KNz1

36 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.746c91a0576679ec8313.woff
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.5c1d935ec8fb2c9501f6.woff
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.6a5a76a9dacb02d74ea4.ttf
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.7d2aeda93a34f6652127.ttf
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.5c1d935ec8fb2c9501f6.woff
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderHeadlineW05-Rg.7d2aeda93a34f6652127.ttf
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.746c91a0576679ec8313.woff
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://services.upd00387h.workers.dev/enrollment_files/SantanderTextW05-Regular.6a5a76a9dacb02d74ea4.ttf
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 168442913
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 779636069
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 779636069
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderHeadlineW05-Rg.5c1d935ec8fb2c9501f6.woff
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 779636069
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderTextW05-Regular.746c91a0576679ec8313.woff
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 779636069
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderHeadlineW05-Rg.7d2aeda93a34f6652127.ttf
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 779636069
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: Failed to decode downloaded font: https://dl.dropboxusercontent.com/s/l5x1fbbwvhz81j4/SantanderTextW05-Regular.6a5a76a9dacb02d74ea4.ttf
other	warning	URL: https://services.upd00387h.workers.dev/enrollment_files/ Message: OTS parsing error: invalid sfntVersion: 779636069

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dl.dropboxusercontent.com
rolb.santanderbank.com
services.upd00387h.workers.dev
188.114.96.9
23.197.133.150
2620:100:6022:15::a27d:420f
139d3dbccd39273e5a54ce739881c97defec84da46686636045e6d320ab8b13d
969c5f950ea984e22de86acd8829be576f932fbd3306befa0905e36b98069d15
a488b85670482af033283088465530172f719919e9ed256b51ab1e45236d0bb3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f62ab9a99ae2d42083f1737f6bcd763ad074cfb9d044645e4c0cf9507faa83d7

services.upd00387h.workers.dev Open in urlscan Pro 188.114.96.9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

22 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

977 kBTransfer

7581 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

36 Console Messages

Indicators

services.upd00387h.workers.dev Open in urlscan Pro
188.114.96.9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

977 kB
Transfer

7581 kB
Size

1
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!