www.samtander-individuals.com Open in urlscan Pro
95.214.26.221 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.samtander-individuals.com/
Effective URL:
https://www.samtander-individuals.com/app/
Submission Tags: hades
Submission: On November 26 via api (November 26th 2023, 5:31:38 pm UTC) from ES — Scanned from NL

Summary HTTP 16 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 16 HTTP transactions. The main IP is 95.214.26.221, located in Netherlands and belongs to AS-MATRIXTELECOM, GB. The main domain is www.samtander-individuals.com.
TLS certificate: Issued by R3 on November 26th 2023. Valid for: 3 months.

This is the only time www.samtander-individuals.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3 16	95.214.26.221 95.214.26.221	216419 (AS-MATRIX...) (AS-MATRIXTELECOM)
2	45.223.164.57 45.223.164.57	19551 (INCAPSULA) (INCAPSULA)
16	3

16 95.214.26.221 (Netherlands) 3 redirects

ASN216419 (AS-MATRIXTELECOM, GB)

www.samtander-individuals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.223.164.57 (United States)

ASN19551 (INCAPSULA, US)

global.sanbot.sandigital.santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	samtander-individuals.com 3 redirects www.samtander-individuals.com	263 KB
2	santander.com global.sanbot.sandigital.santander.com — Cisco Umbrella Rank: 367070	93 KB
0	santanderbank.com Failed rolb.santanderbank.com Failed
16	3

	Domain	Requested by
16	www.samtander-individuals.com	3 redirects www.samtander-individuals.com
2	global.sanbot.sandigital.santander.com	www.samtander-individuals.com
0	rolb.santanderbank.com Failed	www.samtander-individuals.com
16	3

This site contains links to these domains. Also see Links.

Domain
rolb.santanderbank.com
www.santanderbank.com
customerservice.santanderbank.com
www.santander.com

Subject Issuer	Validity	Valid
samtander-individuals.com R3	`2023-11-26` - `2024-02-24`	3 months	crt.sh
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-06-28` - `2023-12-25`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.samtander-individuals.com/app/
Frame ID: 41EB70ECC65EC0A9C94CAF2D71FE8E1D
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Santander Online Banking Login

Page URL History Show full URLs

http://www.samtander-individuals.com/ HTTP 301
https://www.samtander-individuals.com/ HTTP 302
https://www.samtander-individuals.com/app HTTP 301
https://www.samtander-individuals.com/app/ Page URL

Page Statistics

16
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

355 kB
Transfer

809 kB
Size

1
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://rolb.santanderbank.com/OnlineBanking/login#main-content
Title: Go to main content

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/business/bob-login
Title: Business

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/commercial
Title: Corporate

Search URL Search Domain Scan URL

URL: https://rolb.santanderbank.com/OnlineBanking/retrieve-user-id
Title: Link Your User ID Forgot Your User ID?

Search URL Search Domain Scan URL

URL: https://rolb.santanderbank.com/OnlineBanking/reset-your-password
Title: Link Forgot Your Password Forgot Your Password?

Search URL Search Domain Scan URL

URL: https://rolb.santanderbank.com/OnlineBanking/enrollment
Title: Link to Enroll Now Enroll Now

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/online-banking-agreement
Title: Link Digital Banking Agreement Digital Banking Agreement

Search URL Search Domain Scan URL

URL: https://customerservice.santanderbank.com/app/answers/list/kw/online%20banking/r_id/102441/search/1
Title: (Open in a new tab) search our FAQs. go to FAQs

Search URL Search Domain Scan URL

URL: https://rolb.santanderbank.com/OnlineBanking/
Title: Online Banking feedback go to Feedback

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/atm-branch-locator
Title: (Open in new tab)Find an ATM/Branch

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/personal/contact-us
Title: (Open in new tab)Customer Service

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/sitemap
Title: (Open in new tab)Site Map

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/accessibility
Title: (Open in new tab)Accessibility

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/privacyandsecurity
Title: (Open in new tab)Privacy and Security

Search URL Search Domain Scan URL

URL: https://www.santander.com/en/shareholders-and-investors
Title: (Open in new tab)Investor Relations

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/about/media-center
Title: (Open in new tab)Media Center

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/about/careers
Title: (Open in new tab)Careers

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/about/about-us
Title: (Open in new tab)About Santander

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/online-privacy-policy
Title: (Open in new tab)Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.santanderbank.com/us/terms-and-conditions
Title: (Open in new tab)Terms of Use

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.samtander-individuals.com/ HTTP 301
https://www.samtander-individuals.com/ HTTP 302
https://www.samtander-individuals.com/app HTTP 301
https://www.samtander-individuals.com/app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.samtander-individuals.com/app/
Redirect Chain

http://www.samtander-individuals.com/
https://www.samtander-individuals.com/
https://www.samtander-individuals.com/app
https://www.samtander-individuals.com/app/

228 KB
29 KB

163ms
163ms

Document
text/html

95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PHP/8.1.25 PleskLin
Resource Hash: e9ee57215c2569dee84dfa4ec97b152f897f9940403049db71c79a29b951e84d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 29821
content-type: text/html; charset=UTF-8
date: Sun, 26 Nov 2023 17:31:33 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.1.25 PleskLin

Redirect headers

content-length: 330
content-type: text/html; charset=iso-8859-1
date: Sun, 26 Nov 2023 17:31:33 GMT
location: https://www.samtander-individuals.com/app/
server: nginx
x-powered-by: PleskLin

GET
H2 200 styles.2b4ba21e3013d4d0cc68.css
www.samtander-individuals.com/libraries/ 292 KB
34 KB 38ms
38ms Stylesheet
text/css 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://www.samtander-individuals.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: a1ca8c9c2dc1d88ee09adccbadbf48b3c031787871be7948c694ef0644d697d4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
content-encoding: br
last-modified: Mon, 08 Aug 2022 00:46:58 GMT
server: nginx
etag: W/"62f05d02-49023"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 AAFF_SANDI_SYMBOL_CMYK.SVG
www.samtander-individuals.com/libraries/ 790 B
964 B 35ms
34ms Image
image/svg+xml 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.samtander-individuals.com/libraries/AAFF_SANDI_SYMBOL_CMYK.SVG
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 64105e43a16700f1acef6a731ab0967fcd29210674a967b0ddaa57c8291c6fd8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Sun, 07 Aug 2022 19:47:04 GMT
server: nginx
x-accel-version: 0.01
etag: "316-5e5abf6a91e00"
x-powered-by: PleskLin
content-type: image/svg+xml
accept-ranges: bytes
content-length: 790

GET
H2 200 infoIcon.svg
www.samtander-individuals.com/libraries/ 660 B
834 B 36ms
35ms Image
image/svg+xml 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.samtander-individuals.com/libraries/infoIcon.svg
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 7985c151ce7d5f67907c31678a8f3b71a94fbd71223732c022bc28ef65248078

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Sun, 07 Aug 2022 19:47:04 GMT
server: nginx
x-accel-version: 0.01
etag: "294-5e5abf6a91e00"
x-powered-by: PleskLin
content-type: image/svg+xml
accept-ranges: bytes
content-length: 660

GET
H2 200 minimizeIcon.svg
www.samtander-individuals.com/libraries/ 871 B
1 KB 36ms
36ms Image
image/svg+xml 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.samtander-individuals.com/libraries/minimizeIcon.svg
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 45245d728ae416657a19434010ab049cb89534a946d272b100287c9f95b2dc8e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Sun, 07 Aug 2022 19:47:06 GMT
server: nginx
x-accel-version: 0.01
etag: "367-5e5abf6c7a280"
x-powered-by: PleskLin
content-type: image/svg+xml
accept-ranges: bytes
content-length: 871

GET
H2 200 closeIcon.svg
www.samtander-individuals.com/libraries/ 43 KB
44 KB 37ms
37ms Image
image/svg+xml 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.samtander-individuals.com/libraries/closeIcon.svg
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 243493557f9376768c43bb06174937c435a3f332c9c6a006306263ec6ac25743

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Sun, 07 Aug 2022 19:47:06 GMT
server: nginx
etag: "62f016ba-ad9c"
x-powered-by: PleskLin
content-type: image/svg+xml
accept-ranges: bytes
content-length: 44444

GET /
rolb.santanderbank.com/OnlineBanking/ 0
0

GET
H2 200 FA_SANTANDER_PVR_POS_RGB.6b6950e7c85225731399.svg
www.samtander-individuals.com/libraries/ 7 KB
7 KB 33ms
33ms Image
image/svg+xml 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.samtander-individuals.com/libraries/FA_SANTANDER_PVR_POS_RGB.6b6950e7c85225731399.svg
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 139d3dbccd39273e5a54ce739881c97defec84da46686636045e6d320ab8b13d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Mon, 08 Aug 2022 00:11:44 GMT
server: nginx
etag: "62f054c0-1b4f"
x-powered-by: PleskLin
content-type: image/svg+xml
accept-ranges: bytes
content-length: 6991

GET
H2 200 icon-login-faqs.444e81bc2593c635b5a8.svg
www.samtander-individuals.com/libraries/ 947 B
1 KB 33ms
33ms Image
image/svg+xml 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.samtander-individuals.com/libraries/icon-login-faqs.444e81bc2593c635b5a8.svg
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 2d495a010c8c1f13b69bdab834640b1896ac0de7dcb8d125b19af50d91071f27

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Mon, 08 Aug 2022 00:21:56 GMT
server: nginx
x-accel-version: 0.01
etag: "3b3-5e5afcda91100"
x-powered-by: PleskLin
content-type: image/svg+xml
accept-ranges: bytes
content-length: 947

GET
H2 200 icon-login-feedback.3b28365c5184221bebf9.svg
www.samtander-individuals.com/libraries/ 2 KB
3 KB 34ms
34ms Image
image/svg+xml 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.samtander-individuals.com/libraries/icon-login-feedback.3b28365c5184221bebf9.svg
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 63d4e44221cbadea57451110791ca86c7ba695f8de73dd0084251916bce838ed

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Mon, 08 Aug 2022 00:16:04 GMT
server: nginx
etag: "62f055c4-9c1"
x-powered-by: PleskLin
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2497

GET
H2 200 equal-housing-lender.8917480a90573d942deb.svg
www.samtander-individuals.com/libraries/ 3 KB
3 KB 34ms
34ms Image
image/svg+xml 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.samtander-individuals.com/libraries/equal-housing-lender.8917480a90573d942deb.svg
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: fa1cb3c1018fd2a175c77b01fceb6bbb6151aca9cb7cc26ec86b0d55c43abe9e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.samtander-individuals.com/app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Mon, 08 Aug 2022 00:15:56 GMT
server: nginx
etag: "62f055bc-b24"
x-powered-by: PleskLin
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2852

GET
H2 200 SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
www.samtander-individuals.com/libraries/ 46 KB
46 KB 35ms
34ms Font
font/woff2 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://www.samtander-individuals.com/libraries/SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b

Request headers

Referer: https://www.samtander-individuals.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Origin: https://www.samtander-individuals.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Mon, 08 Aug 2022 00:14:56 GMT
server: nginx
etag: "62f05580-b630"
x-powered-by: PleskLin
content-type: font/woff2
accept-ranges: bytes
content-length: 46640

GET
H2 200 SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
www.samtander-individuals.com/libraries/ 46 KB
46 KB 35ms
34ms Font
font/woff2 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://www.samtander-individuals.com/libraries/SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8

Request headers

Referer: https://www.samtander-individuals.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Origin: https://www.samtander-individuals.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Mon, 08 Aug 2022 00:15:24 GMT
server: nginx
etag: "62f0559c-b6c4"
x-powered-by: PleskLin
content-type: font/woff2
accept-ranges: bytes
content-length: 46788

GET
H2 200 SantanderTextW05-Bold.a48c0132fe41abde8dbf.woff2
www.samtander-individuals.com/libraries/ 48 KB
48 KB 50ms
49ms Font
font/woff2 95.214.26.221
AS-MATRIXTELECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://www.samtander-individuals.com/libraries/SantanderTextW05-Bold.a48c0132fe41abde8dbf.woff2
Requested by: Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.214.26.221 , Netherlands, ASN216419 (AS-MATRIXTELECOM, GB),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29

Request headers

Referer: https://www.samtander-individuals.com/libraries/styles.2b4ba21e3013d4d0cc68.css
Origin: https://www.samtander-individuals.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:33 GMT
last-modified: Mon, 08 Aug 2022 00:15:24 GMT
server: nginx
etag: "62f0559c-bfb0"
x-powered-by: PleskLin
content-type: font/woff2
accept-ranges: bytes
content-length: 49072

GET
H2 200 SantanderHeadlineW05-Rg.woff2
global.sanbot.sandigital.santander.com/content/assets/fonts/ 46 KB
46 KB 997ms
970ms Font
application/octet-stream 45.223.164.57
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://global.sanbot.sandigital.santander.com/content/assets/fonts/SantanderHeadlineW05-Rg.woff2

Requested by

Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.164.57 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.samtander-individuals.com/
Origin: https://www.samtander-individuals.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:34 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 21 Sep 2023 04:59:24 GMT
x-cdn: Imperva
content-md5: ft7rcrCP+biwNWUUMxpMxA==
etag: "0x8DBBA5F8691C194"
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 87a0bc55-c01e-0031-338e-20a462000000
x-iinfo: 9-10331744-10331748 NNNN CT(11 278 0) RT(1701019893353 99) q(0 0 3 -1) r(9 9) U12
x-incap-sess-cookie-hdr: E+G9Cua9Hhv+u79mIZD4EvaAY2UAAAAAf7f25bWeHFHPP8oPh2jm9w==
x-ms-version: 2018-03-28
accept-ranges: bytes
content-length: 46788

GET
H2 200 SantanderTextW05-Regular.woff2
global.sanbot.sandigital.santander.com/content/assets/fonts/ 46 KB
46 KB 997ms
971ms Font
application/octet-stream 45.223.164.57
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://global.sanbot.sandigital.santander.com/content/assets/fonts/SantanderTextW05-Regular.woff2

Requested by

Host: www.samtander-individuals.com
URL: https://www.samtander-individuals.com/app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.164.57 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.samtander-individuals.com/
Origin: https://www.samtander-individuals.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 17:31:34 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 21 Sep 2023 04:59:24 GMT
x-cdn: Imperva
content-md5: tcgbLFFoTnHPRqxzGGEekA==
etag: "0x8DBBA5F869E91BF"
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: d51cc459-401e-004d-258e-208a9d000000
x-iinfo: 9-10331744-10331751 NNNN CT(9 265 0) RT(1701019893353 106) q(0 0 3 -1) r(9 9) U12
x-incap-sess-cookie-hdr: SHUeTqdjxxT+u79mIZD4EvaAY2UAAAAAF+sV4IjgST9s1JUCTbzvBQ==
x-ms-version: 2018-03-28
accept-ranges: bytes
content-length: 46640

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rolb.santanderbank.com
URL: https://rolb.santanderbank.com/OnlineBanking/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.samtander-individuals.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: i4t0t15293q59b56bm8hml7n9p

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

global.sanbot.sandigital.santander.com
rolb.santanderbank.com
www.samtander-individuals.com
rolb.santanderbank.com
45.223.164.57
95.214.26.221
139d3dbccd39273e5a54ce739881c97defec84da46686636045e6d320ab8b13d
243493557f9376768c43bb06174937c435a3f332c9c6a006306263ec6ac25743
2d495a010c8c1f13b69bdab834640b1896ac0de7dcb8d125b19af50d91071f27
45245d728ae416657a19434010ab049cb89534a946d272b100287c9f95b2dc8e
535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8
63d4e44221cbadea57451110791ca86c7ba695f8de73dd0084251916bce838ed
64105e43a16700f1acef6a731ab0967fcd29210674a967b0ddaa57c8291c6fd8
7985c151ce7d5f67907c31678a8f3b71a94fbd71223732c022bc28ef65248078
a1ca8c9c2dc1d88ee09adccbadbf48b3c031787871be7948c694ef0644d697d4
df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b
e9ee57215c2569dee84dfa4ec97b152f897f9940403049db71c79a29b951e84d
ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29
fa1cb3c1018fd2a175c77b01fceb6bbb6151aca9cb7cc26ec86b0d55c43abe9e

www.samtander-individuals.com Open in urlscan Pro 95.214.26.221 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

94 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

355 kBTransfer

809 kBSize

1 Cookies

20 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

www.samtander-individuals.com Open in urlscan Pro
95.214.26.221 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

355 kB
Transfer

809 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!