blend.vc Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://blend.vc/online/5mjrln2m=/
Submission: On October 22 via automatic, source openphish (October 22nd 2022, 12:09:32 am UTC) — Scanned from NL

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is blend.vc.

This is the only time blend.vc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 9	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	45.223.164.57 45.223.164.57	19551 (INCAPSULA) (INCAPSULA)
11	2

9 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

blend.vc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.223.164.57 (United States)

ASN19551 (INCAPSULA, US)

global.sanbot.sandigital.santander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	blend.vc 1 redirects blend.vc	219 KB
3	santander.com global.sanbot.sandigital.santander.com — Cisco Umbrella Rank: 113149	9 KB
11	2

	Domain	Requested by
9	blend.vc	1 redirects blend.vc
3	global.sanbot.sandigital.santander.com	blend.vc
11	2

This site contains no links.

Subject Issuer	Validity	Valid
sanbot.sandigital.santander.com Entrust Certification Authority - L1K	`2021-12-15` - `2022-12-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://blend.vc/online/5mjrln2m=/
Frame ID: 638277807ADC1AF7C5A4E385B059634F
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Santander Online Banking Login

Page URL History Show full URLs

http://blend.vc/online/5mjrln2m= HTTP 301
http://blend.vc/online/5mjrln2m=/ Page URL

Page Statistics

11
Requests

27 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

227 kB
Transfer

731 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://blend.vc/online/5mjrln2m= HTTP 301
http://blend.vc/online/5mjrln2m=/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
blend.vc/online/5mjrln2m=/
Redirect Chain

http://blend.vc/online/5mjrln2m=
http://blend.vc/online/5mjrln2m=/

173 KB
26 KB

164ms
163ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://blend.vc/online/5mjrln2m=/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

863bd47e7dd9891395d513963b07bd6b3796937bac553ed5d69933949dcbb733

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 75de011f9ffeb6f4-AMS
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Sat, 22 Oct 2022 00:09:28 GMT
Last-Modified: Fri, 21 Oct 2022 03:30:33 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Z7TvTV230qMdGctWdbVsEQ7vKQNmWaU%2FgyE%2BCNSVdH98Eh3Wh%2F1ga%2BXlUK5UT8pj3KRw9dv0Sr4ldgGGBA2XZeH9dlyFTUgCw2m7eXrnJF5dwL0szMFxHTXKvH3BWXzbyQHXQdAMw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: UPDATING
X-Server-Powered-By: Engintron
X-XSS-Protection: 1; mode=block
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 75de011e4ed7b6f4-AMS
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 22 Oct 2022 00:09:28 GMT
Location: http://blend.vc/online/5mjrln2m=/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m7CwO896buKdPos3chaWJea0aweG1lGhgihVa0SP%2BRb3iH1g3XICSkfnsPsRH%2FXBKunDYdhQXC6icKQPisekekttmBYrVDCUZEiXC8YjX0kk4paqFC5%2BJZpXteNSSB0hBMfhamt%2F9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
X-XSS-Protection: 1; mode=block
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK form.js Show response
blend.vc/online/5mjrln2m=/assets/ 2 KB
1 KB 53ms
29ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://blend.vc/online/5mjrln2m=/assets/form.js

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96f2f20d580f0592f733f9c62d8e0554c4108ff666781ed289ec5b025218f0a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://blend.vc/online/5mjrln2m=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Sat, 22 Oct 2022 00:09:28 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Content-Encoding: gzip
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2248
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE
Last-Modified: Fri, 21 Oct 2022 03:30:33 GMT
Server: cloudflare
ETag: W/"3065c6-8cf-5eb8310772701"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pnxNlfmJ36QqcC%2BkovnZLa78%2FeYkf%2BOR4QG0qbwLISaS%2BLUSA34oK2X0mSMVv3Tv5PcbLzwP03hIz3qJ0UC1AIT2JvpRKhIyI3GZsAq7cWc1tD64CPiZUofVqcj%2BWMLYHvxEKmuZSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=2592000
CF-RAY: 75de0120c930b6f4-AMS
Expires: Sun, 20 Nov 2022 05:43:50 GMT

GET
H/1.1 200
OK styles.2b4ba21e3013d4d0cc68.css
blend.vc/online/5mjrln2m=/assets/ 364 KB
43 KB 58ms
35ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://blend.vc/online/5mjrln2m=/assets/styles.2b4ba21e3013d4d0cc68.css

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

531c10ee87b99ff5c2abf5b523c259f9d636f6e3f8ff2accab87ca989dc43469

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://blend.vc/online/5mjrln2m=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Sat, 22 Oct 2022 00:09:28 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Content-Encoding: gzip
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2248
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE
Last-Modified: Fri, 21 Oct 2022 03:30:33 GMT
Server: cloudflare
ETag: W/"306617-5ae13-5eb8310773407"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H0B%2FF6jvGGyH%2FPk6%2B4oa1flbhd97D%2FnkTJs1QONDb6z%2BOLT6sQZhP0XY5imW79lXIqy9r1aOoL8zAAZiAz9MCQwXgKuOVusSO4L%2FnUkKFSf8q1XaUkbjr9peBdJtz9Ueil9efn8KLw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=2592000
CF-RAY: 75de0120cefbb7b4-AMS
Expires: Sun, 20 Nov 2022 05:43:50 GMT

GET
H2 200 minimizeIcon.svg
global.sanbot.sandigital.santander.com/content/assets/img/ 871 B
891 B 129ms
32ms Image
image/svg+xml 45.223.164.57
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://global.sanbot.sandigital.santander.com/content/assets/img/minimizeIcon.svg

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.164.57 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

45245d728ae416657a19434010ab049cb89534a946d272b100287c9f95b2dc8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://blend.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Sat, 22 Oct 2022 00:09:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 06 Oct 2022 05:02:29 GMT
x-cdn: Imperva
etag: "0x8DAA757F7FD9BD4"
content-type: image/svg+xml
x-iinfo: 12-39533201-0 0cNN RT(1666397367870 33) q(0 -1 -1 0) r(0 -1)
content-length: 422

GET
H2 200 closeIcon.svg
global.sanbot.sandigital.santander.com/content/assets/img/ 43 KB
7 KB 125ms
34ms Image
image/svg+xml 45.223.164.57
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://global.sanbot.sandigital.santander.com/content/assets/img/closeIcon.svg

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.164.57 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

243493557f9376768c43bb06174937c435a3f332c9c6a006306263ec6ac25743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://blend.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Sat, 22 Oct 2022 00:09:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 06 Oct 2022 05:02:28 GMT
x-cdn: Imperva
etag: "0x8DAA757F7E9A063"
content-type: image/svg+xml
x-iinfo: 12-39533201-0 0cNN RT(1666397367870 34) q(0 -1 -1 3) r(0 -1)
content-length: 6902

GET
H2 200 AAFF_SANDI_SYMBOL_CMYK.SVG
global.sanbot.sandigital.santander.com/content/assets/img/ 790 B
802 B 148ms
57ms Image
image/svg+xml 45.223.164.57
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://global.sanbot.sandigital.santander.com/content/assets/img/AAFF_SANDI_SYMBOL_CMYK.SVG

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.223.164.57 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

64105e43a16700f1acef6a731ab0967fcd29210674a967b0ddaa57c8291c6fd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://blend.vc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Sat, 22 Oct 2022 00:09:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 06 Oct 2022 05:02:28 GMT
x-cdn: Imperva
etag: "0x8DAA757F7EDE5CC"
content-type: image/svg+xml
x-iinfo: 12-39533201-0 0cNN RT(1666397367870 37) q(0 -1 -1 1) r(0 -1)
content-length: 427

GET
H/1.1 200
OK FA_SANTANDER_PVR_POS_RGB.6b6950e7c85225731399.svg
blend.vc/online/5mjrln2m=/assets/ 7 KB
4 KB 36ms
36ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://blend.vc/online/5mjrln2m=/assets/FA_SANTANDER_PVR_POS_RGB.6b6950e7c85225731399.svg

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

139d3dbccd39273e5a54ce739881c97defec84da46686636045e6d320ab8b13d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://blend.vc/online/5mjrln2m=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Sat, 22 Oct 2022 00:09:28 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Content-Encoding: gzip
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2248
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE
Last-Modified: Fri, 21 Oct 2022 03:30:33 GMT
Server: cloudflare
ETag: W/"30661e-1b4f-5eb8310773407"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yqv9U3vey3risFYZxsS4k%2BsGrWE2BoxnFvgDEAPupJGFv1pR8oLv90bovpG50JQ7iZBwikNLT%2F6XFh79FO1zR3WrFs6zhy6tTgT35HY7Zjtmq2mmBLgPrb761GHa7UdAYwaqb2ZAlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/svg+xml
Cache-Control: max-age=5184000
CF-RAY: 75de01211f3cb7b4-AMS
Expires: Tue, 20 Dec 2022 05:43:50 GMT

GET
H/1.1 200
OK visibility_off.547778c9d6dc60e860a7.svg
blend.vc/online/5mjrln2m=/assets/ 2 KB
2 KB 32ms
32ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://blend.vc/online/5mjrln2m=/assets/visibility_off.547778c9d6dc60e860a7.svg

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

798300a792c7011205779d9c45ec37fa26b002e9df6a01d4df11c181fa73c76d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://blend.vc/online/5mjrln2m=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Sat, 22 Oct 2022 00:09:28 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Content-Encoding: gzip
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2248
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE
Last-Modified: Fri, 21 Oct 2022 03:30:33 GMT
Server: cloudflare
ETag: W/"306613-645-5eb8310772701"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w3Z3wFCxNGORdtsbLEYYQsuha3%2BzO7qzvixpUry83qEpEAE1blZQSSps%2BmYwwSfnm4TZP%2F%2BhBG20%2FxgV9hHdm4UCdHjcl0aeudu7LrY3syPKN%2Buk48YOUhlaig2P7Bv1QkXF2Agd1A%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/svg+xml
Cache-Control: max-age=5184000
CF-RAY: 75de01211977b6f4-AMS
Expires: Tue, 20 Dec 2022 05:43:50 GMT

GET
H/1.1 200
OK SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2
blend.vc/online/5mjrln2m=/assets/fonts/ 46 KB
46 KB 226ms
225ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://blend.vc/online/5mjrln2m=/assets/fonts/SantanderTextW05-Regular.1072cb3109609b6f65eb.woff2

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://blend.vc/online/5mjrln2m=/
Origin: http://blend.vc
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Sat, 22 Oct 2022 00:09:28 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 46640
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE
Last-Modified: Fri, 21 Oct 2022 03:30:33 GMT
Server: cloudflare
ETag: "30660c-b630-5eb8310772701"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UdAL8lJRyDbHzIsEGW%2FN72FKzp1TgVSIZyWBpNWj3hZkk%2BGsdHPjUG32IKdNJiv%2BgBKM3QkS%2BL2%2B6v%2FsHRarfBd40k2HChsJN7aNy%2B11BPdAsQzXt%2FU82hp21niSdctiFbJ2qdm6ng%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Cache-Control: max-age=5184000
Accept-Ranges: bytes
CF-RAY: 75de012119e2b93e-AMS
Expires: Tue, 20 Dec 2022 07:03:45 GMT

GET
H/1.1 200
OK SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2
blend.vc/online/5mjrln2m=/assets/fonts/ 46 KB
47 KB 59ms
35ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://blend.vc/online/5mjrln2m=/assets/fonts/SantanderHeadlineW05-Rg.86809b022ec12f4a9332.woff2

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://blend.vc/online/5mjrln2m=/
Origin: http://blend.vc
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Sat, 22 Oct 2022 00:09:28 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2248
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 46788
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE
Last-Modified: Fri, 21 Oct 2022 03:30:33 GMT
Server: cloudflare
ETag: "30660f-b6c4-5eb8310772701"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bYby7JERcd7tFPeT5Ccn37wChj1qfcl7pkBNwmpSnDNtdmGtGnw2EvQVWjCIlpUfz1Q91ElhzdT2CKsRiFFwQWMoA1Wdf9m8CnN%2FNhsJ%2FAQt9m%2Bgf18LaY1Ay4L5OUUhinNGz3nysw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Cache-Control: max-age=5184000
Accept-Ranges: bytes
CF-RAY: 75de01213c79b914-AMS
Expires: Tue, 20 Dec 2022 07:03:45 GMT

GET
H/1.1 200
OK SantanderTextW05-Bold.a48c0132fe41abde8dbf.woff2
blend.vc/online/5mjrln2m=/assets/fonts/ 48 KB
49 KB 60ms
36ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://blend.vc/online/5mjrln2m=/assets/fonts/SantanderTextW05-Bold.a48c0132fe41abde8dbf.woff2

Requested by

Host: blend.vc
URL: http://blend.vc/online/5mjrln2m=/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://blend.vc/online/5mjrln2m=/
Origin: http://blend.vc
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Sat, 22 Oct 2022 00:09:28 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2248
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 49072
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE
Last-Modified: Fri, 21 Oct 2022 03:30:33 GMT
Server: cloudflare
ETag: "306610-bfb0-5eb8310772701"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4oadTlFqan1k1vA0q6rr3K4WLOJgyyYR1Kco5r9eIq7u2zSC9xUKRpVo1wWBE6AJZWrBcCwH4mYPLfqxxb23gO6HhI7N%2FaW%2BI8DGFPwOaVfFKfaf0JASKgGYNIwxOZrnl0oPqwRokw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Cache-Control: max-age=5184000
Accept-Ranges: bytes
CF-RAY: 75de01213d99b93c-AMS
Expires: Tue, 20 Dec 2022 07:03:45 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sanbot.sandigital.santander.com/	1970-01-20 15:38:46	Name: visid_incap_2704037 Value: KwFMx+GQSW2ph9F3+aO7mrc0U2MAAAAAQUIPAAAAAAArJY+bwrQJbJWs3JSpDwys
			.sanbot.sandigital.santander.com/	1969-12-31 23:59:59	Name: incap_ses_730_2704037 Value: ZuyTBhI8rWd8zggl43shCrc0U2MAAAAAyu+ZGKNUv/IhuPC1yTI9NA==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blend.vc
global.sanbot.sandigital.santander.com
2a06:98c1:3120::3
45.223.164.57
139d3dbccd39273e5a54ce739881c97defec84da46686636045e6d320ab8b13d
243493557f9376768c43bb06174937c435a3f332c9c6a006306263ec6ac25743
45245d728ae416657a19434010ab049cb89534a946d272b100287c9f95b2dc8e
531c10ee87b99ff5c2abf5b523c259f9d636f6e3f8ff2accab87ca989dc43469
535c47209ecf005f74929ba3bd50b107a702bead1f165b856e002165a1a56ba8
64105e43a16700f1acef6a731ab0967fcd29210674a967b0ddaa57c8291c6fd8
798300a792c7011205779d9c45ec37fa26b002e9df6a01d4df11c181fa73c76d
863bd47e7dd9891395d513963b07bd6b3796937bac553ed5d69933949dcbb733
96f2f20d580f0592f733f9c62d8e0554c4108ff666781ed289ec5b025218f0a0
df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b
ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29

blend.vc Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

27 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

227 kBTransfer

731 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

blend.vc Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

27 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

227 kB
Transfer

731 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!