urlscan.io logo urlscan.io
SecurityTrails logo

santanderios.com.swtest.ru Open in urlscan Pro
77.222.40.224  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://umu.link/SAN28
Effective URL: http://santanderios.com.swtest.ru/es/es/login.php
Submission: On October 01 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 77.222.40.224, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is santanderios.com.swtest.ru.
This is the only time santanderios.com.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

IP Address AS Autonomous System
1 3 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 12 77.222.40.224 44112 (SWEB-AS)
12 3
Apex Domain
Subdomains		 Transfer
12 swtest.ru
santanderios.com.swtest.ru
773 KB
3 umu.link
umu.link
2 KB
1 cloudflare.com
www.cloudflare.com — Cisco Umbrella Rank: 6760
463 B
12 3
Domain Requested by
12 santanderios.com.swtest.ru 3 redirects umu.link
santanderios.com.swtest.ru
3 umu.link 1 redirects umu.link
1 www.cloudflare.com umu.link
12 3

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-07-09 -
2023-07-09		 a year crt.sh
www.cloudflare.com
Cloudflare Inc ECC CA-3		 2022-09-27 -
2023-09-26		 a year crt.sh

This page contains 1 frames:

Primary Page: http://santanderios.com.swtest.ru/es/es/login.php
Frame ID: 09710253F28D4C93552AAA0C5CA11AA3
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Santander

Page URL History Show full URLs

  1. https://umu.link/SAN28 Page URL
  2. https://umu.link/SAN28 HTTP 302
    http://santanderios.com.swtest.ru/es HTTP 301
    http://santanderios.com.swtest.ru/es/ HTTP 302
    http://santanderios.com.swtest.ru/es/es/index.php HTTP 302
    http://santanderios.com.swtest.ru/es/es/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

12
Requests

25 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

774 kB
Transfer

874 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://umu.link/SAN28 Page URL
  2. https://umu.link/SAN28 HTTP 302
    http://santanderios.com.swtest.ru/es HTTP 301
    http://santanderios.com.swtest.ru/es/ HTTP 302
    http://santanderios.com.swtest.ru/es/es/index.php HTTP 302
    http://santanderios.com.swtest.ru/es/es/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
SAN28
umu.link/ 		921 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://umu.link/SAN28
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:d11a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
4d6c84d35c9ff21851bbcd030358537d420f0529c7895bc4d6e21ea71af78f22

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
es-ES,es;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache,no-store
cf-cache-status
DYNAMIC
cf-ray
753608c64f420696-LHR
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 01 Oct 2022 14:54:34 GMT
expires
-1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpHOfAtaRYlxpsPg40%2F8tAM7f2NW3bA%2B%2B7EGP1oj43NRzdI4rCo9OWRul9AMKLUWJKRK1g%2FVFJLyETqv2iyq%2FXCQZo9zMduikdGqu3jHwJB9st%2BFq1M38GoD1jFNeRX1Zk%2F5pRgmrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
ASP.NET
trace
www.cloudflare.com/cdn-cgi/ 		332 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.cloudflare.com/cdn-cgi/trace
Requested by
Host: umu.link
URL: https://umu.link/SAN28
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7b60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3da0aa4d5c26eb743d3a312868fa909ee52fc5d3ff11eecb5fbb28322ed7cb31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://umu.link/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Sat, 01 Oct 2022 14:54:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
x-frame-options
DENY
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache
cf-ray
753608c8ad478672-MAD
expires
Thu, 01 Jan 1970 00:00:01 GMT
2001:ac8:23:59::5e
umu.link/ip/ 		0
267 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://umu.link/ip/2001:ac8:23:59::5e
Requested by
Host: umu.link
URL: https://umu.link/SAN28
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:d11a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://umu.link/SAN28
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Sat, 01 Oct 2022 14:54:34 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
ASP.NET
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wi5Y6xI%2BXRHVqct51vyHNhEktQZlegJu9xCxVafGZND0Vr4TKtvQXXBKwt0SFp4mhpaVWLbjqWMSJD51L3%2B2vPRScjMYwMLW1mFj%2B4ORQD8Rc%2B%2FqcQmhADZGT1csYB6uDqhJqXk6sQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
753608c8fb880696-LHR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Primary Request login.php
santanderios.com.swtest.ru/es/es/
Redirect Chain
  • https://umu.link/SAN28
  • http://santanderios.com.swtest.ru/es
  • http://santanderios.com.swtest.ru/es/
  • http://santanderios.com.swtest.ru/es/es/index.php
  • http://santanderios.com.swtest.ru/es/es/login.php
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://santanderios.com.swtest.ru/es/es/login.php
Requested by
Host: umu.link
URL: https://umu.link/SAN28
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 / PHP/7.1.33
Resource Hash
6a0a709a7dc4d1ec3f661f043d3c25e35aa87f342757fa7cc3e460196b064339

Request headers

Referer
https://umu.link/SAN28
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
es-ES,es;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 01 Oct 2022 14:54:36 GMT
Keep-Alive
timeout=10
Server
nginx/1.19.1
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
PHP/7.1.33

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sat, 01 Oct 2022 14:54:35 GMT
Keep-Alive
timeout=10
Server
nginx/1.19.1
X-Powered-By
PHP/7.1.33
location
login.php
style.css
santanderios.com.swtest.ru/es/es/res/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://santanderios.com.swtest.ru/es/es/res/style.css
Requested by
Host: santanderios.com.swtest.ru
URL: http://santanderios.com.swtest.ru/es/es/login.php
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 /
Resource Hash
f55926677dba43d2dd3bfd20801b481a7cfc4da17dd9d94de268007cbb4e0757

Request headers

accept-language
es-ES,es;q=0.9
Referer
http://santanderios.com.swtest.ru/es/es/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Sat, 01 Oct 2022 14:54:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 May 2022 21:27:08 GMT
Server
nginx/1.19.1
ETag
W/"52c61f8-b9f-5deaefca68300"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Keep-Alive
timeout=10
jq.js
santanderios.com.swtest.ru/es/es/res/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://santanderios.com.swtest.ru/es/es/res/jq.js
Requested by
Host: santanderios.com.swtest.ru
URL: http://santanderios.com.swtest.ru/es/es/login.php
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 /
Resource Hash
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Request headers

accept-language
es-ES,es;q=0.9
Referer
http://santanderios.com.swtest.ru/es/es/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Sat, 01 Oct 2022 14:54:36 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Oct 2021 19:17:54 GMT
Server
nginx/1.19.1
ETag
W/"52c61fe-15d9d-5cf5a736bbc80"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Keep-Alive
timeout=10
logo.svg
santanderios.com.swtest.ru/es/es/res/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://santanderios.com.swtest.ru/es/es/res/logo.svg
Requested by
Host: santanderios.com.swtest.ru
URL: http://santanderios.com.swtest.ru/es/es/login.php
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 /
Resource Hash
355e6be0b9b189e354f5602a2b9af2538cf5203d852fd14ef5fc15150fb769ea

Request headers

accept-language
es-ES,es;q=0.9
Referer
http://santanderios.com.swtest.ru/es/es/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Sat, 01 Oct 2022 14:54:36 GMT
Content-Encoding
gzip
Last-Modified
Sat, 20 Nov 2021 04:15:28 GMT
Server
nginx/1.19.1
ETag
W/"52c61ff-1041-5d130a4425800"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive
Keep-Alive
timeout=10
error.png
santanderios.com.swtest.ru/es/es/res/ 		661 B
936 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://santanderios.com.swtest.ru/es/es/res/error.png
Requested by
Host: santanderios.com.swtest.ru
URL: http://santanderios.com.swtest.ru/es/es/login.php
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 /
Resource Hash
e6cdb965d80eb928a1914c5d5af2a57a9802b95d94b0e25b563bed97438c8130

Request headers

accept-language
es-ES,es;q=0.9
Referer
http://santanderios.com.swtest.ru/es/es/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Sat, 01 Oct 2022 14:54:36 GMT
Last-Modified
Sat, 20 Nov 2021 04:16:46 GMT
Server
nginx/1.19.1
ETag
"52c61f7-295-5d130a8e88780"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=10
Content-Length
661
spy.php
santanderios.com.swtest.ru/es/es/ 		0
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://santanderios.com.swtest.ru/es/es/spy.php
Requested by
Host: santanderios.com.swtest.ru
URL: http://santanderios.com.swtest.ru/es/es/res/jq.js
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 / PHP/7.1.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*/*
Referer
http://santanderios.com.swtest.ru/es/es/login.php
X-Requested-With
XMLHttpRequest
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Sat, 01 Oct 2022 14:54:36 GMT
Server
nginx/1.19.1
Connection
keep-alive
Keep-Alive
timeout=10
Content-Length
0
X-Powered-By
PHP/7.1.33
Content-Type
text/html; charset=UTF-8
back1.jpg
santanderios.com.swtest.ru/es/es/res/ 		643 KB
643 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://santanderios.com.swtest.ru/es/es/res/back1.jpg
Requested by
Host: santanderios.com.swtest.ru
URL: http://santanderios.com.swtest.ru/es/es/login.php
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 /
Resource Hash
63c8882207a7f3e1ee6e8bc517102398d5441cba428fabbd2cdb578e63551862

Request headers

accept-language
es-ES,es;q=0.9
Referer
http://santanderios.com.swtest.ru/es/es/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Sat, 01 Oct 2022 14:54:36 GMT
Last-Modified
Sat, 20 Nov 2021 04:11:26 GMT
Server
nginx/1.19.1
ETag
"52c61f4-a0a02-5d13095d5b780"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=10
Content-Length
657922
normal.woff
santanderios.com.swtest.ru/es/es/res/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://santanderios.com.swtest.ru/es/es/res/normal.woff
Requested by
Host: santanderios.com.swtest.ru
URL: http://santanderios.com.swtest.ru/es/es/res/style.css
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 /
Resource Hash
f29405e6df61f5768654ba2ad710193b67d0ba73467a8d3f4abbf8ee6acb6c83

Request headers

Referer
http://santanderios.com.swtest.ru/es/es/res/style.css
Origin
http://santanderios.com.swtest.ru
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Sat, 01 Oct 2022 14:54:36 GMT
Content-Encoding
gzip
Last-Modified
Sat, 20 Nov 2021 04:03:36 GMT
Server
nginx/1.19.1
ETag
W/"52c61ee-b7ac-5d13079d21600"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-font-woff
Connection
keep-alive
Keep-Alive
timeout=10
bold.ttf
santanderios.com.swtest.ru/es/es/res/ 		86 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://santanderios.com.swtest.ru/es/es/res/bold.ttf
Requested by
Host: santanderios.com.swtest.ru
URL: http://santanderios.com.swtest.ru/es/es/res/style.css
Protocol
HTTP/1.1
Server
77.222.40.224 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh293.sweb.ru
Software
nginx/1.19.1 /
Resource Hash
cd57aa97a80404ccc058c7518b865c04b54ec60f09d21f5ed0a41aa4791f5ea5

Request headers

Referer
http://santanderios.com.swtest.ru/es/es/res/style.css
Origin
http://santanderios.com.swtest.ru
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Sat, 01 Oct 2022 14:54:36 GMT
Content-Encoding
gzip
Last-Modified
Sat, 20 Nov 2021 03:44:04 GMT
Server
nginx/1.19.1
ETag
W/"52c61fc-15998-5d13033f6c900"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-font-ttf
Connection
keep-alive
Keep-Alive
timeout=10

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery function| putType function| login boolean| abort

1 Cookies

Domain/Path Name / Value
umu.link/ Name: .umuly
Value: CfDJ8CgJ21ViNghKqjc0CMHihvxFzuRoFeS2xy%2Bu2MMGi0cmdm5Y27WsQn8KcwhgRLg8T6b6jvaEgQh2%2FyiGm%2F5Capq32WGWlUHnG7Bu4sPwDZCl1kqpFx3GTbOHF48FFJzpbAL0yj1KqrXq%2BK8k2qCKy8EZ5nUkATyxmKQsz4TBmjHb