recuperacionessantander.mailing.continuapro.com Open in urlscan Pro
144.217.158.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://recuperacionessantander.mailing.continuapro.com/
Effective URL:
https://recuperacionessantander.mailing.continuapro.com/signin
Submission: On April 16 via manual (April 16th 2024, 11:12:33 am UTC) from ES — Scanned from CA

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 144.217.158.30, located in Beauharnois, Canada and belongs to OVH, FR. The main domain is recuperacionessantander.mailing.continuapro.com.
TLS certificate: Issued by R3 on March 19th 2024. Valid for: 3 months.

This is the only time recuperacionessantander.mailing.continuapro.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 10	144.217.158.30 144.217.158.30	16276 (OVH) (OVH)
2	2400:52e0:1a0... 2400:52e0:1a00::1067:1	200325 (BUNNYCDN) (BUNNYCDN)
11	2

10 144.217.158.30 (Beauharnois, Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ip30.ip-144-217-158.net

recuperacionessantander.mailing.continuapro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mailing.continuapro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1a00::1067:1 (Chicago, United States)

ASN200325 (BUNNYCDN, SI)

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	continuapro.com 1 redirects recuperacionessantander.mailing.continuapro.com mailing.continuapro.com	52 KB
2	plausible.io plausible.io — Cisco Umbrella Rank: 9732	2 KB
11	2

	Domain	Requested by
5	mailing.continuapro.com	recuperacionessantander.mailing.continuapro.com mailing.continuapro.com
5	recuperacionessantander.mailing.continuapro.com	1 redirects recuperacionessantander.mailing.continuapro.com
2	plausible.io	recuperacionessantander.mailing.continuapro.com plausible.io
11	3

This site contains no links.

Subject Issuer	Validity	Valid
uiv3.wbsrvcx.com R3	`2024-03-19` - `2024-06-17`	3 months	crt.sh
mailing.continuapro.com R3	`2024-02-25` - `2024-05-25`	3 months	crt.sh
plausible.io R3	`2024-03-10` - `2024-06-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://recuperacionessantander.mailing.continuapro.com/signin
Frame ID: 58400C6F0FB819303ACB9B830C207430
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar Sesión - Santander Recuperaciones

Page URL History Show full URLs

http://recuperacionessantander.mailing.continuapro.com/ HTTP 307
https://recuperacionessantander.mailing.continuapro.com/ HTTP 302
https://recuperacionessantander.mailing.continuapro.com/signin Page URL

Page Statistics

11
Requests

64 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

54 kB
Transfer

823 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://recuperacionessantander.mailing.continuapro.com/ HTTP 307
https://recuperacionessantander.mailing.continuapro.com/ HTTP 302
https://recuperacionessantander.mailing.continuapro.com/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request signin Show response
recuperacionessantander.mailing.continuapro.com/
Redirect Chain

http://recuperacionessantander.mailing.continuapro.com/
https://recuperacionessantander.mailing.continuapro.com/
https://recuperacionessantander.mailing.continuapro.com/signin

9 KB
3 KB

1042ms
756ms

Document
text/html

144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://recuperacionessantander.mailing.continuapro.com/signin

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip30.ip-144-217-158.net

Software

nginx /

Resource Hash

e277b5dd99eb395a1dd217a355b8011e0642827ed4f54b6290f03e69d71653e3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Cache-Control: no-cache, must-revalidate
Connection: close
Content-Encoding: gzip
Content-Length: 3233
Content-Security-Policy: frame-ancestors 'self'
Content-Type: text/html
Date: Tue, 16 Apr 2024 11:12:28 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Server: nginx
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

Redirect headers

Cache-Control: no-cache, must-revalidate
Connection: close
Content-Length: 0
Content-Security-Policy: frame-ancestors 'self'
Content-Type: text/html
Date: Tue, 16 Apr 2024 11:12:27 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
location: /signin

GET
H/1.1 200
OK f9073b543b0fbb03266d9222445c88d9.css
mailing.continuapro.com/assets/3.57.53/0/ 107 KB
19 KB 447ms
132ms Stylesheet
text/css 144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://mailing.continuapro.com/assets/3.57.53/0/f9073b543b0fbb03266d9222445c88d9.css

Requested by

Host: recuperacionessantander.mailing.continuapro.com
URL: https://recuperacionessantander.mailing.continuapro.com/signin

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip30.ip-144-217-158.net

Software

nginx /

Resource Hash

a68a039f1994856d03a41a65c16bfe7d03549d4d31f6bc1b8c2b2473f9842337

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://recuperacionessantander.mailing.continuapro.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: public
Date: Tue, 16 Apr 2024 11:12:28 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: gzip
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: maxage=2592000
Connection: close
Content-Length: 18686
Expires: Thu, 16 May 2024 11:12:28 GMT

GET
H/1.1 200
OK 1f511e59bb92531869de169df30712d7.css
mailing.continuapro.com/assets/3.57.53/0/ 19 KB
5 KB 444ms
129ms Stylesheet
text/css 144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://mailing.continuapro.com/assets/3.57.53/0/1f511e59bb92531869de169df30712d7.css

Requested by

Host: recuperacionessantander.mailing.continuapro.com
URL: https://recuperacionessantander.mailing.continuapro.com/signin

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip30.ip-144-217-158.net

Software

nginx /

Resource Hash

e0e07b52654b744c16d1f0f62ee00b42554cd31b50cc752e1933e038936cc3e5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://recuperacionessantander.mailing.continuapro.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: public
Date: Tue, 16 Apr 2024 11:12:28 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: gzip
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: maxage=2592000
Connection: close
Content-Length: 4305
Expires: Thu, 16 May 2024 11:12:28 GMT

GET
H/1.1 200
OK c5b45cd487bb9c8a251364e1c30e6c62.js
mailing.continuapro.com/assets/3.57.53/0/ 654 KB
0 455ms
129ms Script
application/javascript 144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://mailing.continuapro.com/assets/3.57.53/0/c5b45cd487bb9c8a251364e1c30e6c62.js

Requested by

Host: recuperacionessantander.mailing.continuapro.com
URL: https://recuperacionessantander.mailing.continuapro.com/signin

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip30.ip-144-217-158.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://recuperacionessantander.mailing.continuapro.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: public
Date: Tue, 16 Apr 2024 11:12:28 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Vary: Accept-Encoding
Cache-Control: maxage=2592000
Connection: close
Expires: Thu, 16 May 2024 11:12:28 GMT

GET
H/1.1 200
OK 9b802b3025813a941c9080a664805a36.js Show response
mailing.continuapro.com/assets/3.57.53/0/ 18 KB
9 KB 439ms
116ms Script
application/javascript 144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://mailing.continuapro.com/assets/3.57.53/0/9b802b3025813a941c9080a664805a36.js

Requested by

Host: recuperacionessantander.mailing.continuapro.com
URL: https://recuperacionessantander.mailing.continuapro.com/signin

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

ip30.ip-144-217-158.net

Software

nginx /

Resource Hash

cf1d7aa643c869edb4502b72e9b1a3e7c297d9f6871697e1782b98a1a331ea6e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://recuperacionessantander.mailing.continuapro.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: public
Date: Tue, 16 Apr 2024 11:12:28 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: gzip
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: maxage=2592000
Connection: close
Content-Length: 9001
Expires: Thu, 16 May 2024 11:12:28 GMT

GET
H/1.1 200
OK logo.png
recuperacionessantander.mailing.continuapro.com/clients/376976_90a3e4356/images/ 14 KB
14 KB 451ms
146ms Image
image/png 144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://recuperacionessantander.mailing.continuapro.com/clients/376976_90a3e4356/images/logo.png
Requested by: Host: recuperacionessantander.mailing.continuapro.com
URL: https://recuperacionessantander.mailing.continuapro.com/signin
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip30.ip-144-217-158.net
Software: nginx /
Resource Hash: 9617cb487d08f384ad5e232cc707e91c37309c9b34f5b19eac683d3d054dccb9

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://recuperacionessantander.mailing.continuapro.com/signin
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 16 Apr 2024 11:12:28 GMT
Last-Modified: Wed, 22 Jun 2016 21:24:37 GMT
Server: nginx
ETag: "37e3-535e49084ef40"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 14307

GET
H/1.1 200
OK pixel.gif
recuperacionessantander.mailing.continuapro.com/images/ 1 KB
1 KB 371ms
87ms Image
image/gif 144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://recuperacionessantander.mailing.continuapro.com/images/pixel.gif
Requested by: Host: recuperacionessantander.mailing.continuapro.com
URL: https://recuperacionessantander.mailing.continuapro.com/signin
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip30.ip-144-217-158.net
Software: nginx /
Resource Hash: 59ce799654fc30edd58f3712f16dc856957677531da56ef9c70cbab41f2e7d7d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://recuperacionessantander.mailing.continuapro.com/signin
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 16 Apr 2024 11:12:28 GMT
Last-Modified: Sat, 06 Apr 2024 03:39:27 GMT
Server: nginx
ETag: "447-6156551b599c0"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 1095

GET
H2 200 script.js Show response
plausible.io/js/ 1 KB
1 KB 539ms
103ms Script
application/javascript 2400:52e0:1a00::1067:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.io/js/script.js

Requested by

Host: recuperacionessantander.mailing.continuapro.com
URL: https://recuperacionessantander.mailing.continuapro.com/signin

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1a00::1067:1 Chicago, United States, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-IL1-1067 /

Resource Hash

021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://recuperacionessantander.mailing.continuapro.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 16 Apr 2024 11:12:29 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 845
cdn-cachedat: 04/16/2024 08:34:12
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.1.5
alt-svc: h3=":443"; ma=2592000
server: BunnyCDN-IL1-1067
cdn-proxyver: 1.04
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, must-revalidate, max-age=86400
permissions-policy: interest-cohort=()
cdn-requestid: 376f00faa851e288d8e2b4bde965eac6
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 200
OK bg_input.gif
mailing.continuapro.com/images/ 60 B
289 B 415ms
96ms Image
image/gif 144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mailing.continuapro.com/images/bg_input.gif
Requested by: Host: mailing.continuapro.com
URL: https://mailing.continuapro.com/assets/3.57.53/0/f9073b543b0fbb03266d9222445c88d9.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip30.ip-144-217-158.net
Software: nginx /
Resource Hash: c4098126440719ee7a7eba6dcd7f67d84601ed55cc1b079d74d52f762e37f628

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://mailing.continuapro.com/assets/3.57.53/0/f9073b543b0fbb03266d9222445c88d9.css
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 16 Apr 2024 11:12:29 GMT
Last-Modified: Sat, 06 Apr 2024 03:39:27 GMT
Server: nginx
ETag: "3c-6156551b599c0"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 60

POST
H2 202 event Show response
plausible.io/api/ 2 B
519 B 667ms
250ms XHR
text/plain 2400:52e0:1a00::1067:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a00::1067:1 Chicago, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-IL1-1067 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://recuperacionessantander.mailing.continuapro.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Apr 2024 11:12:29 GMT
cdn-edgestorageid: 1067
cdn-cachedat: 04/16/2024 11:12:29
cdn-pullzone: 682664
application: 10.0.1.5
alt-svc: h3=":443"; ma=2592000
content-length: 2
x-request-id: F8a-TdXihOgwDB0E42Oj
server: BunnyCDN-IL1-1067
cdn-proxyver: 1.04
cdn-requestpullcode: 202
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
x-plausible-dropped: 1
cdn-requestid: 3f1210aae720782f8c9256835982094d
cdn-requestcountrycode: CA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK favicon.ico
recuperacionessantander.mailing.continuapro.com/ 198 B
443 B 360ms
94ms Other
image/vnd.microsoft.icon 144.217.158.30
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://recuperacionessantander.mailing.continuapro.com/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.217.158.30 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ip30.ip-144-217-158.net
Software: nginx /
Resource Hash: e7f556737034e1f62f52cae62a87cfb2b8b4ce81cafc6ac89cf5a094c8c38d23

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://recuperacionessantander.mailing.continuapro.com/signin
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 16 Apr 2024 11:12:29 GMT
Last-Modified: Sat, 06 Apr 2024 03:39:27 GMT
Server: nginx
ETag: "c6-6156551b599c0"
Content-Type: image/vnd.microsoft.icon
Connection: close
Accept-Ranges: bytes
Content-Length: 198

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on April 16th 2024, 11:13:04 am UTC — From Spain

Threats: Potentially Harmful Application Social Engineering Brand Impersonation
Brands: Santander ES
Comment: Phishing site against banco Santander

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mailing.continuapro.com/assets/3.57.53/0/c5b45cd487bb9c8a251364e1c30e6c62.js Message: Failed to load resource: net::ERR_INCOMPLETE_CHUNKED_ENCODING
recommendation	verbose	URL: https://recuperacionessantander.mailing.continuapro.com/signin Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mailing.continuapro.com
plausible.io
recuperacionessantander.mailing.continuapro.com
144.217.158.30
2400:52e0:1a00::1067:1
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
59ce799654fc30edd58f3712f16dc856957677531da56ef9c70cbab41f2e7d7d
9617cb487d08f384ad5e232cc707e91c37309c9b34f5b19eac683d3d054dccb9
a68a039f1994856d03a41a65c16bfe7d03549d4d31f6bc1b8c2b2473f9842337
c4098126440719ee7a7eba6dcd7f67d84601ed55cc1b079d74d52f762e37f628
cf1d7aa643c869edb4502b72e9b1a3e7c297d9f6871697e1782b98a1a331ea6e
e0e07b52654b744c16d1f0f62ee00b42554cd31b50cc752e1933e038936cc3e5
e277b5dd99eb395a1dd217a355b8011e0642827ed4f54b6290f03e69d71653e3
e7f556737034e1f62f52cae62a87cfb2b8b4ce81cafc6ac89cf5a094c8c38d23

recuperacionessantander.mailing.continuapro.com Open in urlscan Pro 144.217.158.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

64 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

54 kBTransfer

823 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on April 16th 2024, 11:13:04 am UTC — From Spain

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

8 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

recuperacionessantander.mailing.continuapro.com Open in urlscan Pro
144.217.158.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

64 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

54 kB
Transfer

823 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Malicious page.url
Submitted on April 16th 2024, 11:13:04 am UTC — From Spain

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!