recuperacionessantander.mailing.continuapro.com
Open in
urlscan Pro
144.217.158.30
Malicious Activity!
Public Scan
Effective URL: https://recuperacionessantander.mailing.continuapro.com/signin
Submission: On April 16 via manual from ES — Scanned from CA
Summary
TLS certificate: Issued by R3 on March 19th 2024. Valid for: 3 months.
This is the only time recuperacionessantander.mailing.continuapro.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 144.217.158.30 144.217.158.30 | 16276 (OVH) (OVH) | |
2 | 2400:52e0:1a0... 2400:52e0:1a00::1067:1 | 200325 (BUNNYCDN) (BUNNYCDN) | |
11 | 2 |
ASN16276 (OVH, FR)
PTR: ip30.ip-144-217-158.net
recuperacionessantander.mailing.continuapro.com | |
mailing.continuapro.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
continuapro.com
1 redirects
recuperacionessantander.mailing.continuapro.com mailing.continuapro.com |
52 KB |
2 |
plausible.io
plausible.io — Cisco Umbrella Rank: 9732 |
2 KB |
11 | 2 |
Domain | Requested by | |
---|---|---|
5 | mailing.continuapro.com |
recuperacionessantander.mailing.continuapro.com
mailing.continuapro.com |
5 | recuperacionessantander.mailing.continuapro.com |
1 redirects
recuperacionessantander.mailing.continuapro.com
|
2 | plausible.io |
recuperacionessantander.mailing.continuapro.com
plausible.io |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
uiv3.wbsrvcx.com R3 |
2024-03-19 - 2024-06-17 |
3 months | crt.sh |
mailing.continuapro.com R3 |
2024-02-25 - 2024-05-25 |
3 months | crt.sh |
plausible.io R3 |
2024-03-10 - 2024-06-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://recuperacionessantander.mailing.continuapro.com/signin
Frame ID: 58400C6F0FB819303ACB9B830C207430
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Iniciar SesiĆ³n - Santander RecuperacionesPage URL History Show full URLs
-
http://recuperacionessantander.mailing.continuapro.com/
HTTP 307
https://recuperacionessantander.mailing.continuapro.com/ HTTP 302
https://recuperacionessantander.mailing.continuapro.com/signin Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://recuperacionessantander.mailing.continuapro.com/
HTTP 307
https://recuperacionessantander.mailing.continuapro.com/ HTTP 302
https://recuperacionessantander.mailing.continuapro.com/signin Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
signin
recuperacionessantander.mailing.continuapro.com/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f9073b543b0fbb03266d9222445c88d9.css
mailing.continuapro.com/assets/3.57.53/0/ |
107 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1f511e59bb92531869de169df30712d7.css
mailing.continuapro.com/assets/3.57.53/0/ |
19 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c5b45cd487bb9c8a251364e1c30e6c62.js
mailing.continuapro.com/assets/3.57.53/0/ |
654 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9b802b3025813a941c9080a664805a36.js
mailing.continuapro.com/assets/3.57.53/0/ |
18 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
recuperacionessantander.mailing.continuapro.com/clients/376976_90a3e4356/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pixel.gif
recuperacionessantander.mailing.continuapro.com/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
plausible.io/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_input.gif
mailing.continuapro.com/images/ |
60 B 289 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
event
plausible.io/api/ |
2 B 519 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
recuperacionessantander.mailing.continuapro.com/ |
198 B 443 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
April 16th 2024, 11:13:04 am
UTC —
From Spain
Threats:
Potentially Harmful Application
Social Engineering
Brand Impersonation
Brands:
Santander
ES
Comment: Phishing site against banco Santander
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| mailapp string| CurrentLocale string| CKEDITOR_BASEPATH string| CKFINDER_BASEPATH undefined| Signin undefined| Signup undefined| Contact_Form function| plausible0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mailing.continuapro.com
plausible.io
recuperacionessantander.mailing.continuapro.com
144.217.158.30
2400:52e0:1a00::1067:1
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
59ce799654fc30edd58f3712f16dc856957677531da56ef9c70cbab41f2e7d7d
9617cb487d08f384ad5e232cc707e91c37309c9b34f5b19eac683d3d054dccb9
a68a039f1994856d03a41a65c16bfe7d03549d4d31f6bc1b8c2b2473f9842337
c4098126440719ee7a7eba6dcd7f67d84601ed55cc1b079d74d52f762e37f628
cf1d7aa643c869edb4502b72e9b1a3e7c297d9f6871697e1782b98a1a331ea6e
e0e07b52654b744c16d1f0f62ee00b42554cd31b50cc752e1933e038936cc3e5
e277b5dd99eb395a1dd217a355b8011e0642827ed4f54b6290f03e69d71653e3
e7f556737034e1f62f52cae62a87cfb2b8b4ce81cafc6ac89cf5a094c8c38d23