mbwayprotege.com Open in urlscan Pro
172.67.146.148 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mbwayprotege.com/
Effective URL:
https://mbwayprotege.com/
Submission: On April 10 via manual (April 10th 2024, 3:53:33 pm UTC) from PT — Scanned from PT

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 172.67.146.148, located in United States and belongs to CLOUDFLARENET, US. The main domain is mbwayprotege.com.
TLS certificate: Issued by GTS CA 1P5 on April 10th 2024. Valid for: 3 months.

This is the only time mbwayprotege.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
14	172.67.146.148 172.67.146.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.247.203 104.17.247.203	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
17	3

14 172.67.146.148 (United States)

ASN13335 (CLOUDFLARENET, US)

mbwayprotege.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.247.203 (None, )

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	mbwayprotege.com mbwayprotege.com	42 KB
2	unpkg.com unpkg.com — Cisco Umbrella Rank: 1334	6 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1217	30 KB
17	3

	Domain	Requested by
14	mbwayprotege.com	mbwayprotege.com
2	unpkg.com	mbwayprotege.com
1	code.jquery.com	mbwayprotege.com
17	3

This site contains no links.

Subject Issuer	Validity	Valid
mbwayprotege.com GTS CA 1P5	`2024-04-10` - `2024-07-09`	3 months	crt.sh
unpkg.com GTS CA 1P5	`2024-04-01` - `2024-06-30`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://mbwayprotege.com/
Frame ID: 437BDF3E8C08F6DF0AF872F841C577A1
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Conta Bloqueada - MBWAY

Page URL History Show full URLs

http://mbwayprotege.com/ HTTP 307
https://mbwayprotege.com/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

78 kB
Transfer

168 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mbwayprotege.com/ HTTP 307
https://mbwayprotege.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
mbwayprotege.com/
Redirect Chain

http://mbwayprotege.com/
https://mbwayprotege.com/

1 KB
976 B

254ms
130ms

Document
text/html

172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mbwayprotege.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 93225608c35981f998e947ca3086d6d0112187095aa038cea5eb242611937805

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: pt-PT,pt;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8723e8f4bc302fa5-MAD
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 10 Apr 2024 15:53:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x9OZRt%2FqSejyxarJWCComNWhFvbkyWxTgjpC1IgGSBBRXKcpYaUs0TvCWmMhid356AGmixoSwr%2FlWHlCG5%2B1U452dJGDNh0XM1rN9sFy4j7JHrh9NSpUA4wO5qa%2FS1hwBuR1"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

Redirect headers

Location: https://mbwayprotege.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 style.css
mbwayprotege.com/ 2 KB
1 KB 248ms
247ms Stylesheet
text/css 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mbwayprotege.com/style.css
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 419d6a35b82389a78adbf01942dcbc9d78554ec6ad4203f14f9eb3106cb57fc7

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"979-18ebd711b6b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcVzkHiUkWJ5TMF0Um2pzZgKB%2BF5pmwp3vKtBwLx82ZdZxKzeX9QlYLpiGYf6My7nQEWZg0xVEkUm7TrTxEhCPhoRQp%2BCpn393zTOSGyrMo8BU8gh8BDPh5v1dHc%2FLDmHsWP"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400
cf-ray: 8723e8f5994f2f87-MAD
alt-svc: h3=":443"; ma=86400

GET
H2 200 aos.css
unpkg.com/aos@2.3.1/dist/ 25 KB
2 KB 181ms
67ms Stylesheet
text/css 104.17.247.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.css

Requested by

Host: mbwayprotege.com
URL: https://mbwayprotege.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.247.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3621715
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01HQRDFN1HR80X0JEPC305FW50-mad
server: cloudflare
etag: W/"65c5-BVfTdFS2f0LyyxAeV+UHD7EZNXA"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8723e8f64f1a385d-MAD

GET
H3 200 logo.svg
mbwayprotege.com/ 4 KB
2 KB 248ms
247ms Image
image/svg+xml 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/logo.svg
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 57a7797be5dc2f7f14e9b13d742923e9231093b6bc985f1f63422540507e6cc3

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"1192-18ebd71184b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XnLiSf8Qo2BDB21PkDH%2FGY%2BLikQo%2FHILUwMEJOrtj6gb124u010lU2y5ofYcbQxt7gIaSbf1q2sxDpmKZ%2Feusk95fDK%2BG0M6lEF3la8h5ragVY7LUPTuEWPJemC7OlAiVnG%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 8723e8f599532f87-MAD
alt-svc: h3=":443"; ma=86400

GET
H3 200 SANTANDER.png
mbwayprotege.com/bancos/ 2 KB
2 KB 194ms
193ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/SANTANDER.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2d5c7fb79ebc48e648afac09f7cdf332ff04a5ebfe089227a605617d31298c8b

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"659-18ebd71254b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vul4y9Pdah0oW9yDlPOyzupHALkBdtIUx0aMTqUekkdOdxvQhRZKMRqYMSytd5e6QJrFD9oUe5DuvsRKSw9vYCRZT0Cu1N3xmCjgUHGE6o5EoK%2FZGohRKFtNV0UEcmQaP26E"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f599542f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 1625

GET
H3 200 BPI.png
mbwayprotege.com/bancos/ 9 KB
9 KB 236ms
234ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/BPI.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9842b0d21247ca0e04940ec8ed79e8342382ec36ceb2357695ff839f89dad410

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"220d-18ebd712277"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GN%2BEHurJlY6aNnlYqPnydpS7J0Kk7P8zPSvyEk4x1nR605zTdgaJdGYHOwYlDwLefl5QZcb%2BoNHYxLDs5%2FD2f6PjVsiIqKNVfpCnJRO0%2FIVtmpu9by3CjkiQUsqjEntnUQBS"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f5b9882f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 8717

GET
H3 200 MILLENIUM.png
mbwayprotege.com/bancos/ 2 KB
2 KB 183ms
180ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/MILLENIUM.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: da14b41ec028726d650e1633eb3b0225d309b16e830c7498e3b011ab636faa3d

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"7d2-18ebd712923"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VRo9UnQjKNQZf9ueGxDcSGGOGJPS55K9JAsFsCz1Ee7H5GbZXtUP38ROxO2lhDUdh8Yj51OC6NBXpV9%2FCwDhfNvgvdiPs0EMZ2R5qchs5Ag1wC7wjWT7v1ygE7yIuhnh7tiT"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f5b98c2f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 2002

GET
H3 200 MONTEPIO.png
mbwayprotege.com/bancos/ 2 KB
2 KB 182ms
181ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/MONTEPIO.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a274b2ed46aded2c7961d8bf7b9706cb874839de1fed1b358993ab319c27f41b

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"7a3-18ebd7127a3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LG4yF9H2ED%2FHSF%2Fi6hGXLfjMPqbYAHnA0OGsBCQTFe%2FViokXZFJEMl3Bes%2FjCzI6fkplXfKrgRooubev6I%2FVYA2TvidnWr%2BduT%2FB9VajOJe2T1HIh13NIoB8cvQUvIO0J5IH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f5b98e2f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 1955

GET
H3 200 CREDITOAGRICOLA.png
mbwayprotege.com/bancos/ 1 KB
2 KB 235ms
234ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/CREDITOAGRICOLA.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 51220edc5ab34f5ec97bfa85bdde86725d1783144572e3084a5334f87e31559b

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"4dc-18ebd7123ab"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kClfCzZYupW8aqBy3n4d%2BgypY%2FaTVJQ%2FNZsQM8dedtcTmE%2BkXBu%2B0aLQ%2BX4DBxO78cRDLZ02YgBJv94P54r4WFQ1SiAE8wVaFLUuQad2EYC1E1m5g%2FdLDryXVHGneRUohK%2Bf"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f5b9902f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 1244

GET
H3 200 NOVOBANCO.png
mbwayprotege.com/bancos/ 7 KB
8 KB 236ms
235ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/NOVOBANCO.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 4d53c8eca989e94643da5693cdf2e8b94b5f1cc897de8996a464317725761da9

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"1d2d-18ebd712673"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nlsdcdSVHXg40TGxket366E9p0vdV29fbaqFQcQNwdfmxvqsMClsjyScj4%2F%2FIzTT52v7Qozinx3Vow0PyaauFbRDCE8C%2B9AiHFEo6ZFfsrjA%2FMx3Jjv%2B26sbbwnRUg37N2NU"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f5b9942f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 7469

GET
H3 200 CAIXAGERAL.png
mbwayprotege.com/bancos/ 3 KB
3 KB 183ms
182ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/CAIXAGERAL.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d0f5629bea1c9f4dc4d1882327a1b7b6d00bdeff0dd8d51b5313af7ab0cd3fb2

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"af0-18ebd7120f7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YO5OJ4SX860LypX%2FQ%2Fg98bBwhDKGc10R8fOtYbFkLsJqtdsppc7Ndi1MsqWyFuG6r6IfT22uBYPTzrh4wkkxrIlcEDibO6nDWGIXrntf3nUbR5vouBcy7pU2rTHNnN7QVTMu"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f5b9952f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 2800

GET
H3 200 ACTIVOBANK.png
mbwayprotege.com/bancos/ 2 KB
2 KB 183ms
182ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/ACTIVOBANK.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b96f99314a2f0193ca886c05214bd1732574c5369d1fc078cb252a4ad5f92057

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"810-18ebd71203b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9VZIXG6CUEceUJjc%2FcRbp3gbaoMsgkOBXG1Cyh7pYJr7GKcrOwCi9R4u5if3NhsQ8zBlpft8HAWp5gXvKl24BhmEZ3QS15mFQjHAtsVSMgMCGLyG3Dq0hw1LxmrL4K5zR4P"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f5b9972f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 2064

GET
H3 200 ABANCA.png
mbwayprotege.com/bancos/ 3 KB
4 KB 282ms
281ms Image
image/png 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbwayprotege.com/bancos/ABANCA.png
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: cfb1ff561043b8c14b0fb26752abd49f85da0be4f251eb338b8c5e729b8a2f0e

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"de7-18ebd712047"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2F%2BQkQO%2BLKz0U%2Bf1dWT8D3gngkSZwLikoGaJlQG3GSjCn8QiTxAR%2F0nyX8OP7a4TVviaCnstNFqp4tOFChpSlz7HZM5cX%2FAnU6fnTSTaOGgke%2B01b96F5bzb%2Bt8TJ%2FD7P4HJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8723e8f5b9992f87-MAD
alt-svc: h3=":443"; ma=86400
content-length: 3559

GET
H2 200 jquery-3.7.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 147ms
44ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.min.js
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 17963744
x-cache: HIT, HIT
content-length: 30336
x-served-by: cache-lga21978-LGA, cache-lis1490058-LIS
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1712764409.329771,VS0,VE0
etag: W/"28feccc0-155ed"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 50, 27769

GET
H2 200 aos.js Show response
unpkg.com/aos@2.3.1/dist/ 14 KB
5 KB 162ms
66ms Script
application/javascript 104.17.247.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.js

Requested by

Host: mbwayprotege.com
URL: https://mbwayprotege.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.247.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3612835
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01HQRNYMYXHAWE5VJ4NNERNG7Y-mad
server: cloudflare
etag: W/"379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8723e8f64f1e385d-MAD

GET
H3 200 main.js Show response
mbwayprotege.com/ 120 B
594 B 235ms
234ms Script
application/javascript 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mbwayprotege.com/main.js
Requested by: Host: mbwayprotege.com
URL: https://mbwayprotege.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e253a81eb8e0fafd40ef70658003f54ad8d78f01035a08d2ae91542aea4d9d24

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"78-18ebd711917"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2F13YVAjTSlU%2BVbjG6h1mrg470xVcxbBEMuiH3sL48WpB2s%2B2MZ0BSl8PArNIly4yu7NAyMkKsNeOgxxe9dxBqsMhXQChLDH5xjPDSHbRf%2FRry5oIRmv1D5ZwEd26v5quCGt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400
cf-ray: 8723e8f5b98d2f87-MAD
alt-svc: h3=":443"; ma=86400

GET
H3 200 logo.ico
mbwayprotege.com/ 4 KB
2 KB 183ms
182ms Other
image/x-icon 172.67.146.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mbwayprotege.com/logo.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.146.148 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: da28825fd4aed1e83e51fff1191daaff03dad75baab698f771fd0e58bb5b9abd

Request headers

accept-language: pt-PT,pt;q=0.9
Referer: https://mbwayprotege.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 10 Apr 2024 15:53:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 08 Apr 2024 11:21:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"fb6-18ebd711e6f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8q8rXqFVtSZIxbiFPlY6l1VQeRsfR2P7Z8ETALZ5uhD9fc0gPKQ3GeFauEYjUFhblE1g0l6eqvcJqLC%2BvM1vOOhQEwSDpIzViP2dGl86ohIK%2BWEXraQVevvlLT2wE12Itl%2FX"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: public, max-age=14400
cf-ray: 8723e8f77cb02f87-MAD
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on April 10th 2024, 3:54:43 pm UTC — From Portugal

Threats: Phishing
Comment: Fake malicious domain, targets customers of Portuguese banks.

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| AOS function| carregar

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
mbwayprotege.com
unpkg.com
104.17.247.203
151.101.130.137
172.67.146.148
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
2d5c7fb79ebc48e648afac09f7cdf332ff04a5ebfe089227a605617d31298c8b
419d6a35b82389a78adbf01942dcbc9d78554ec6ad4203f14f9eb3106cb57fc7
4d53c8eca989e94643da5693cdf2e8b94b5f1cc897de8996a464317725761da9
51220edc5ab34f5ec97bfa85bdde86725d1783144572e3084a5334f87e31559b
57a7797be5dc2f7f14e9b13d742923e9231093b6bc985f1f63422540507e6cc3
93225608c35981f998e947ca3086d6d0112187095aa038cea5eb242611937805
9842b0d21247ca0e04940ec8ed79e8342382ec36ceb2357695ff839f89dad410
a274b2ed46aded2c7961d8bf7b9706cb874839de1fed1b358993ab319c27f41b
b96f99314a2f0193ca886c05214bd1732574c5369d1fc078cb252a4ad5f92057
cfb1ff561043b8c14b0fb26752abd49f85da0be4f251eb338b8c5e729b8a2f0e
d0f5629bea1c9f4dc4d1882327a1b7b6d00bdeff0dd8d51b5313af7ab0cd3fb2
da14b41ec028726d650e1633eb3b0225d309b16e830c7498e3b011ab636faa3d
da28825fd4aed1e83e51fff1191daaff03dad75baab698f771fd0e58bb5b9abd
e253a81eb8e0fafd40ef70658003f54ad8d78f01035a08d2ae91542aea4d9d24
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

mbwayprotege.com Open in urlscan Pro 172.67.146.148 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

78 kBTransfer

168 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.domain Submitted on April 10th 2024, 3:54:43 pm UTC — From Portugal

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

0 Cookies

Indicators

mbwayprotege.com Open in urlscan Pro
172.67.146.148 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

78 kB
Transfer

168 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Malicious page.domain
Submitted on April 10th 2024, 3:54:43 pm UTC — From Portugal

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!