caixabanktarjeta.com Open in urlscan Pro
34.125.140.130 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2feur01.safelinks.protection.outlook.com%2f%3furl%3dhttp%...
Effective URL:
https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=1...
Submission: On March 31 via manual (March 31st 2022, 10:42:07 am UTC) from ES — Scanned from ES

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 6 domains to perform 11 HTTP transactions. The main IP is 34.125.140.130, located in Las Vegas, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is caixabanktarjeta.com.
TLS certificate: Issued by R3 on March 23rd 2022. Valid for: 3 months.

This is the only time caixabanktarjeta.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixabank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.223.156.187 34.223.156.187	16509 (AMAZON-02) (AMAZON-02)
1 1	104.47.0.28 104.47.0.28	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2001:4860:480... 2001:4860:4802:34::15	15169 (GOOGLE) (GOOGLE)
1 10	34.125.140.130 34.125.140.130	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:231... 2600:9000:2315:4e00:1:cde5:7345:88c1	16509 (AMAZON-02) (AMAZON-02)
11	4

1 34.223.156.187 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-223-156-187.us-west-2.compute.amazonaws.com

ddec1-0-en-ctp.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.47.0.28 (Helsinki, Finland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

eur01.safelinks.protection.outlook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::15 (United States) 1 redirects

ASN15169 (GOOGLE, US)

calxa-tarjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.125.140.130 (Las Vegas, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 130.140.125.34.bc.googleusercontent.com

caixabanktarjeta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:4e00:1:cde5:7345:88c1 (United States)

ASN16509 (AMAZON-02, US)

thumbs.gfycat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	caixabanktarjeta.com 1 redirects caixabanktarjeta.com	6 MB
1	gfycat.com thumbs.gfycat.com — Cisco Umbrella Rank: 17841	184 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 280	31 KB
1	calxa-tarjet.com 1 redirects calxa-tarjet.com	365 B
1	outlook.com 1 redirects eur01.safelinks.protection.outlook.com — Cisco Umbrella Rank: 54510	673 B
1	trendmicro.com 1 redirects ddec1-0-en-ctp.trendmicro.com	495 B
11	6

	Domain	Requested by
10	caixabanktarjeta.com	1 redirects caixabanktarjeta.com ajax.googleapis.com
1	thumbs.gfycat.com	caixabanktarjeta.com
1	ajax.googleapis.com	caixabanktarjeta.com
1	calxa-tarjet.com	1 redirects
1	eur01.safelinks.protection.outlook.com	1 redirects
1	ddec1-0-en-ctp.trendmicro.com	1 redirects
11	6

This site contains no links.

Subject Issuer	Validity	Valid
caixabanktarjeta.com R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
gfycat.com Amazon	`2021-03-21` - `2022-04-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
Frame ID: 58E30488EBEFE4016B88BC50A4D137D1
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2feur01.safelinks.protection.outlook.... HTTP 302
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcalxa-tarjet.com%2F%3Fid%3D8ed9f6dde3479c8b6fe87d3c7c546a8... HTTP 302
http://calxa-tarjet.com/?id=8ed9f6dde3479c8b6fe87d3c7c546a8c4985b538&uuid=4fe291d64ce8ac6c7bce757399... HTTP 302
https://caixabanktarjeta.com/?id=0eb32c95b495c76c8d5b3d5934f406d11166e429466ad83f621d5a12f8509645_5b82ee8... HTTP 302
https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

4
IPs

3
Countries

6208 kB
Transfer

6423 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2feur01.safelinks.protection.outlook.com%2f%3furl%3dhttp%253A%252F%252Fcalxa%2dtarjet.com%252F%253Fid%253D8ed9f6dde3479c8b6fe87d3c7c546a8c4985b538%2526uuid%253D4fe291d64ce8ac6c7bce757399ec73223a0e2a09%2526object%253D9ef7f493cb2c489a9ecdcafb3a295c914a97de40%26data%3d04%257C01%257Cvroman%2540agbar.es%257Cdbde8c03901247a6f70d08da12481430%257Cf4a12867922d4b9dbb859ee7898512a0%257C0%257C0%257C637842398904962567%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%26sdata%3dB%252Bvaaunu4EktbclMTsreKQKLJODvGXlD7LuJXdBzoTI%253D%26reserved%3d0&umid=ba28e1a3-1386-4eb0-b69b-469e1e4d1b22&auth=b7de474530e8f4447b6686e45d126a13322d370e-e98c79a626a3e88885784a7ec0c1b856091ecb93 HTTP 302
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcalxa-tarjet.com%2F%3Fid%3D8ed9f6dde3479c8b6fe87d3c7c546a8c4985b538%26uuid%3D4fe291d64ce8ac6c7bce757399ec73223a0e2a09%26object%3D9ef7f493cb2c489a9ecdcafb3a295c914a97de40&data=04%7C01%7Cvroman%40agbar.es%7Cdbde8c03901247a6f70d08da12481430%7Cf4a12867922d4b9dbb859ee7898512a0%7C0%7C0%7C637842398904962567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=B%2Bvaaunu4EktbclMTsreKQKLJODvGXlD7LuJXdBzoTI%3D&reserved=0 HTTP 302
http://calxa-tarjet.com/?id=8ed9f6dde3479c8b6fe87d3c7c546a8c4985b538&uuid=4fe291d64ce8ac6c7bce757399ec73223a0e2a09&object=9ef7f493cb2c489a9ecdcafb3a295c914a97de40 HTTP 302
https://caixabanktarjeta.com/?id=0eb32c95b495c76c8d5b3d5934f406d11166e429466ad83f621d5a12f8509645_5b82ee8c279fe9f1c3c565363e717280a9dea2d7c3739d6191b4f11aa1cc79df&zone=es HTTP 302
https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index.php Show response
caixabanktarjeta.com/pc/
Redirect Chain

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2feur01.safelinks.protection.outlook.com%2f%3furl%3dhttp%253A%252F%252Fcalxa%2dtarjet.com%252F%253Fid%253D8ed9f6dde3479c...
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcalxa-tarjet.com%2F%3Fid%3D8ed9f6dde3479c8b6fe87d3c7c546a8c4985b538%26uuid%3D4fe291d64ce8ac6c7bce757399ec73223a0e2a09%26object%3D9ef...
http://calxa-tarjet.com/?id=8ed9f6dde3479c8b6fe87d3c7c546a8c4985b538&uuid=4fe291d64ce8ac6c7bce757399ec73223a0e2a09&object=9ef7f493cb2c489a9ecdcafb3a295c914a97de40
https://caixabanktarjeta.com/?id=0eb32c95b495c76c8d5b3d5934f406d11166e429466ad83f621d5a12f8509645_5b82ee8c279fe9f1c3c565363e717280a9dea2d7c3739d6191b4f11aa1cc79df&zone=es
https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es

13 KB
5 KB

201ms
201ms

Document
text/html

34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

9b8839d8138e4e34e87d5532a1232becde08fbb89290564e50ad0936eb54dce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: es-ES,es;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 4768
Content-Type: text/html; charset=UTF-8
Date: Thu, 31 Mar 2022 10:42:01 GMT
Keep-Alive: timeout=5, max=99
Server: Apache/2.4.41 (Ubuntu)
Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 1
Content-Type: text/html; charset=UTF-8
Date: Thu, 31 Mar 2022 10:42:01 GMT
Keep-Alive: timeout=5, max=100
Location: ./pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
Server: Apache/2.4.41 (Ubuntu)
Strict-Transport-Security: max-age=15768000

GET
H/1.1 200
OK NEO-R2016-Home.css
caixabanktarjeta.com/pc/caixfile/ 181 KB
31 KB 191ms
191ms Stylesheet
text/css 34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://caixabanktarjeta.com/pc/caixfile/NEO-R2016-Home.css

Requested by

Host: caixabanktarjeta.com
URL: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

31547e24da917a29e9d1ea4743ada14003260ddf5fabe0d7b1eaf602d48bcef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 10:42:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Apr 2020 18:27:32 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "2d2e6-5a2dfc51d6d00-gzip"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 31811

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
31 KB 190ms
62ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 11:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 11:46:25 GMT

GET
H/1.1 200
OK menu.png
caixabanktarjeta.com/pc/caixfile/ 249 B
577 B 306ms
184ms Image
image/png 34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caixabanktarjeta.com/pc/caixfile/menu.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

eccd88b540ab2810f1f600bde09245883a44fd4c54867b6aa9f1baedf37386ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 10:42:01 GMT
Last-Modified: Thu, 09 Apr 2020 18:27:32 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "f9-5a2dfc51d6d00"
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 249

GET
H/1.1 404
Not Found cross.png
caixabanktarjeta.com/pc/caixfile/ 283 B
283 B 431ms
184ms Image
text/html 34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caixabanktarjeta.com/pc/caixfile/cross.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

a7b1dd8b868b85fb30ff33506e8d0f29f72287b793359082ad9831598b684fa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 10:42:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 283
Strict-Transport-Security: max-age=15768000
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 HeartyKeyBubblefish-size_restricted.gif
thumbs.gfycat.com/ 184 KB
184 KB 258ms
85ms Image
image/gif 2600:9000:2315:4e00:1:cde5:7345:88c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumbs.gfycat.com/HeartyKeyBubblefish-size_restricted.gif
Requested by: Host: caixabanktarjeta.com
URL: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:4e00:1:cde5:7345:88c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72002c48a378cc24c5819e6774dd0b50b87e3b1b7d14fc8324bc2f1ff8e2a0c5

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 10:19:11 GMT
via: 1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
last-modified: Thu, 11 May 2017 07:46:00 GMT
server: AmazonS3
age: 1372
etag: "b8078658c4dfbfe7ebd4acc2f5abaed2"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=946707779, public
content-disposition: inline
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 188009
x-amz-cf-id: ETqt2VYVNwtEjcG6HbBJd9hbw6U8_IzvshAXq44fNix9nI2-Q91EMQ==
expires: Sat, 01 May 2032 13:31:45 GMT

GET
DATA 200
OK truncated
/ 196 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a69404fe30e6c15637c2af40bcb75ce396ee07590ee6a0f0f7dad86d9995935

Request headers

Accept-Language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd9acdaaecd877329a7e2678a5b2c3016669f4a60762d31d8b4d71fa51265014

Request headers

Accept-Language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/jpg

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/jpg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a40e36058ba8718c6edffa8ac41d6bd94d5d6951cbc5163f3334b268a83ed5e3

Request headers

Accept-Language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/jpg

GET
H/1.1 200
OK border.png
caixabanktarjeta.com/pc/caixfile/ 38 KB
38 KB 535ms
184ms Image
image/png 34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caixabanktarjeta.com/pc/caixfile/border.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

dc63dd8b9343050e60e2e06a87dec9d79435569d01e57fd5b4e3bf9f6b405c5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 10:42:02 GMT
Last-Modified: Thu, 09 Apr 2020 18:27:32 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "9693-5a2dfc51d6d00"
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 38547

GET
H/1.1 404
Not Found search.png
caixabanktarjeta.com/pc/css/icons/ 283 B
283 B 543ms
188ms Image
text/html 34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caixabanktarjeta.com/pc/css/icons/search.png

Requested by

Host: caixabanktarjeta.com
URL: https://caixabanktarjeta.com/pc/caixfile/NEO-R2016-Home.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

a7b1dd8b868b85fb30ff33506e8d0f29f72287b793359082ad9831598b684fa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/pc/caixfile/NEO-R2016-Home.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 10:42:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 283
Strict-Transport-Security: max-age=15768000
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK logo.png
caixabanktarjeta.com/pc/caixfile/ 3 KB
3 KB 554ms
184ms Image
image/png 34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caixabanktarjeta.com/pc/caixfile/logo.png

Requested by

Host: caixabanktarjeta.com
URL: https://caixabanktarjeta.com/pc/caixfile/NEO-R2016-Home.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

f5af79cb876c53c78aa831871022da933379aabdd0a0eec43983c2f2d95a9219

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/pc/caixfile/NEO-R2016-Home.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 10:42:02 GMT
Last-Modified: Thu, 09 Apr 2020 18:27:32 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "c64-5a2dfc51d6d00"
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3172

GET
H/1.1 200
OK page.png
caixabanktarjeta.com/pc/caixfile/ 6 MB
6 MB 555ms
185ms Image
image/png 34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caixabanktarjeta.com/pc/caixfile/page.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

ca40fe0f2e90378b86f3f569e928c801ce1b5800dff790e04d3bdb63053ce7bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: es-ES,es;q=0.9
Referer: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 10:42:02 GMT
Last-Modified: Thu, 09 Apr 2020 18:27:32 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "5c6747-5a2dfc51d6d00"
Strict-Transport-Security: max-age=15768000
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6055751

GET
H/1.1 200
OK api.php Show response
caixabanktarjeta.com/fct/ 180 B
462 B 326ms
185ms XHR
text/html 34.125.140.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://caixabanktarjeta.com/fct/api.php?action=test

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.125.140.130 Las Vegas, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

130.140.125.34.bc.googleusercontent.com

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

73969e171f6548519c9d0086a0a07c44e66ada7ef03249bced19f6a157a39452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept: */*
Referer: https://caixabanktarjeta.com/pc/index.php?id=c38c4681df204066c6ae36adeae9ba9c&uuid=cd87ae127f520cdaa1e27f5ee91409c6&session=185ee5e118d5a03730b63aabf654b1f6&zone=es
X-Requested-With: XMLHttpRequest
Accept-Language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Thu, 31 Mar 2022 10:42:02 GMT
Content-Encoding: gzip
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: Keep-Alive
Strict-Transport-Security: max-age=15768000
Keep-Alive: timeout=5, max=96
Content-Length: 166

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixabank (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://caixabanktarjeta.com/pc/caixfile/cross.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://caixabanktarjeta.com/pc/css/icons/search.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
caixabanktarjeta.com
calxa-tarjet.com
ddec1-0-en-ctp.trendmicro.com
eur01.safelinks.protection.outlook.com
thumbs.gfycat.com
104.47.0.28
2001:4860:4802:34::15
2600:9000:2315:4e00:1:cde5:7345:88c1
2a00:1450:4001:828::200a
34.125.140.130
34.223.156.187
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
31547e24da917a29e9d1ea4743ada14003260ddf5fabe0d7b1eaf602d48bcef0
4a69404fe30e6c15637c2af40bcb75ce396ee07590ee6a0f0f7dad86d9995935
72002c48a378cc24c5819e6774dd0b50b87e3b1b7d14fc8324bc2f1ff8e2a0c5
73969e171f6548519c9d0086a0a07c44e66ada7ef03249bced19f6a157a39452
9b8839d8138e4e34e87d5532a1232becde08fbb89290564e50ad0936eb54dce7
a40e36058ba8718c6edffa8ac41d6bd94d5d6951cbc5163f3334b268a83ed5e3
a7b1dd8b868b85fb30ff33506e8d0f29f72287b793359082ad9831598b684fa5
ca40fe0f2e90378b86f3f569e928c801ce1b5800dff790e04d3bdb63053ce7bd
dc63dd8b9343050e60e2e06a87dec9d79435569d01e57fd5b4e3bf9f6b405c5b
dd9acdaaecd877329a7e2678a5b2c3016669f4a60762d31d8b4d71fa51265014
eccd88b540ab2810f1f600bde09245883a44fd4c54867b6aa9f1baedf37386ae
f5af79cb876c53c78aa831871022da933379aabdd0a0eec43983c2f2d95a9219

caixabanktarjeta.com Open in urlscan Pro 34.125.140.130 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

4 IPs

3 Countries

6208 kBTransfer

6423 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

caixabanktarjeta.com Open in urlscan Pro
34.125.140.130 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

4
IPs

3
Countries

6208 kB
Transfer

6423 kB
Size

0
Cookies

11 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!