caixadirectatechsec.com Open in urlscan Pro
172.67.183.98 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://caixadirectatechsec.com/
Submission: On December 16 via automatic, source certstream-suspicious (December 16th 2024, 5:48:03 pm UTC) — Scanned from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 172.67.183.98, located in United States and belongs to CLOUDFLARENET, US. The main domain is caixadirectatechsec.com.
TLS certificate: Issued by WE1 on December 16th 2024. Valid for: 3 months.

This is the only time caixadirectatechsec.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixa Geral de Depósitos (Banking)

Domain & IP information

	IP Address	AS Autonomous System
9	172.67.183.98 172.67.183.98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	195.234.134.176 195.234.134.176	25253 (CGDNET CA...) (CGDNET CAIXA GERAL DE DEPOSITOS)
1	2600:1408:c40... 2600:1408:c400:e92::2a1	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
11	3

9 172.67.183.98 (United States)

ASN13335 (CLOUDFLARENET, US)

caixadirectatechsec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.234.134.176 (Portugal)

ASN25253 (CGDNET CAIXA GERAL DE DEPOSITOS, SA, PT)

static.cgd.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:e92::2a1 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

is4-ssl.mzstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	caixadirectatechsec.com caixadirectatechsec.com	118 KB
1	mzstatic.com is4-ssl.mzstatic.com — Cisco Umbrella Rank: 8439	35 KB
1	cgd.pt static.cgd.pt — Cisco Umbrella Rank: 529648	5 KB
11	3

	Domain	Requested by
9	caixadirectatechsec.com	caixadirectatechsec.com
1	is4-ssl.mzstatic.com	caixadirectatechsec.com
1	static.cgd.pt	caixadirectatechsec.com
11	3

This site contains no links.

Subject Issuer	Validity	Valid
caixadirectatechsec.com WE1	`2024-12-16` - `2025-03-16`	3 months	crt.sh
static.cgd.pt DigiCert EV RSA CA G2	`2024-07-30` - `2025-06-29`	a year	crt.sh
itunes.apple.com Apple Public EV Server RSA CA 2 - G1	`2024-12-03` - `2025-04-02`	4 months	crt.sh

This page contains 1 frames:

Primary Page: https://caixadirectatechsec.com/
Frame ID: D56FF7BF579A2DD5357B33A95F8D8754
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CGD

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

157 kB
Transfer

344 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
caixadirectatechsec.com/ 124 KB
25 KB 535ms
420ms Document
text/html 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://caixadirectatechsec.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.30
Resource Hash: 46859b1e99002f9bc47cc3217e0f717d03f50cef7268f434688316a477964ccd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8f3080654c86a669-MIA
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Mon, 16 Dec 2024 17:47:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BwaLRECTyiHWr5GS6Wv9cAh%2BA5dOOCikNVmsJl0PlZe756NG%2FMJhTgU6WDyxnDXoo8U0pCIGtaMV%2FtUgGnsn40ofv6gdmifqS13CVrvpcVH%2Bhz40wRLgRORV%2F22e3PDuRm6V38aS%2FDRRrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=30147&min_rtt=29847&rtt_var=4930&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4152&recv_bytes=4489&delivery_rate=509&cwnd=12000&unsent_bytes=0&cid=6a4f4a1745831c49&ts=433&x=1" cfExtPri cfHdrFlush;dur=0
x-powered-by: PHP/8.0.30

GET
H3 200 jquery.js Show response
caixadirectatechsec.com/files/ 87 KB
33 KB 657ms
656ms Script
text/javascript 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://caixadirectatechsec.com/files/jquery.js
Requested by: Host: caixadirectatechsec.com
URL: https://caixadirectatechsec.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/

Response headers

server: cloudflare
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"15d9d-5d4d3a54c9200"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3D3HOdqo6bNLiU8MXbkREAvxus9wGyIcHnrugnuWJFj6bcRWUAKinjxr6FuSgvg%2FOzx41PpS%2F43sNntsV09X87F9is3kuSsfilMm6Dj5aoDbizw%2FtbOxAE8%2BAGGVHhQIw753tg22X%2BvK%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f308067f897a669-MIA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30269&min_rtt=29805&rtt_var=415&sent=42&recv=29&lost=0&retrans=0&sent_bytes=32265&recv_bytes=6130&delivery_rate=68609&cwnd=12000&unsent_bytes=0&cid=6a4f4a1745831c49&ts=1099&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 16 Dec 2024 17:47:58 GMT
content-type: text/javascript
last-modified: Wed, 05 Jan 2022 10:59:20 GMT
vary: Accept-Encoding
priority: u=1,i=?0

GET
H3 200 login_and_register.css
caixadirectatechsec.com/files/ 45 KB
9 KB 687ms
687ms Stylesheet
text/css 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://caixadirectatechsec.com/files/login_and_register.css
Requested by: Host: caixadirectatechsec.com
URL: https://caixadirectatechsec.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dc8a1053a0600cdfcdc74f9814dff2b4e1abbefd9d3d0badf23f35f588e5471

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/

Response headers

server: cloudflare
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"b291-5d4e4b44b0280"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hgbJwrr3GVHvWNiVdEtCq350HydBM5wn3XHD8ESReQ2S6LzDP2jJX1yD3Io9IviBigXRkD16lobgDZFQDvClyafzeQLngk5wN373Lb6AX6qFhc0eYtiFJ5H%2FWDquCsTvyxK1i4bd4wkPZw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f308067f89da669-MIA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30269&min_rtt=29805&rtt_var=415&sent=53&recv=29&lost=0&retrans=0&sent_bytes=44265&recv_bytes=6130&delivery_rate=68609&cwnd=12000&unsent_bytes=0&cid=6a4f4a1745831c49&ts=1106&x=1", cfExtPri, cfHdrFlush;dur=23
date: Mon, 16 Dec 2024 17:47:58 GMT
content-type: text/css
last-modified: Thu, 06 Jan 2022 07:20:26 GMT
vary: Accept-Encoding
priority: u=0,i=?0

GET
H3 200 nbp_popin.css
caixadirectatechsec.com/files/ 4 KB
2 KB 420ms
419ms Stylesheet
text/css 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://caixadirectatechsec.com/files/nbp_popin.css
Requested by: Host: caixadirectatechsec.com
URL: https://caixadirectatechsec.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51a77b84fd1e0904911e2e93d0c39e562473ef9602624aa97161a36fd8937faa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/

Response headers

server: cloudflare
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"f8a-5d4e4b42c7e00"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2FQjqq4SEvPd%2FuZlPgKcPB4seMkURlEHCdhhRpumDEcTYXOjSPcG%2Bdise1snNq6cqXtLuiusfJuRFVmJkLEzmAGY0NB1Pz8xoIYDH7NcQxCvlcLXodC7571PvOZkaViYgI94YbEZ38BTiA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f308067f8a3a669-MIA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30241&min_rtt=29805&rtt_var=471&sent=39&recv=27&lost=0&retrans=0&sent_bytes=30204&recv_bytes=6043&delivery_rate=262583&cwnd=12000&unsent_bytes=0&cid=6a4f4a1745831c49&ts=861&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 16 Dec 2024 17:47:58 GMT
content-type: text/css
last-modified: Thu, 06 Jan 2022 07:20:24 GMT
vary: Accept-Encoding
priority: u=0,i=?0

GET
H/1.1 200
OK logo_CDO.gif
static.cgd.pt/staticCMS/cdo/global/img/ 4 KB
5 KB 897ms
140ms Image
image/gif 195.234.134.176
CGDNET CAIXA GERA...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.cgd.pt/staticCMS/cdo/global/img/logo_CDO.gif

Requested by

Host: caixadirectatechsec.com
URL: https://caixadirectatechsec.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

195.234.134.176 , Portugal, ASN25253 (CGDNET CAIXA GERAL DE DEPOSITOS, SA, PT),

Reverse DNS

Software

Resource Hash

174b3bb7c4416bd675d599afc18ee42cfb8ee6960eaec96f1bb1c65e7c5185a6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/

Response headers

Access-Control-Allow-Headers: Content-Type
Cache-control: private
ETag: W/"4487-1551369111000"
Age: 116
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: HIT
Content-Length: 4487
X-XSS-Protection: 1; mode=block
Date: Mon, 16 Dec 2024 17:46:02 GMT
Last-Modified: Thu, 28 Feb 2019 15:51:51 GMT
Content-Type: image/gif;charset=utf-8
X-Frame-Options: SAMEORIGIN

GET
H2 200 512x512bb.jpg
is4-ssl.mzstatic.com/image/thumb/Purple123/v4/ce/7e/6f/ce7e6fce-6365-6e79-b720-67f2663d14a3/source/ 33 KB
35 KB 295ms
76ms Image
image/jpeg 2600:1408:c400:e92::2a1
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://is4-ssl.mzstatic.com/image/thumb/Purple123/v4/ce/7e/6f/ce7e6fce-6365-6e79-b720-67f2663d14a3/source/512x512bb.jpg

Requested by

Host: caixadirectatechsec.com
URL: https://caixadirectatechsec.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:e92::2a1 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

daiquiri/5 /

Resource Hash

f0872741492ce06d3173563e3dbe22a1506c5577ab8b53bebcb3b1d368f695d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/

Response headers

x-b3-spanid: 4e794fa56aa3def7
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
x-b3-parentspanid: eb721048c1f9b0b3
etag: "MSwxLjg2LjAsVmVyc2lvbiAxMy41LjIgKEJ1aWxkIDIyRzkxKSwxNzMzMTYyNDkzOTk2LDI0TjE3LDA3OTM2ZDcyLG5vRWZmZWN0"
cdnuuid: eb324e56-3cda-4810-aef9-81537b4d18a8-4546337772
apple-originating-system: UnknownOriginatingSystem
x-apple-request-uuid: ac620a90-c488-771d-0e86-7498ce2bbcc3
x-daiquiri-instance: daiquiri:13624001:mr85p00it-hyhk04174601:7987:24RELEASE242:daiquiri-amp-processing-shared-int-001-mr, daiquiri:11338001:mr47p00it-qujn04120302:7987:24RELEASE242:daiquiri-amp-all-l7shared-int-001-mr
x-cache-remote: TCP_HIT from a23-220-106-207.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
x-cache: TCP_MISS from a23-220-106-213.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
apple-tk: false
date: Mon, 16 Dec 2024 17:47:58 GMT
content-type: image/jpeg
last-modified: Mon, 02 Dec 2024 18:01:33 GMT
apple-seq: 0.0
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-transform, max-age=12991170
timing-allow-origin: *
access-control-allow-origin: *
x-b3-traceid: 58210a7658a58d9e
content-length: 34284
x-apple-jingle-correlation-key: VRRAVEGERB3R2DUGOSMM4K54YM
server: daiquiri/5
b3: ac620a90c488771d0e867498ce2bbcc3-4e794fa56aa3def7

GET
H3 200 SantanderTextW05-Regular.woff
caixadirectatechsec.com/files/ 45 KB
46 KB 424ms
423ms Font
font/woff 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://caixadirectatechsec.com/files/SantanderTextW05-Regular.woff
Requested by: Host: caixadirectatechsec.com
URL: https://caixadirectatechsec.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78e528416f0569f2ff89bfb0dcf524f9b27a9fd847fe5e85e150f2b39fdff090

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://caixadirectatechsec.com
Referer: https://caixadirectatechsec.com/

Response headers

cf-cache-status: MISS
etag: "b4bc-5be7e3e4ddc00"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JwnKThjhfXOhN3mr5WIJ4JwupNjUcyC2HDc%2BkXH8%2ByYFaS2rPIxbUA2guyi6K725ZXcvlQ0sHFCxtzA9Vz8tNqWZl7Ljbr1vAptQC6wfNgwEWq3gqMWVgbSq4If1CFXoouwTNRiMIcUQ3g%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=32031&min_rtt=29745&rtt_var=2186&sent=85&recv=52&lost=0&retrans=0&sent_bytes=77447&recv_bytes=7772&delivery_rate=423510&cwnd=31200&unsent_bytes=0&cid=6a4f4a1745831c49&ts=1637&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 16 Dec 2024 17:47:59 GMT
content-type: font/woff
last-modified: Sat, 27 Mar 2021 05:51:44 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f30806cc89aa669-MIA
accept-ranges: bytes
content-length: 46268
server: cloudflare

GET
H3 404 eye-icon_show.svg
caixadirectatechsec.com/ficheros/modern/images/icons/ 310 B
310 B 425ms
425ms Image
text/html 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://caixadirectatechsec.com/ficheros/modern/images/icons/eye-icon_show.svg
Requested by: Host: caixadirectatechsec.com
URL: https://caixadirectatechsec.com/files/login_and_register.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71eefc41c54f8a1ebf65e176e23a72b40e02a83e89775e83992f7aef450b6573

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/files/login_and_register.css

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dF5LlbehmE6wLEhbvL%2F%2F4ZiaCv9i0lRHJGnj60p2TrvlikXaR1W3qdUDUtdr4gybglJkcIB23%2Bi4jxGp4%2Bh%2FGPdhjNqc0RH4MWCXhWWmlEDXdWmka7sNgPjEb8NcK09XNB9eQ%2F63GpBwIg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f30806cb876a669-MIA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=32031&min_rtt=29745&rtt_var=2186&sent=84&recv=52&lost=0&retrans=0&sent_bytes=76487&recv_bytes=7772&delivery_rate=423510&cwnd=31200&unsent_bytes=0&cid=6a4f4a1745831c49&ts=1628&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 16 Dec 2024 17:47:59 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=3,i

GET
H3 404 santander-icon.svg
caixadirectatechsec.com/ficheros/modern/images/icons/ 310 B
941 B 425ms
424ms Other
text/html 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://caixadirectatechsec.com/ficheros/modern/images/icons/santander-icon.svg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71eefc41c54f8a1ebf65e176e23a72b40e02a83e89775e83992f7aef450b6573

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s7IFwDpNdQjbFFVlR47kLuplaNFeeNwnKMz7dw988N9%2B1XCPeFlIvpeKOJ%2BuPu3vEYMbwhr8MeV%2FpvfB5tjrYnzBFlwcEqHExy7hFfqnCxpFa8lnn1%2FyukhcQEe%2BS6nKNg3mXSOXU%2B1Wgg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f308070eef2a669-MIA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=32431&min_rtt=29745&rtt_var=3383&sent=128&recv=68&lost=0&retrans=0&sent_bytes=125513&recv_bytes=8815&delivery_rate=154615&cwnd=40800&unsent_bytes=0&cid=6a4f4a1745831c49&ts=2299&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 16 Dec 2024 17:47:59 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 404 favicon.ico
caixadirectatechsec.com/ficheros/modern/images/icons/ 310 B
944 B 416ms
415ms Other
text/html 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://caixadirectatechsec.com/ficheros/modern/images/icons/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71eefc41c54f8a1ebf65e176e23a72b40e02a83e89775e83992f7aef450b6573

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EGULTx1tUt1rXYWjvuhI%2B5Najp%2BzJ7%2BSQnUjwDC%2B%2B6k4%2Bh7SEYEp%2FZnnPKnKKRvEe7ZWhh%2F6JMEz7QsqMxq6hZ9uVt1mnxVyAUvOuiwAg5d8JPI5UWZps9qiBSWg%2FxRz2nTKSe90XPiDSA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f3080739c4fa669-MIA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=32120&min_rtt=29745&rtt_var=3159&sent=130&recv=69&lost=0&retrans=0&sent_bytes=126502&recv_bytes=9196&delivery_rate=2264&cwnd=40800&unsent_bytes=0&cid=6a4f4a1745831c49&ts=2717&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 16 Dec 2024 17:48:00 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 404 favicon.png
caixadirectatechsec.com/ficheros/modern/images/icons/ 310 B
931 B 429ms
428ms Other
text/html 172.67.183.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://caixadirectatechsec.com/ficheros/modern/images/icons/favicon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71eefc41c54f8a1ebf65e176e23a72b40e02a83e89775e83992f7aef450b6573

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://caixadirectatechsec.com/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pb4lmypExAHSL7qiuo4GG4EEeUi0yNKMjceh9l4l8b6OCqVg43PQ28HdWmnbKwK1JiOEuQYFEyWWlWGDjHxy4%2Bb1fI2GQtNdWRWBFngig%2BJdxF4M%2BnuRCo%2Bl%2Bv33sG4riO2W2MhGQbTCZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f30807638b0a669-MIA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31830&min_rtt=29745&rtt_var=2950&sent=133&recv=70&lost=0&retrans=0&sent_bytes=127518&recv_bytes=9577&delivery_rate=2378&cwnd=40800&unsent_bytes=0&cid=6a4f4a1745831c49&ts=3147&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 16 Dec 2024 17:48:00 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixa Geral de Depósitos (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://caixadirectatechsec.com/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://caixadirectatechsec.com/ficheros/modern/images/icons/eye-icon_show.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://caixadirectatechsec.com/ficheros/modern/images/icons/santander-icon.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://caixadirectatechsec.com/ficheros/modern/images/icons/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://caixadirectatechsec.com/ficheros/modern/images/icons/favicon.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

caixadirectatechsec.com
is4-ssl.mzstatic.com
static.cgd.pt
172.67.183.98
195.234.134.176
2600:1408:c400:e92::2a1
174b3bb7c4416bd675d599afc18ee42cfb8ee6960eaec96f1bb1c65e7c5185a6
46859b1e99002f9bc47cc3217e0f717d03f50cef7268f434688316a477964ccd
4dc8a1053a0600cdfcdc74f9814dff2b4e1abbefd9d3d0badf23f35f588e5471
51a77b84fd1e0904911e2e93d0c39e562473ef9602624aa97161a36fd8937faa
71eefc41c54f8a1ebf65e176e23a72b40e02a83e89775e83992f7aef450b6573
78e528416f0569f2ff89bfb0dcf524f9b27a9fd847fe5e85e150f2b39fdff090
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
f0872741492ce06d3173563e3dbe22a1506c5577ab8b53bebcb3b1d368f695d8

caixadirectatechsec.com Open in urlscan Pro 172.67.183.98 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

157 kBTransfer

344 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

caixadirectatechsec.com Open in urlscan Pro
172.67.183.98 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

157 kB
Transfer

344 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!