caixalogin-146522.cloud-fr1.unispace.io Open in urlscan Pro
51.178.239.210  Malicious Activity! Public Scan

Submitted URL: https://autentica-20304.dreamhosters.com/?/SecurityNotifications/Update/132565F65R
Effective URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Submission: On September 21 via manual from BR — Scanned from DE

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 51.178.239.210, located in France and belongs to OVH, FR. The main domain is caixalogin-146522.cloud-fr1.unispace.io.
TLS certificate: Issued by R3 on August 2nd 2022. Valid for: 3 months.
This is the only time caixalogin-146522.cloud-fr1.unispace.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixa (Government)

Domain & IP information

IP Address AS Autonomous System
1 64.90.44.245 26347 (DREAMHOST-AS)
13 51.178.239.210 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
17 4
Apex Domain
Subdomains
Transfer
13 unispace.io
caixalogin-146522.cloud-fr1.unispace.io
255 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 40
1 KB
1 dreamhosters.com
autentica-20304.dreamhosters.com
325 B
17 3
Domain Requested by
13 caixalogin-146522.cloud-fr1.unispace.io caixalogin-146522.cloud-fr1.unispace.io
1 fonts.googleapis.com caixalogin-146522.cloud-fr1.unispace.io
1 autentica-20304.dreamhosters.com
17 3

This site contains no links.

Subject Issuer Validity Valid
*.dreamhosters.com
USERTrust RSA Domain Validation Secure Server CA
2021-09-24 -
2022-09-30
a year crt.sh
*.cloud-fr1.unispace.io
R3
2022-08-02 -
2022-10-31
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-08-29 -
2022-11-21
3 months crt.sh

This page contains 2 frames:

Primary Page: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Frame ID: C9D341DDBC6F74C6B8065DE4583C114C
Requests: 7 HTTP requests in this frame

Frame: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Frame ID: FF42014695C386E38E801146E95DA997
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

🔒 Seja Bem-vindo ao Novo Portal

Page URL History Show full URLs

  1. https://autentica-20304.dreamhosters.com/?/SecurityNotifications/Update/132565F65R Page URL
  2. https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

88 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

257 kB
Transfer

877 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://autentica-20304.dreamhosters.com/?/SecurityNotifications/Update/132565F65R Page URL
  2. https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
autentica-20304.dreamhosters.com/
135 B
325 B
Document
General
Full URL
https://autentica-20304.dreamhosters.com/?/SecurityNotifications/Update/132565F65R
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.90.44.245 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
apache2-yak.bakercity.dreamhost.com
Software
Apache /
Resource Hash
f5d0b3c716620d3539423b0d1f3724822a18ce8cc343a70f1e26a6bea28cc1fb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=600
content-encoding
gzip
content-length
146
content-type
text/html
date
Wed, 21 Sep 2022 14:13:59 GMT
etag
"87-5e92fe846673b-gzip"
expires
Wed, 21 Sep 2022 14:23:59 GMT
last-modified
Wed, 21 Sep 2022 13:27:33 GMT
server
Apache
vary
Accept-Encoding,User-Agent
Primary Request /
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
6 KB
3 KB
Document
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
cdb0f9f7048a0f7d03f38e52734cfbbbe4bcccaef7e6fd094df212dedcaf7e3c
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

Referer
https://autentica-20304.dreamhosters.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
2537
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
date
Wed, 21 Sep 2022 14:14:02 GMT
permissions-policy
geolocation=(self), payment=(self)
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=15811200
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-resolver-ip
51.178.239.210
x-xss-protection
1; mode=block;
bootstrap.min2.css
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/css/
0
0

bootstrap-theme.min2.css
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/css/
0
0

css
fonts.googleapis.com/
2 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Advent+Pro:300|Athiti:200
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
18f38425f46a58efc7f5bb59837e12d6c7fb6eccde1414ca39b53af1cf46b936
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 21 Sep 2022 14:14:02 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 21 Sep 2022 14:14:02 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 21 Sep 2022 14:14:02 GMT
bootstrap.min2.js
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/js/
0
0
Script
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/js/bootstrap.min2.js
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-content-type-options
nosniff
date
Wed, 21 Sep 2022 14:14:02 GMT
referrer-policy
strict-origin-when-cross-origin
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
text/html; charset=iso-8859-1
x-permitted-cross-domain-policies
none
permissions-policy
geolocation=(self), payment=(self)
cross-origin-resource-policy
same-origin
strict-transport-security
max-age=15811200
content-length
196
x-xss-protection
1; mode=block;
cadeado.png
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
30 KB
30 KB
Image
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/cadeado.png
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
d43ad5c9f1b4c6456f68c3de18a43c226255b21eeb4814c880eb09cb1a6fa3c0
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
content-length
30301
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 04 Jun 2018 09:01:54 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"765d-56dcd2f5e8480"
strict-transport-security
max-age=15811200
content-type
image/png
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
home.php
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/ Frame FF42
7 KB
3 KB
Document
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
df123b9fcff1fecceef1f0a8f7b75e60b483f6ed944a595330df99891e826bc9
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
2735
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-origin
date
Wed, 21 Sep 2022 14:14:02 GMT
permissions-policy
geolocation=(self), payment=(self)
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=15811200
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-resolver-ip
51.178.239.210
x-xss-protection
1; mode=block;
reset.css
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/ Frame FF42
1 KB
1 KB
Stylesheet
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/reset.css
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
a58fa15fce0a32b110aa0f328dbe2b80efef8fbbd5ae1890a0b8d99dddcebade
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
vary
Accept-Encoding
content-length
553
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 08 Jan 2018 12:28:50 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"408-56242f0bf8480-gzip"
strict-transport-security
max-age=15811200
content-type
text/css
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
inicio.css
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/ Frame FF42
1 KB
1001 B
Stylesheet
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/inicio.css
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
c3d27712f74945591fe0baab57764985659392668bd0463b2d50ba6bee5468d7
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
vary
Accept-Encoding
content-length
457
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 09 May 2020 17:41:00 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"42a-5a53a9df02300-gzip"
strict-transport-security
max-age=15811200
content-type
text/css
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
angular-material.min.css
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/arq/ Frame FF42
393 KB
39 KB
Stylesheet
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/arq/angular-material.min.css
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
63eaf9edc74a3164913cb6a6d08b7c41c6952b3a5cd34849ee888204d9550363
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
vary
Accept-Encoding
content-length
39642
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 07 Feb 2020 06:16:04 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"624a3-59df653067100-gzip"
strict-transport-security
max-age=15811200
content-type
text/css
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
bulma.min.css
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/arq/ Frame FF42
227 KB
27 KB
Stylesheet
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/arq/bulma.min.css
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
4969118a392bbd7190382dabf6178a3aabd819f0c1e1cbea9d763b18305ad9ae
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
vary
Accept-Encoding
content-length
27224
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 07 Feb 2020 06:16:28 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"38ca5-59df65474a700-gzip"
strict-transport-security
max-age=15811200
content-type
text/css
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
mobile-fisica.css
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/arq/ Frame FF42
8 KB
3 KB
Stylesheet
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/arq/mobile-fisica.css
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
72d83f56e8b0c993783c1727686b6399128279210c1f4caf486ae6316e079f49
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
vary
Accept-Encoding
content-length
2349
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 07 Feb 2020 01:20:40 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"212e-59df23297aa00-gzip"
strict-transport-security
max-age=15811200
content-type
text/css
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
jquery-3.2.1.min.js
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/js/ Frame FF42
85 KB
30 KB
Script
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/js/jquery-3.2.1.min.js
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
vary
Accept-Encoding
content-length
30138
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Sun, 07 Jan 2018 20:06:52 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"15283-5623538f62f00-gzip"
strict-transport-security
max-age=15811200
content-type
application/javascript
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
top2.png
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/images/ Frame FF42
36 KB
36 KB
Image
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/images/top2.png
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
643db4cacc67e642ddad8abbc5fea5b65e0699799c9465cd3faef2a146a88fbe
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
content-length
36808
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 09 May 2020 17:29:52 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"8fc8-5a53a761f4400"
strict-transport-security
max-age=15811200
content-type
image/png
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
script.js
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/ Frame FF42
1 KB
945 B
Script
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/script.js
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
e5a8e4013d1a033e96e74d172609b88347e424904d7bd3db49791a7cb7d2b491
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/home.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
vary
Accept-Encoding
content-length
390
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 20 Feb 2018 00:13:24 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"482-56599adcf5100-gzip"
strict-transport-security
max-age=15811200
content-type
application/javascript
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210
sprites.png
caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/images/ Frame FF42
80 KB
80 KB
Image
General
Full URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/images/sprites.png
Requested by
Host: caixalogin-146522.cloud-fr1.unispace.io
URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/inicio.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.178.239.210 , France, ASN16276 (OVH, FR),
Reverse DNS
ip210.ip-51-178-239.eu
Software
openresty /
Resource Hash
b07f3473f3a889798a93b7b02c3b9399d4814e82765b988aa54edb93f4d5f2c5
Security Headers
Name Value
Strict-Transport-Security max-age=15811200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/inicio.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 14:14:02 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-origin
content-length
81568
x-xss-protection
1; mode=block;
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Jan 2018 15:11:26 GMT
server
openresty
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
etag
"13ea0-561f4bee2c380"
strict-transport-security
max-age=15811200
content-type
image/png
permissions-policy
geolocation=(self), payment=(self)
accept-ranges
bytes
x-resolver-ip
51.178.239.210

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
caixalogin-146522.cloud-fr1.unispace.io
URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/css/bootstrap.min2.css
Domain
caixalogin-146522.cloud-fr1.unispace.io
URL
https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/css/bootstrap-theme.min2.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixa (Government)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| mensagem function| clickIE function| clickNS object| shortcut function| toggleFullScreen

1 Cookies

Domain/Path Name / Value
caixalogin-146522.cloud-fr1.unispace.io/ Name: SRVGROUP
Value: common

3 Console Messages

Source Level URL
Text
security error URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Message:
Refused to apply style from 'https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/css/bootstrap-theme.min2.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network error URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/js/bootstrap.min2.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/
Message:
Refused to apply style from 'https://caixalogin-146522.cloud-fr1.unispace.io/Login-TAXA/SIC11/css/bootstrap.min2.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.