206.189.200.99 Open in urlscan Pro
206.189.200.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://206.189.200.99/bemvindoportal.php?04
Submission: On June 08 via automatic, source phishtank (June 8th 2021, 5:34:05 pm UTC)

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 206.189.200.99, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is 206.189.200.99.

This is the only time 206.189.200.99 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Caixa (Government)

Domain & IP information

	IP Address	AS Autonomous System
4	206.189.200.99 206.189.200.99	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
5 17	95.100.200.80 95.100.200.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
18	3

4 206.189.200.99 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

206.189.200.99	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 95.100.200.80 (Paris, France) 5 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-100-200-80.deploy.static.akamaitechnologies.com

internetbanking.caixa.gov.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	caixa.gov.br 5 redirects internetbanking.caixa.gov.br	177 KB
0	Failed function sub() { [native code] }. Failed
18	2

	Domain	Requested by
17	internetbanking.caixa.gov.br	5 redirects 206.189.200.99 internetbanking.caixa.gov.br
0	dghlnijganhlceoeehiahcjaokidbadp Failed	206.189.200.99
18	2

This site contains no links.

Subject Issuer	Validity	Valid
internetbanking.caixa.gov.br DigiCert SHA2 Secure Server CA	`2021-04-13` - `2022-04-18`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://206.189.200.99/bemvindoportal.php?04
Frame ID: 951D3FF7552AB793A2568918DC862B71
Requests: 1 HTTP requests in this frame

Frame: http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T
Frame ID: EBBD78D9ACDD452EC4ADC0FBAE9E4F6D
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

18
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

196 kB
Transfer

494 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap.css?v=38 HTTP 302
https://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap.css?v=38

Request Chain 2

http://internetbanking.caixa.gov.br/statics-core/css/login.css?v=38 HTTP 302
https://internetbanking.caixa.gov.br/statics-core/css/login.css?v=38

Request Chain 3

http://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 HTTP 302
https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38

Request Chain 4

http://internetbanking.caixa.gov.br/statics-components/js/componentes/loading/loading.css?v=38 HTTP 302
https://internetbanking.caixa.gov.br/statics-components/js/componentes/loading/loading.css?v=38

Request Chain 13

http://internetbanking.caixa.gov.br/statics-portal/conteudo_login/PRODUCAO_INTER/17112020_100934_img.jpg HTTP 302
https://internetbanking.caixa.gov.br/statics-portal/conteudo_login/PRODUCAO_INTER/17112020_100934_img.jpg

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set bemvindoportal.php Show response 206.189.200.99/	1 KB 944 B	201ms 195ms	Document text/html	206.189.200.99 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL http://206.189.200.99/bemvindoportal.php?04 Protocol HTTP/1.1 Server 206.189.200.99 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `d026720c5d15c2acb8ff812e8fa71dea1c4a6400a717a1b41365074bb4ab844f` Request headers Host 206.189.200.99 Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 17:33:47 GMT Server Apache/2.4.29 (Ubuntu) Set-Cookie PHPSESSID=jct1ho8nha72gr5ek6foraare3; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Vary Accept-Encoding Content-Encoding gzip Content-Length 524 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	portallogin.html Show response 206.189.200.99/ Frame EBBD	77 KB 20 KB	105ms 104ms	Document text/html	206.189.200.99 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Requested by Host: 206.189.200.99 URL: http://206.189.200.99/bemvindoportal.php?04 Protocol HTTP/1.1 Server 206.189.200.99 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `bf6f766f9e8a08d7ffe39c9fb2993aa7804d82157baef6e208c6f1bc25ebad0a` Request headers Host 206.189.200.99 Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://206.189.200.99/bemvindoportal.php?04 Accept-Encoding gzip, deflate Accept-Language en-US Cookie PHPSESSID=jct1ho8nha72gr5ek6foraare3 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer http://206.189.200.99/bemvindoportal.php?04 Response headers Date Tue, 08 Jun 2021 17:33:47 GMT Server Apache/2.4.29 (Ubuntu) Last-Modified Tue, 01 Jun 2021 14:02:34 GMT ETag "132d1-5c3b4cb2ff280-gzip" Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 19760 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html
GET H2	200	bootstrap.css internetbanking.caixa.gov.br/statics-core/bootstrap/css/ Frame EBBD Redirect Chain http://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap.css?v=38 https://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap.css?v=38	136 B 322 B	82ms 41ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap.css?v=38 Requested by Host: 206.189.200.99 URL: http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `d5397da43bad40d1b17a76208a614a6b503a814bc38b8cab5ab99594bb055123` Request headers Referer http://206.189.200.99/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT last-modified Sat, 29 May 2021 20:51:06 GMT etag "402e1-88-5c37e26b14280" content-type text/css cache-control max-age=64798 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 136 Redirect headers Location https://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap.css?v=38 Date Tue, 08 Jun 2021 17:33:48 GMT Cache-Control max-age=604793 Server-Timing cdn-cache; desc=MISS, edge; dur=28, origin; dur=395 Content-Length 0 Connection keep-alive
GET H2	200	login.css internetbanking.caixa.gov.br/statics-core/css/ Frame EBBD Redirect Chain http://internetbanking.caixa.gov.br/statics-core/css/login.css?v=38 https://internetbanking.caixa.gov.br/statics-core/css/login.css?v=38	154 B 340 B	77ms 34ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/css/login.css?v=38 Requested by Host: 206.189.200.99 URL: http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `a3edfbdb0f7aab25f420d56d2d41bc388463cd70c9f0dadcb067aaf02264248a` Request headers Referer http://206.189.200.99/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT last-modified Sat, 29 May 2021 20:51:06 GMT etag "401e3-9a-5c37e26b14280" content-type text/css cache-control max-age=64716 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 154 Redirect headers Location https://internetbanking.caixa.gov.br/statics-core/css/login.css?v=38 Date Tue, 08 Jun 2021 17:33:48 GMT Cache-Control max-age=604800 Server-Timing cdn-cache; desc=MISS, edge; dur=23, origin; dur=395 Content-Length 0 Connection keep-alive
GET H2	200	principal.css internetbanking.caixa.gov.br/statics-core/css/ Frame EBBD Redirect Chain http://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38	352 B 539 B	77ms 33ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 Requested by Host: 206.189.200.99 URL: http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `8f587cb8a75399b59f0613d30c9177e087672839d6e4b1b98383f14b6b3ce204` Request headers Referer http://206.189.200.99/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT last-modified Sat, 29 May 2021 20:51:06 GMT etag "401f3-160-5c37e26b14280" content-type text/css cache-control max-age=64800 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 352 Redirect headers Location https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 Date Tue, 08 Jun 2021 17:33:48 GMT Cache-Control max-age=604800 Server-Timing cdn-cache; desc=MISS, edge; dur=20, origin; dur=397 Content-Length 0 Connection keep-alive
GET H2	200	loading.css internetbanking.caixa.gov.br/statics-components/js/componentes/loading/ Frame EBBD Redirect Chain http://internetbanking.caixa.gov.br/statics-components/js/componentes/loading/loading.css?v=38 https://internetbanking.caixa.gov.br/statics-components/js/componentes/loading/loading.css?v=38	594 B 781 B	72ms 38ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-components/js/componentes/loading/loading.css?v=38 Requested by Host: 206.189.200.99 URL: http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `5edc6e8bd56e97283b90f1af114f96f14ca0c5c7ac5ea792e749642389c0018b` Request headers Referer http://206.189.200.99/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT last-modified Sat, 29 May 2021 20:50:58 GMT etag "411f7-252-5c37e26373080" content-type text/css cache-control max-age=64780 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 594 Redirect headers Location https://internetbanking.caixa.gov.br/statics-components/js/componentes/loading/loading.css?v=38 Date Tue, 08 Jun 2021 17:33:48 GMT Cache-Control max-age=604784 Server-Timing cdn-cache; desc=MISS, edge; dur=20, origin; dur=404 Content-Length 0 Connection keep-alive
GET H/1.1	404 Not Found	jquery.js 206.189.200.99/statics-core/js/lib/ Frame EBBD	0 0	101ms 100ms	Script text/html	206.189.200.99 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL http://206.189.200.99/statics-core/js/lib/jquery.js Requested by Host: 206.189.200.99 URL: http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Protocol HTTP/1.1 Server 206.189.200.99 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 206.189.200.99 Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Cookie PHPSESSID=jct1ho8nha72gr5ek6foraare3 Connection keep-alive Cache-Control no-cache Referer http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 17:33:47 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 276 Content-Type text/html; charset=iso-8859-1
GET H2	200	style.css internetbanking.caixa.gov.br/statics-core/css/ Frame EBBD	67 KB 12 KB	43ms 42ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/css/style.css?v=38 Requested by Host: internetbanking.caixa.gov.br URL: https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `383e2a9097be8b34bdded86a173076d1333e679511f0b3ac7c20c95ce7795187` Request headers Referer https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT content-encoding gzip last-modified Sat, 29 May 2021 20:51:06 GMT etag "41c78-10da7-5c37e26b14280" vary Accept-Encoding content-type text/css cache-control max-age=64732 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 12498
GET H2	200	print.css internetbanking.caixa.gov.br/statics-core/css/ Frame EBBD	12 KB 3 KB	43ms 42ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/css/print.css?v=38 Requested by Host: internetbanking.caixa.gov.br URL: https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `13dc88ddf97c546c10cbe491e3b3c0be872c5bfa3b059eb25c31b40a7090bef7` Request headers Referer https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT content-encoding gzip last-modified Sat, 29 May 2021 20:51:06 GMT etag "401e4-3091-5c37e26b14280" vary Accept-Encoding content-type text/css cache-control max-age=64783 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 2521
GET H2	200	principal_desktop.css internetbanking.caixa.gov.br/statics-core/css/ Frame EBBD	62 KB 12 KB	53ms 53ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/css/principal_desktop.css?v=38 Requested by Host: internetbanking.caixa.gov.br URL: https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `b57dbe6ece1f6eb21f54618a746d0063d8db30136b5c94fb63eb29e4429e4474` Request headers Referer https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT content-encoding gzip last-modified Sat, 29 May 2021 20:51:06 GMT etag "41c7e-f86b-5c37e26b14280" vary Accept-Encoding content-type text/css cache-control max-age=64746 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 11953
GET H2	200	datalist.css internetbanking.caixa.gov.br/statics-core/css/ Frame EBBD	2 KB 981 B	46ms 46ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/css/datalist.css?v=38 Requested by Host: internetbanking.caixa.gov.br URL: https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `8eede361637e3b42a616c308b76c5e7631496d42fbe280fd57077581ac5371a4` Request headers Referer https://internetbanking.caixa.gov.br/statics-core/css/principal.css?v=38 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT content-encoding gzip last-modified Sat, 29 May 2021 20:51:06 GMT etag "42436-85f-5c37e26b14280" vary Accept-Encoding content-type text/css cache-control max-age=64717 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 774
GET H2	200	login_desktop.css internetbanking.caixa.gov.br/statics-core/css/ Frame EBBD	8 KB 2 KB	52ms 52ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/css/login_desktop.css?v=36 Requested by Host: internetbanking.caixa.gov.br URL: https://internetbanking.caixa.gov.br/statics-core/css/login.css?v=38 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `c3892915c37eb021a8fe755d9ce38777b98c6c7bd9c1e090f824a485cadfe460` Request headers Referer https://internetbanking.caixa.gov.br/statics-core/css/login.css?v=38 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT content-encoding gzip last-modified Sat, 29 May 2021 20:51:06 GMT etag "41c7c-1f04-5c37e26b14280" vary Accept-Encoding content-type text/css cache-control max-age=64801 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 2320
GET H2	200	bootstrap_desktop.css internetbanking.caixa.gov.br/statics-core/bootstrap/css/ Frame EBBD	141 KB 20 KB	52ms 51ms	Stylesheet text/css	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap_desktop.css Requested by Host: internetbanking.caixa.gov.br URL: https://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap.css?v=38 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `bc9a46579160c853e68e60398e41d1a7edacfac7f41068c35ea49503e540d0d1` Request headers Referer https://internetbanking.caixa.gov.br/statics-core/bootstrap/css/bootstrap.css?v=38 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT content-encoding gzip last-modified Sat, 29 May 2021 20:51:06 GMT etag "41c87-23447-5c37e26b14280" vary Accept-Encoding content-type text/css cache-control max-age=64782 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 20467
GET H2	200	sprites.png internetbanking.caixa.gov.br/statics-core/img/ Frame EBBD	80 KB 80 KB	27ms 26ms	Image image/png	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://internetbanking.caixa.gov.br/statics-core/img/sprites.png Requested by Host: internetbanking.caixa.gov.br URL: https://internetbanking.caixa.gov.br/statics-core/css/login_desktop.css?v=36 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `b07f3473f3a889798a93b7b02c3b9399d4814e82765b988aa54edb93f4d5f2c5` Request headers Referer https://internetbanking.caixa.gov.br/statics-core/css/login_desktop.css?v=36 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT last-modified Sat, 29 May 2021 20:51:04 GMT etag "42378-13ea0-5c37e2692be00" content-type image/png cache-control max-age=2051973 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 81568
GET H2	200	17112020_100934_img.jpg internetbanking.caixa.gov.br/statics-portal/conteudo_login/PRODUCAO_INTER/ Frame EBBD Redirect Chain http://internetbanking.caixa.gov.br/statics-portal/conteudo_login/PRODUCAO_INTER/17112020_100934_img.jpg https://internetbanking.caixa.gov.br/statics-portal/conteudo_login/PRODUCAO_INTER/17112020_100934_img.jpg	43 KB 43 KB	27ms 26ms	Image image/jpeg	95.100.200.80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://internetbanking.caixa.gov.br/statics-portal/conteudo_login/PRODUCAO_INTER/17112020_100934_img.jpg Requested by Host: 206.189.200.99 URL: http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.100.200.80 Paris, France, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a95-100-200-80.deploy.static.akamaitechnologies.com Software / Resource Hash `e746c6c794e5e5fd6a63b81b941dc6a11a80df25354592c502c163ceb705baeb` Request headers Referer http://206.189.200.99/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 08 Jun 2021 17:33:48 GMT last-modified Tue, 17 Nov 2020 13:12:19 GMT etag "806a4-aaa1-5b44d3e9532c0" content-type image/jpeg cache-control max-age=2051959 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 43681 Redirect headers Location https://internetbanking.caixa.gov.br/statics-portal/conteudo_login/PRODUCAO_INTER/17112020_100934_img.jpg Date Tue, 08 Jun 2021 17:33:48 GMT Cache-Control max-age=2592000 Server-Timing cdn-cache; desc=MISS, edge; dur=13, origin; dur=397 Content-Length 0 Connection keep-alive
GET H/1.1	404 Not Found	jquery.js 206.189.200.99/statics-core/js/lib/ Frame EBBD	0 0	100ms 100ms	Script text/html	206.189.200.99 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL http://206.189.200.99/statics-core/js/lib/jquery.js Requested by Host: 206.189.200.99 URL: http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Protocol HTTP/1.1 Server 206.189.200.99 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 206.189.200.99 Accept-Language en-US User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept / Referer http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T Cookie PHPSESSID=jct1ho8nha72gr5ek6foraare3 Connection keep-alive Cache-Control no-cache Referer http://206.189.200.99/portallogin.html?asistema=W71D7RQGW71D-FT2T-W71DFT2TFT2T-BW79FT2T User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 08 Jun 2021 17:33:48 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 276 Content-Type text/html; charset=iso-8859-1
GET		ACCELERATION.mp3 dghlnijganhlceoeehiahcjaokidbadp/sons/ Frame EBBD	0 0

GET		BRAKE.mp3 dghlnijganhlceoeehiahcjaokidbadp/sons/ Frame EBBD	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dghlnijganhlceoeehiahcjaokidbadp
URL: chrome-extension://dghlnijganhlceoeehiahcjaokidbadp/sons/ACCELERATION.mp3

Domain: dghlnijganhlceoeehiahcjaokidbadp
URL: chrome-extension://dghlnijganhlceoeehiahcjaokidbadp/sons/BRAKE.mp3

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Caixa (Government)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			206.189.200.99/	1969-12-31 23:59:59	Name: PHPSESSID Value: jct1ho8nha72gr5ek6foraare3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dghlnijganhlceoeehiahcjaokidbadp
internetbanking.caixa.gov.br
dghlnijganhlceoeehiahcjaokidbadp
206.189.200.99
95.100.200.80
13dc88ddf97c546c10cbe491e3b3c0be872c5bfa3b059eb25c31b40a7090bef7
383e2a9097be8b34bdded86a173076d1333e679511f0b3ac7c20c95ce7795187
5edc6e8bd56e97283b90f1af114f96f14ca0c5c7ac5ea792e749642389c0018b
8eede361637e3b42a616c308b76c5e7631496d42fbe280fd57077581ac5371a4
8f587cb8a75399b59f0613d30c9177e087672839d6e4b1b98383f14b6b3ce204
a3edfbdb0f7aab25f420d56d2d41bc388463cd70c9f0dadcb067aaf02264248a
b07f3473f3a889798a93b7b02c3b9399d4814e82765b988aa54edb93f4d5f2c5
b57dbe6ece1f6eb21f54618a746d0063d8db30136b5c94fb63eb29e4429e4474
bc9a46579160c853e68e60398e41d1a7edacfac7f41068c35ea49503e540d0d1
bf6f766f9e8a08d7ffe39c9fb2993aa7804d82157baef6e208c6f1bc25ebad0a
c3892915c37eb021a8fe755d9ce38777b98c6c7bd9c1e090f824a485cadfe460
d026720c5d15c2acb8ff812e8fa71dea1c4a6400a717a1b41365074bb4ab844f
d5397da43bad40d1b17a76208a614a6b503a814bc38b8cab5ab99594bb055123
e746c6c794e5e5fd6a63b81b941dc6a11a80df25354592c502c163ceb705baeb

206.189.200.99 Open in urlscan Pro 206.189.200.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

18 Requests

67 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

196 kBTransfer

494 kBSize

1 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

206.189.200.99 Open in urlscan Pro
206.189.200.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

196 kB
Transfer

494 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!