casalva.pt Open in urlscan Pro
188.93.234.31 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight....
Submission: On August 14 via automatic, source openphish (August 14th 2020, 1:20:09 pm UTC)

Summary HTTP 13 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 188.93.234.31, located in Portugal and belongs to NETSOLUTIONS, NL. The main domain is casalva.pt.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 23rd 2020. Valid for: 3 months.

This is the only time casalva.pt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address	AS Autonomous System
8	188.93.234.31 188.93.234.31	47674 (NETSOLUTIONS) (NETSOLUTIONS)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
13	3

8 188.93.234.31 (Portugal)

ASN47674 (NETSOLUTIONS, NL)
PTR: cp01.redelx.com

casalva.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	casalva.pt casalva.pt	1 MB
4	gstatic.com fonts.gstatic.com	58 KB
1	googleapis.com fonts.googleapis.com	903 B
13	3

	Domain	Requested by
8	casalva.pt	casalva.pt
4	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	casalva.pt
13	3

This site contains links to these domains. Also see Links.

Domain
tcsuco-com.eu

Subject Issuer	Validity	Valid
casalva.pt cPanel, Inc. Certification Authority	`2020-06-23` - `2020-09-21`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
Frame ID: D11243BA917FC28006B94786C5DED515
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1123 kB
Transfer

1123 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://tcsuco-com.eu/

Search URL Search Domain Scan URL

URL: https://tcsuco-com.eu/#/help
Title: help

Search URL Search Domain Scan URL

URL: https://tcsuco-com.eu/#/about
Title: About

Search URL Search Domain Scan URL

URL: https://tcsuco-com.eu/#/plus
Title: Got Plus?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login.php Show response
casalva.pt/components/Wetransfer/Wetransfer/ 3 KB
4 KB 359ms
68ms Document
text/html 188.93.234.31
NETSOLUTIONS

General

Check archive.org

Show headers Download Go to

Full URL: https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.93.234.31 , Portugal, ASN47674 (NETSOLUTIONS, NL),
Reverse DNS: cp01.redelx.com
Software: Apache / PHP/7.1.33
Resource Hash: baed645bd3804d07c83042dd45b096c7885c387883b32235d975d3b2f87fb68a

Request headers

:method: GET
:authority: casalva.pt
:scheme: https
:path: /components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 14 Aug 2020 13:19:51 GMT
server: Apache
x-powered-by: PHP/7.1.33
content-type: text/html; charset=UTF-8

GET
H2 200 all.min.css
casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/ 55 KB
55 KB 56ms
55ms Stylesheet
text/css 188.93.234.31
NETSOLUTIONS

General

Check archive.org

Show headers Download Go to

Full URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/all.min.css
Requested by: Host: casalva.pt
URL: https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.93.234.31 , Portugal, ASN47674 (NETSOLUTIONS, NL),
Reverse DNS: cp01.redelx.com
Software: Apache /
Resource Hash: 533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

Referer: https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 14 Aug 2020 13:19:51 GMT
last-modified: Mon, 23 Dec 2019 22:03:34 GMT
server: Apache
accept-ranges: bytes
content-length: 55967
content-type: text/css

GET
H2 200 main.css
casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/ 5 KB
5 KB 55ms
55ms Stylesheet
text/css 188.93.234.31
NETSOLUTIONS

General

Check archive.org

Show headers Download Go to

Full URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/main.css
Requested by: Host: casalva.pt
URL: https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.93.234.31 , Portugal, ASN47674 (NETSOLUTIONS, NL),
Reverse DNS: cp01.redelx.com
Software: Apache /
Resource Hash: 9a8254f8b01042cec4cd63195e0f56c9fdef94e415d9a027dc5cb6e02716af25

Request headers

Referer: https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 14 Aug 2020 13:19:51 GMT
last-modified: Mon, 23 Dec 2019 22:07:42 GMT
server: Apache
accept-ranges: bytes
content-length: 5166
content-type: text/css

GET
H2 200 logo.svg
casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/ 875 B
945 B 54ms
54ms Image
image/svg+xml 188.93.234.31
NETSOLUTIONS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/logo.svg
Requested by: Host: casalva.pt
URL: https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.93.234.31 , Portugal, ASN47674 (NETSOLUTIONS, NL),
Reverse DNS: cp01.redelx.com
Software: Apache /
Resource Hash: 08df5d014ad3e037f1c0a2c3d93c2592c5551cf8b2293ae0043d66b15603c2fc

Request headers

Referer: https://casalva.pt/components/Wetransfer/Wetransfer/login.php?ul=_LkeFUq_VJOXRTIPtoGYDw17dsfsfd18&fid.18InboxLight.aspxn.1774256418&fid.1r245964252813InboxLight94552_Product-email&email=Apar.mumbai@jpmchase.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 14 Aug 2020 13:19:51 GMT
last-modified: Mon, 23 Dec 2019 22:03:34 GMT
server: Apache
accept-ranges: bytes
content-length: 875
content-type: image/svg+xml

GET
H2 200 css
fonts.googleapis.com/ 9 KB
903 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap

Requested by

Host: casalva.pt
URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

280accd43893bdbbf421d8106ac50581dd261c041ef5494fe82e54bb6bdb7689

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 14 Aug 2020 13:19:52 GMT
server: ESF
date: Fri, 14 Aug 2020 13:19:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 14 Aug 2020 13:19:52 GMT

GET
H2 200 files_bg.gif
casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/ 993 KB
1000 KB 55ms
54ms Image
image/gif 188.93.234.31
NETSOLUTIONS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/files_bg.gif
Requested by: Host: casalva.pt
URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/main.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.93.234.31 , Portugal, ASN47674 (NETSOLUTIONS, NL),
Reverse DNS: cp01.redelx.com
Software: Apache /
Resource Hash: e6413f93eb4ac17c642fa8624e3e280960596c53028cee2505040a57f8966a9f

Request headers

Referer: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 14 Aug 2020 13:19:52 GMT
last-modified: Mon, 23 Dec 2019 22:07:28 GMT
server: Apache
accept-ranges: bytes
content-length: 1016841
content-type: image/gif

GET
H2 200 JTURjIg1_i6t8kCHKm45_ZpC3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v14/ 13 KB
13 KB 10ms
6ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_ZpC3gnD_vx3rCs.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://casalva.pt
Referer: https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 15:03:55 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:46:41 GMT
server: sffe
age: 339357
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13640
x-xss-protection: 0
expires: Tue, 10 Aug 2021 15:03:55 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v14/ 13 KB
14 KB 12ms
7ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://casalva.pt
Referer: https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 21:11:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:46:48 GMT
server: sffe
age: 144506
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13708
x-xss-protection: 0
expires: Thu, 12 Aug 2021 21:11:26 GMT

GET
H2 404 fa-solid-900.woff2
casalva.pt/components/Wetransfer/Wetransfer/webfonts/ 0
0 132ms
128ms Font
text/html 188.93.234.31
NETSOLUTIONS

General

Check archive.org

Show headers Download Go to

Full URL: https://casalva.pt/components/Wetransfer/Wetransfer/webfonts/fa-solid-900.woff2
Requested by: Host: casalva.pt
URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/all.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.93.234.31 , Portugal, ASN47674 (NETSOLUTIONS, NL),
Reverse DNS: cp01.redelx.com
Software: Apache /
Resource Hash

Request headers

Origin: https://casalva.pt
Referer: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/all.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 404
date: Fri, 14 Aug 2020 13:19:52 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 200 JTURjIg1_i6t8kCHKm45_bZF3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v14/ 13 KB
13 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_bZF3gnD_vx3rCs.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://casalva.pt
Referer: https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 11 Aug 2020 06:17:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:46:50 GMT
server: sffe
age: 284563
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13464
x-xss-protection: 0
expires: Wed, 11 Aug 2021 06:17:09 GMT

GET
H2 200 rnCu-xZa_krGokauCeNq1wWyWfSFXVAKArc.woff2
fonts.gstatic.com/s/dmseriftext/v4/ 18 KB
18 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmseriftext/v4/rnCu-xZa_krGokauCeNq1wWyWfSFXVAKArc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://casalva.pt
Referer: https://fonts.googleapis.com/css?family=DM+Serif+Text|Montserrat:400,500,600,700&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 05:18:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Nov 2019 21:14:50 GMT
server: sffe
age: 633660
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17964
x-xss-protection: 0
expires: Sat, 07 Aug 2021 05:18:52 GMT

GET
H2 404 fa-solid-900.woff
casalva.pt/components/Wetransfer/Wetransfer/webfonts/ 0
0 62ms
61ms Font
text/html 188.93.234.31
NETSOLUTIONS

General

Check archive.org

Show headers Download Go to

Full URL: https://casalva.pt/components/Wetransfer/Wetransfer/webfonts/fa-solid-900.woff
Requested by: Host: casalva.pt
URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/all.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.93.234.31 , Portugal, ASN47674 (NETSOLUTIONS, NL),
Reverse DNS: cp01.redelx.com
Software: Apache /
Resource Hash

Request headers

Origin: https://casalva.pt
Referer: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/all.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 404
date: Fri, 14 Aug 2020 13:19:52 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 404 fa-solid-900.ttf
casalva.pt/components/Wetransfer/Wetransfer/webfonts/ 0
0 54ms
54ms Font
text/html 188.93.234.31
NETSOLUTIONS

General

Check archive.org

Show headers Download Go to

Full URL: https://casalva.pt/components/Wetransfer/Wetransfer/webfonts/fa-solid-900.ttf
Requested by: Host: casalva.pt
URL: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/all.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.93.234.31 , Portugal, ASN47674 (NETSOLUTIONS, NL),
Reverse DNS: cp01.redelx.com
Software: Apache /
Resource Hash

Request headers

Origin: https://casalva.pt
Referer: https://casalva.pt/components/Wetransfer/Wetransfer/wetransfer_files/all.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 404
date: Fri, 14 Aug 2020 13:19:52 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

casalva.pt
fonts.googleapis.com
fonts.gstatic.com
188.93.234.31
2a00:1450:4001:81d::2003
2a00:1450:4001:820::200a
08df5d014ad3e037f1c0a2c3d93c2592c5551cf8b2293ae0043d66b15603c2fc
280accd43893bdbbf421d8106ac50581dd261c041ef5494fe82e54bb6bdb7689
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
9a8254f8b01042cec4cd63195e0f56c9fdef94e415d9a027dc5cb6e02716af25
baed645bd3804d07c83042dd45b096c7885c387883b32235d975d3b2f87fb68a
e6413f93eb4ac17c642fa8624e3e280960596c53028cee2505040a57f8966a9f

casalva.pt Open in urlscan Pro 188.93.234.31 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1123 kBTransfer

1123 kBSize

0 Cookies

4 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

casalva.pt Open in urlscan Pro
188.93.234.31 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1123 kB
Transfer

1123 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!