caixabank.es-aplicacion.app
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://caixabank.es-aplicacion.app/gestion/login.php
Submission: On December 01 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by GTS CA 1P5 on November 30th 2022. Valid for: 3 months.
This is the only time caixabank.es-aplicacion.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online) Caixabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 15 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
es-aplicacion.app
2 redirects
caixabank.es-aplicacion.app |
69 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
15 | caixabank.es-aplicacion.app |
2 redirects
caixabank.es-aplicacion.app
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.es-aplicacion.app GTS CA 1P5 |
2022-11-30 - 2023-02-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://caixabank.es-aplicacion.app/gestion/login.php
Frame ID: AC74BC19F4123039A6813575B088C21E
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
CaixaBank | banca digital CaixaBankNowPage URL History Show full URLs
- https://caixabank.es-aplicacion.app/ Page URL
-
https://caixabank.es-aplicacion.app/cdn-cgi/phish-bypass?atok=lxXTJaWj1Y8fcuKVYNFbe5pArmVlY96sMUXpRMmzg3A-166990...
HTTP 301
https://caixabank.es-aplicacion.app/ HTTP 302
https://caixabank.es-aplicacion.app/gestion/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://caixabank.es-aplicacion.app/ Page URL
-
https://caixabank.es-aplicacion.app/cdn-cgi/phish-bypass?atok=lxXTJaWj1Y8fcuKVYNFbe5pArmVlY96sMUXpRMmzg3A-1669901659-0-%2F
HTTP 301
https://caixabank.es-aplicacion.app/ HTTP 302
https://caixabank.es-aplicacion.app/gestion/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
caixabank.es-aplicacion.app/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
caixabank.es-aplicacion.app/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-exclamation.png
caixabank.es-aplicacion.app/cdn-cgi/images/ |
452 B 541 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
login.php
caixabank.es-aplicacion.app/gestion/ Redirect Chain
|
9 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lo_postlogon.css
caixabank.es-aplicacion.app/assets/css/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_caixabank_40.png
caixabank.es-aplicacion.app/assets/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_caixabanknow_postlogon.svg
caixabank.es-aplicacion.app/assets/img/ |
17 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
candado.png
caixabank.es-aplicacion.app/assets/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ico_world_simple.png
caixabank.es-aplicacion.app/assets/img/ |
577 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ico_check.png
caixabank.es-aplicacion.app/assets/img/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ico_keyboard.svg
caixabank.es-aplicacion.app/assets/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
subset-OpenSans-Regular.woff2
caixabank.es-aplicacion.app/assets/fonts/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
subset-OpenSans-SemiBold.woff2
caixabank.es-aplicacion.app/assets/fonts/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online) Caixabank (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.caixabank.es-aplicacion.app/ | Name: __cf_mw_byp Value: lxXTJaWj1Y8fcuKVYNFbe5pArmVlY96sMUXpRMmzg3A-1669901659-0-/ |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
caixabank.es-aplicacion.app
2a06:98c1:3121::3
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
243e7d9077b620eb71838d4b489c0aa63b453912cfa2ca71b5f68a08c69959e1
24b91e08f37840c07f1c4bc304ef3838138c075f110e4fb2e2199cd45dcc85e8
2cf502d4bfb9939d32b2be87835a055a3c274cc4295536df69bb153f882ba677
4c2995d8fb1bd1494a78852123ad929629c6c08eae66de7713478ad3fb4de86e
5ac009489ecf0eb04acecc023afe768a7d42e3f90eba65f46353dd2d8d2f6698
9723a6d5f5ea669e43fd75e6af8770704573ebc065e148c13c78c334654f9007
a1886c3161081ea4ab366124e34709aa5383ef38bf5291022ef82b84527c9adf
c415773700f762431df5906021fa4dc781add89e496394e999b265ff2a8ed66c
cacaa68efb98abd6c15f65473b0978ab3621af319564ad9913b6b0f5c92ccc67
d6ecb42cd8f64d6a0077cb5d871db9b722698158062a4a6317ac611f94372373
d98c938e34aba7578cf28515c91de8e2009eb69fff0b245556a01d44d0c0c0ee
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016