Report - caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php

Report Overview

Visited public
2025-04-03 11:21:01
Tags
URL
caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php
Finishing URL
caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php
IP / ASN
172.67.166.7
#13335 CLOUDFLARENET
Title
403 Forbidden

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
caixadirectacertifiquecliente.com	unknown	2025-04-01	2025-04-02	2025-04-02	1.6 kB	2.0 kB	104.21.11.124

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-01	medium	caixadirectacertifiquecliente.com/	Caixa Geral de Depositos
2025-04-01	medium	caixadirectacertifiquecliente.com/	Caixa Geral de Depositos
2025-04-01	medium	caixadirectacertifiquecliente.com/	Caixa Geral de Depositos

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-03	medium	caixadirectacertifiquecliente.com	Sinkholed
2025-04-03	medium	caixadirectacertifiquecliente.com	Sinkholed
2025-04-03	medium	caixadirectacertifiquecliente.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

caixadirectacertifiquecliente.com/favicon.ico

104.21.11.124

404 Not Found

319 B

URL GET
caixadirectacertifiquecliente.com/favicon.ico
IP
104.21.11.124:80
ASN
#13335 CLOUDFLARENET

Requested by
http://caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php

File type
HTML document, ASCII text, with very long lines (330), with no line terminators
Size
319 B (319 bytes)
Hash
301bfecec2c0a591b72858fa5383b4c4
349a603ee3cda726db1689a1ff8c694c1188f7c0
d5de67fe9eaec9aa34574a3977d1c96b933469ed283f96a964f46fcf59178153

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Caixa Geral de Depositos
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: caixadirectacertifiquecliente.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 03 Apr 2025 11:20:40 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
cf-cache-status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NDT5ps%2F9Q2XYGqxhiW6txcREughRNlNqh%2F4wHeuO0W1zaVibU0curLJf5drlLiXSZE39QwNw%2F%2BjPbMGDnSMuqen40oKe36AAUAb043n1DallO81JgVM%2FZx5drkBEq2D%2B0BDYUmYdgYzPKvM6%2BCFb45gd7aI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 92a82d932f54b524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=493&min_rtt=396&rtt_var=179&sent=4&recv=6&lost=0&retrans=0&sent_bytes=395&recv_bytes=1003&delivery_rate=5815261&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php

172.67.166.7

403 Forbidden

151 B

URL User Request GET
caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php
IP
172.67.166.7:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcaixadirectacertifiquecliente.com
FingerprintFF:5B:AB:23:32:B6:A3:E8:EA:A0:76:9A:45:EB:96:30:85:A1:D4:6F
ValidityTue, 01 Apr 2025 17:04:03 GMT - Mon, 30 Jun 2025 18:02:31 GMT

File type
HTML document, ASCII text, with no line terminators
Size
151 B (151 bytes)
Hash
f3b3b8bce21cef2b66afcdb3da999914
82178c69f404ff625d900a0bf5b29eafc0524a85
f50ef31a0981639697ee35ea671b25571f369746a3fb0983da8611a1acd2f357

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Caixa Geral de Depositos
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php HTTP/1.1
Host: caixadirectacertifiquecliente.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 03 Apr 2025 11:20:39 GMT
content-type: text/html
server: cloudflare
cf-ray: 92a82d8ebf6beb4c-CPH
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php

104.21.11.124

403 Forbidden

151 B

URL User Request GET
caixadirectacertifiquecliente.com/cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php
IP
104.21.11.124:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with no line terminators
Size
151 B (151 bytes)
Hash
f3b3b8bce21cef2b66afcdb3da999914
82178c69f404ff625d900a0bf5b29eafc0524a85
f50ef31a0981639697ee35ea671b25571f369746a3fb0983da8611a1acd2f357

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Caixa Geral de Depositos
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/phish-bypass?atok=XYBV84cFOrlvvgV3huhxRlOHVjwJM7sYNM.vTkm9uGs-1743678178.2510283-0.0.1.1-%2Faceda.php HTTP/1.1
Host: caixadirectacertifiquecliente.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 03 Apr 2025 11:20:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
CF-RAY: 92a82d906b79b524-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers