casteval.com.br
Open in
urlscan Pro
54.39.16.238
Malicious Activity!
Public Scan
Submission: On December 15 via automatic, source openphish — Scanned from CA
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 26th 2021. Valid for: 3 months.
This is the only time casteval.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 54.39.16.238 54.39.16.238 | 16276 (OVH) (OVH) | |
10 | 1 |
ASN16276 (OVH, FR)
PTR: ns555496.ip-54-39-16.net
casteval.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
casteval.com.br
casteval.com.br |
2 MB |
10 | 1 |
Domain | Requested by | |
---|---|---|
10 | casteval.com.br |
casteval.com.br
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
casteval.com.br cPanel, Inc. Certification Authority |
2021-10-26 - 2022-01-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163
Frame ID: F58394F10388CF04557107D63C71FB12
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
sign_in.php
casteval.com.br/aler/ser/ |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
casteval.com.br/aler/ser/css/ |
9 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blue-ui.css
casteval.com.br/aler/ser/style/css/ |
396 KB 396 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logon.css
casteval.com.br/aler/ser/style/css/ |
128 KB 128 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular.min.js
casteval.com.br/aler/ser/style/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
casteval.com.br/aler/ser/style/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
casteval.com.br/aler/ser/style/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wordmark-white.svg
casteval.com.br/aler/ser/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.jpeg
casteval.com.br/aler/ser/images/ |
2 MB 2 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
casteval.com.br/aler/ser/images/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
casteval.com.br
54.39.16.238
3135f6721eb16532d600785c201da0e0901ba79d97a68ccf2bb09029052ee9b1
a054554812c09bcd6e28618753061066ae6273f3af38e7cba62adeb7f1a5c348
af34038574aad74d6a647ea52b0633312261ad89c017ef3d860777ff2037d448
ba19d0d5367c224ebe1e26cee56109309fda61bf439dd138d7d6852ce2e5268a
beaf04b1508ee134c7053a40e11f0a70faad6ac2dabad8cf8d288a77193f10df
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
d5e93e592f2fba9106c8a4514c415c5310d2c7e1d525f550e0d28be2cb73e965