casteval.com.br Open in urlscan Pro
54.39.16.238 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163
Submission: On December 15 via automatic, source openphish (December 15th 2021, 1:14:33 pm UTC) — Scanned from CA

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 54.39.16.238, located in Beauharnois, Canada and belongs to OVH, FR. The main domain is casteval.com.br.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 26th 2021. Valid for: 3 months.

This is the only time casteval.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address		AS Autonomous System
10	54.39.16.238 54.39.16.238		16276 (OVH) (OVH)
10	1

10 54.39.16.238 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: ns555496.ip-54-39-16.net

casteval.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	casteval.com.br casteval.com.br	2 MB
10	1

	Domain	Requested by
10	casteval.com.br	casteval.com.br
10	1

This site contains no links.

Subject Issuer	Validity	Valid
casteval.com.br cPanel, Inc. Certification Authority	`2021-10-26` - `2022-01-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163
Frame ID: F58394F10388CF04557107D63C71FB12
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chase Online

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2284 kB
Transfer

2283 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request sign_in.php Show response casteval.com.br/aler/ser/	6 KB 6 KB	51ms 12ms	Document text/html	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Full URL https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash `af34038574aad74d6a647ea52b0633312261ad89c017ef3d860777ff2037d448` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language en-CA,en;q=0.9 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	style.css casteval.com.br/aler/ser/css/	9 KB 10 KB	13ms 13ms	Stylesheet text/css	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Full URL https://casteval.com.br/aler/ser/css/style.css Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash `3135f6721eb16532d600785c201da0e0901ba79d97a68ccf2bb09029052ee9b1` Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Last-Modified Tue, 09 Jun 2020 06:14:20 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 9684
GET H/1.1	200 OK	blue-ui.css casteval.com.br/aler/ser/style/css/	396 KB 396 KB	28ms 14ms	Stylesheet text/css	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Full URL https://casteval.com.br/aler/ser/style/css/blue-ui.css Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash `a054554812c09bcd6e28618753061066ae6273f3af38e7cba62adeb7f1a5c348` Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Last-Modified Sun, 03 Jun 2018 21:17:42 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 405034
GET H/1.1	200 OK	logon.css casteval.com.br/aler/ser/style/css/	128 KB 128 KB	35ms 12ms	Stylesheet text/css	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Full URL https://casteval.com.br/aler/ser/style/css/logon.css Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash `beaf04b1508ee134c7053a40e11f0a70faad6ac2dabad8cf8d288a77193f10df` Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Last-Modified Sun, 03 Jun 2018 20:14:48 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 131144
GET H/1.1	404 Not Found	angular.min.js casteval.com.br/aler/ser/style/js/	0 0	343ms 320ms	Script text/html	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Full URL https://casteval.com.br/aler/ser/style/js/angular.min.js Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://casteval.com.br/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=100 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	jquery.min.js casteval.com.br/aler/ser/style/js/	0 0	344ms 316ms	Script text/html	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Full URL https://casteval.com.br/aler/ser/style/js/jquery.min.js Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://casteval.com.br/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=100 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	jquery.validate.min.js casteval.com.br/aler/ser/style/js/	0 0	348ms 321ms	Script text/html	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Full URL https://casteval.com.br/aler/ser/style/js/jquery.validate.min.js Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://casteval.com.br/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=100 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	wordmark-white.svg casteval.com.br/aler/ser/images/	1 KB 2 KB	11ms 11ms	Image image/svg+xml	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://casteval.com.br/aler/ser/images/wordmark-white.svg Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash `d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0` Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Last-Modified Mon, 21 May 2018 15:28:38 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1409
GET H/1.1	200 OK	background.jpeg casteval.com.br/aler/ser/images/	2 MB 2 MB	12ms 11ms	Image image/jpeg	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://casteval.com.br/aler/ser/images/background.jpeg Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash `ba19d0d5367c224ebe1e26cee56109309fda61bf439dd138d7d6852ce2e5268a` Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/sign_in.php?session=3D303165623163 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Last-Modified Tue, 09 Jun 2020 00:32:40 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 1776816
GET H/1.1	404 Not Found	bg.jpg casteval.com.br/aler/ser/images/	8 KB 8 KB	240ms 240ms	Image text/html	54.39.16.238 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://casteval.com.br/aler/ser/images/bg.jpg Requested by Host: casteval.com.br URL: https://casteval.com.br/aler/ser/css/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.39.16.238 Beauharnois, Canada, ASN16276 (OVH, FR), Reverse DNS ns555496.ip-54-39-16.net Software Apache / Resource Hash `d5e93e592f2fba9106c8a4514c415c5310d2c7e1d525f550e0d28be2cb73e965` Request headers Accept-Language en-CA,en;q=0.9 Referer https://casteval.com.br/aler/ser/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 15 Dec 2021 13:14:29 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://casteval.com.br/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=98 Expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://casteval.com.br/aler/ser/style/js/angular.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://casteval.com.br/aler/ser/style/js/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://casteval.com.br/aler/ser/style/js/jquery.validate.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://casteval.com.br/aler/ser/images/bg.jpg Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

casteval.com.br
54.39.16.238
3135f6721eb16532d600785c201da0e0901ba79d97a68ccf2bb09029052ee9b1
a054554812c09bcd6e28618753061066ae6273f3af38e7cba62adeb7f1a5c348
af34038574aad74d6a647ea52b0633312261ad89c017ef3d860777ff2037d448
ba19d0d5367c224ebe1e26cee56109309fda61bf439dd138d7d6852ce2e5268a
beaf04b1508ee134c7053a40e11f0a70faad6ac2dabad8cf8d288a77193f10df
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
d5e93e592f2fba9106c8a4514c415c5310d2c7e1d525f550e0d28be2cb73e965

casteval.com.br Open in urlscan Pro 54.39.16.238 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

2284 kBTransfer

2283 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

casteval.com.br Open in urlscan Pro
54.39.16.238 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2284 kB
Transfer

2283 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!