trexsol.com Open in urlscan Pro
192.185.41.153 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://trexsol.com/secure.chase/login
Submission: On January 01 via automatic, source openphish (January 1st 2025, 2:20:15 am UTC) — Scanned from AU

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 14 HTTP transactions. The main IP is 192.185.41.153, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is trexsol.com.
TLS certificate: Issued by R11 on November 22nd 2024. Valid for: 3 months.

This is the only time trexsol.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address	AS Autonomous System
6	192.185.41.153 192.185.41.153	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
3	2404:6800:400... 2404:6800:4006:814::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bb1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.204.4 142.250.204.4	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4006:812::2003	15169 (GOOGLE) (GOOGLE)
1	142.251.221.67 142.251.221.67	15169 (GOOGLE) (GOOGLE)
1	104.18.187.31 104.18.187.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	7

6 192.185.41.153 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: orbegourmet.com

trexsol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4006:814::200a (Sydney, Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bb1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.204.4 (Sydney, Australia)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4006:812::2003 (Sydney, Australia)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.221.67 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.187.31 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	trexsol.com trexsol.com	335 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
2	gstatic.com www.gstatic.com fonts.gstatic.com	235 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	132 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3	968 B
14	5

	Domain	Requested by
6	trexsol.com	trexsol.com
3	fonts.googleapis.com	trexsol.com
2	cdn.jsdelivr.net	trexsol.com cdn.jsdelivr.net
1	fonts.gstatic.com	fonts.googleapis.com
1	www.gstatic.com	www.google.com
1	www.google.com	trexsol.com
14	6

This site contains no links.

Subject Issuer	Validity	Valid
www.gethired.trexsol.com R11	`2024-11-22` - `2025-02-20`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://trexsol.com/secure.chase/login
Frame ID: 5473C73FEC0383F291FC5CD724F4DAC5
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in- chase.com

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

14
Requests

100 %
HTTPS

43 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

706 kB
Transfer

1125 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login Show response
trexsol.com/secure.chase/ 4 KB
1 KB 1251ms
327ms Document
text/html 192.185.41.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://trexsol.com/secure.chase/login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.41.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: orbegourmet.com
Software: nginx/1.23.4 /
Resource Hash: 13a51a1a58a080ee0a4a7306f53d52c4145219b9d2b5ec3601b92a159976b13f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 1305
content-type: text/html; charset=UTF-8
date: Wed, 01 Jan 2025 02:20:09 GMT
server: nginx/1.23.4
vary: Accept-Encoding
x-proxy-cache: EXPIRED
x-server-cache: true

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
2 KB 425ms
243ms Stylesheet
text/css 2404:6800:4006:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans&display=swap

Requested by

Host: trexsol.com
URL: https://trexsol.com/secure.chase/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:814::200a Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

719d2fc548145fa8d8361205f6fcb49eefc54c71fbb18e6320a60a263f40637a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 01 Jan 2025 02:20:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 01 Jan 2025 02:20:10 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 01 Jan 2025 01:04:08 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/ 92 KB
13 KB 82ms
32ms Stylesheet
text/css 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css

Requested by

Host: trexsol.com
URL: https://trexsol.com/secure.chase/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8824f7067cdfea38afec7e9ffaf072125266824206d69ef1f112d72153a505e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"16e26-p4ONiiDb2g7p5MHLfx+DLOmvHBE"
age: 6568907
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7ZK0%2F9JxE%2B0ox1TGcQe4Sl09NqTAIpJXMFfas26kvSFyDRFulDFgsbIi%2FSC0%2FlocQNyhoJ%2FF%2FkIMcrh9WSSwsHVocPBE5zb9gRQKCVryjfq6Y7yl7pPaGQhZnXqSxLcyD08BIW2sZjKaYAd61k%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
date: Wed, 01 Jan 2025 02:20:09 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220110-FRA, cache-lga21932-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8faf07521bf955f0-ADL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12016
server: cloudflare
x-jsd-version: 1.10.5

GET
H2 200 icon
fonts.googleapis.com/ 569 B
417 B 323ms
142ms Stylesheet
text/css 2404:6800:4006:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: trexsol.com
URL: https://trexsol.com/secure.chase/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:814::200a Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 01 Jan 2025 02:20:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 01 Jan 2025 02:20:10 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 01 Jan 2025 02:20:10 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 631 B
844 B 322ms
141ms Stylesheet
text/css 2404:6800:4006:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200

Requested by

Host: trexsol.com
URL: https://trexsol.com/secure.chase/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:814::200a Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

794a78ea2c9e04f9dcf3582566723f748611864d45d82e4883eeda0af4d69d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 01 Jan 2025 02:20:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 01 Jan 2025 02:20:10 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 01 Jan 2025 02:20:10 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 style.css
trexsol.com/secure.chase/ 4 KB
1 KB 275ms
273ms Stylesheet
text/css 192.185.41.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://trexsol.com/secure.chase/style.css
Requested by: Host: trexsol.com
URL: https://trexsol.com/secure.chase/login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.41.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: orbegourmet.com
Software: Apache /
Resource Hash: 4332f777ddb5a29e0c789417572f2f3414053843a477ceea703fc4f14c50121d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/secure.chase/login

Response headers

content-encoding: gzip
accept-ranges: bytes
content-length: 1372
date: Wed, 01 Jan 2025 02:20:10 GMT
last-modified: Tue, 13 Aug 2024 10:40:42 GMT
vary: Accept-Encoding
server: Apache
content-type: text/css

GET
H2 200 responsive.css
trexsol.com/secure.chase/ 2 KB
339 B 276ms
274ms Stylesheet
text/css 192.185.41.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://trexsol.com/secure.chase/responsive.css
Requested by: Host: trexsol.com
URL: https://trexsol.com/secure.chase/login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.41.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: orbegourmet.com
Software: Apache /
Resource Hash: 6e95868f238c4b71e47414db80bed9d327906f5be9f992c32ec7cb9c329256b9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/secure.chase/login

Response headers

content-encoding: gzip
accept-ranges: bytes
content-length: 284
date: Wed, 01 Jan 2025 02:20:10 GMT
last-modified: Sat, 29 Apr 2023 23:18:52 GMT
vary: Accept-Encoding
server: Apache
content-type: text/css

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
968 B 290ms
145ms Script
text/javascript 142.250.204.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: trexsol.com
URL: https://trexsol.com/secure.chase/login

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.204.4 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f4.1e100.net

Software

ESF /

Resource Hash

652e8677aec33767d2a5f229384f79b4f526104bf7e94d7d258070f94743c3cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Wed, 01 Jan 2025 02:20:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Wed, 01 Jan 2025 02:20:10 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 wordmark-white.svg
trexsol.com/secure.chase/assets/images/ 1 KB
1 KB 273ms
272ms Image
image/svg+xml 192.185.41.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trexsol.com/secure.chase/assets/images/wordmark-white.svg
Requested by: Host: trexsol.com
URL: https://trexsol.com/secure.chase/login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.41.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: orbegourmet.com
Software: Apache /
Resource Hash: d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/secure.chase/login

Response headers

accept-ranges: bytes
content-length: 1409
date: Wed, 01 Jan 2025 02:20:10 GMT
last-modified: Sat, 29 Apr 2023 17:29:02 GMT
content-type: image/svg+xml
server: Apache

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/ 547 KB
216 KB 220ms
41ms Script
text/javascript 2404:6800:4006:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:812::2003 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://trexsol.com
Referer: https://trexsol.com/

Response headers

content-encoding: gzip
age: 39031
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Wed, 31 Dec 2025 15:29:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 31 Dec 2024 15:29:39 GMT
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 220882
x-xss-protection: 0
server: sffe

GET
H2 200 background.desktop.day.1.jpeg
trexsol.com/secure.chase/assets/images/ 299 KB
299 KB 547ms
546ms Image
image/jpeg 192.185.41.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trexsol.com/secure.chase/assets/images/background.desktop.day.1.jpeg
Requested by: Host: trexsol.com
URL: https://trexsol.com/secure.chase/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.41.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: orbegourmet.com
Software: nginx/1.23.4 /
Resource Hash: 01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/secure.chase/style.css

Response headers

x-proxy-cache: HIT
x-server-cache: true
content-length: 306152
date: Wed, 01 Jan 2025 02:20:10 GMT
accept-ranges: bytes
content-type: image/jpeg
last-modified: Sat, 29 Apr 2023 17:29:02 GMT
server: nginx/1.23.4

GET
H3 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 18 KB
18 KB 190ms
49ms Font
font/woff2 142.251.221.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f3.1e100.net

Software

sffe /

Resource Hash

e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://trexsol.com
Referer: https://fonts.googleapis.com/

Response headers

age: 272524
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 28 Dec 2025 22:38:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Dec 2024 22:38:06 GMT
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18668
x-xss-protection: 0
server: sffe

GET
H3 200 bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/fonts/ 118 KB
119 KB 51ms
26ms Font
font/woff2 104.18.187.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/fonts/bootstrap-icons.woff2?1fa40e8900654d2863d011707b9fb6f2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.187.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfe45b981d1b91b173361a34cfce5f60893dbd1ac4af2c3ac11fc17552c5401f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://trexsol.com
Referer: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css

Response headers

access-control-expose-headers: *
cf-cache-status: HIT
etag: W/"1d9fc-TA788dzMcpXvwm+r6B/+jyjVlKM"
age: 3560587
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tPFfMRCa8CiLRJ%2FVVmK0MeeIlyW%2F3msHUDkr%2BGnQdtLdzcfzCs24c5xCox8tYAWbGLObWCQ1t6KFczVwoyWMaCACe30ancutdvzDiWNjLhpZrkHyxS2vx7PBptXTwxRgeIA%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
server-timing: cfExtPri
date: Wed, 01 Jan 2025 02:20:10 GMT
content-type: font/woff2
x-served-by: cache-fra-etou8220051-FRA, cache-lga21955-LGA
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8faf07554943ed73-ADL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 121340
server: cloudflare
x-jsd-version: 1.10.5

GET
H2 200 chasefavicon.ico
trexsol.com/secure.chase/assets/images/ 31 KB
31 KB 279ms
279ms Other
image/x-icon 192.185.41.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://trexsol.com/secure.chase/assets/images/chasefavicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.41.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: orbegourmet.com
Software: nginx/1.23.4 /
Resource Hash: 625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trexsol.com/secure.chase/login

Response headers

cache-control: max-age=604800
expires: Tue, 07 Jan 2025 17:11:55 GMT
x-proxy-cache: HIT
x-server-cache: true
content-length: 32038
date: Wed, 01 Jan 2025 02:20:11 GMT
accept-ranges: bytes
content-type: image/x-icon
last-modified: Sat, 29 Apr 2023 17:29:02 GMT
server: nginx/1.23.4

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://trexsol.com/secure.chase/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
trexsol.com
www.google.com
www.gstatic.com
104.18.187.31
142.250.204.4
142.251.221.67
192.185.41.153
2404:6800:4006:812::2003
2404:6800:4006:814::200a
2606:4700::6812:bb1f
01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085
13a51a1a58a080ee0a4a7306f53d52c4145219b9d2b5ec3601b92a159976b13f
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
4332f777ddb5a29e0c789417572f2f3414053843a477ceea703fc4f14c50121d
625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9
652e8677aec33767d2a5f229384f79b4f526104bf7e94d7d258070f94743c3cc
6e95868f238c4b71e47414db80bed9d327906f5be9f992c32ec7cb9c329256b9
719d2fc548145fa8d8361205f6fcb49eefc54c71fbb18e6320a60a263f40637a
794a78ea2c9e04f9dcf3582566723f748611864d45d82e4883eeda0af4d69d95
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
cfe45b981d1b91b173361a34cfce5f60893dbd1ac4af2c3ac11fc17552c5401f
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
d8824f7067cdfea38afec7e9ffaf072125266824206d69ef1f112d72153a505e
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

trexsol.com Open in urlscan Pro 192.185.41.153 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

43 %IPv6

5 Domains

6 Subdomains

7 IPs

3 Countries

706 kBTransfer

1125 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

trexsol.com Open in urlscan Pro
192.185.41.153 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

43 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

706 kB
Transfer

1125 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!