floresevegetais.com.br Open in urlscan Pro
162.241.62.115 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://chasrdr.online/
Effective URL:
https://floresevegetais.com.br/z/login
Submission Tags: @ecarlesi threat phishing chase Search All
Submission: On September 01 via api (September 1st 2024, 2:01:25 am UTC) from IT — Scanned from IT

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 14 HTTP transactions. The main IP is 162.241.62.115, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is floresevegetais.com.br.
TLS certificate: Issued by R10 on August 11th 2024. Valid for: 3 months.

This is the only time floresevegetais.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.255.119.78 162.255.119.78	22612 (NAMECHEAP...) (NAMECHEAP-NET)
6	162.241.62.115 162.241.62.115	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
3	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
1	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	104.18.186.31 104.18.186.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	7

1 162.255.119.78 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

chasrdr.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.241.62.115 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-62-115.unifiedlayer.com

floresevegetais.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.186.31 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	floresevegetais.com.br floresevegetais.com.br	335 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	3 KB
2	gstatic.com www.gstatic.com fonts.gstatic.com	232 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	131 KB
1	google.com www.google.com — Cisco Umbrella Rank: 10	968 B
1	chasrdr.online 1 redirects chasrdr.online	254 B
14	6

	Domain	Requested by
6	floresevegetais.com.br	floresevegetais.com.br
3	fonts.googleapis.com	floresevegetais.com.br
2	cdn.jsdelivr.net	floresevegetais.com.br cdn.jsdelivr.net
1	fonts.gstatic.com	fonts.googleapis.com
1	www.gstatic.com	www.google.com
1	www.google.com	floresevegetais.com.br
1	chasrdr.online	1 redirects
14	7

This site contains no links.

Subject Issuer	Validity	Valid
*.floresevegetais.com.br R10	`2024-08-11` - `2024-11-09`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.google.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://floresevegetais.com.br/z/login
Frame ID: 2A24649DADD19BD2775A77CCBD5C55CE
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in- chase.com

Page URL History Show full URLs

http://chasrdr.online/ HTTP 307
https://chasrdr.online/ HTTP 307
http://chasrdr.online/ HTTP 302
https://floresevegetais.com.br/z/login Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

703 kB
Transfer

1116 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://chasrdr.online/ HTTP 307
https://chasrdr.online/ HTTP 307
http://chasrdr.online/ HTTP 302
https://floresevegetais.com.br/z/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
floresevegetais.com.br/z/
Redirect Chain

http://chasrdr.online/
https://chasrdr.online/
http://chasrdr.online/
https://floresevegetais.com.br/z/login

4 KB
1 KB

425ms
147ms

Document
text/html

162.241.62.115
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://floresevegetais.com.br/z/login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.62.115 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-62-115.unifiedlayer.com
Software: Apache /
Resource Hash: 13a51a1a58a080ee0a4a7306f53d52c4145219b9d2b5ec3601b92a159976b13f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 1305
content-type: text/html; charset=UTF-8
date: Sun, 01 Sep 2024 02:01:20 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 61
Content-Type: text/html; charset=utf-8
Date: Sun, 01 Sep 2024 02:01:20 GMT
Location: https://floresevegetais.com.br/z/login
Server: namecheap-nginx
X-Served-By: Namecheap URL Forward

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
2 KB 109ms
39ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans&display=swap

Requested by

Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

12eebba255ce6f856459cab6b183b507be0417a322f46faf7dd71b3c4b0eec27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://floresevegetais.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 01 Sep 2024 02:01:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 01 Sep 2024 00:46:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 01 Sep 2024 02:01:21 GMT

GET
H2 200 bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/ 92 KB
12 KB 71ms
18ms Stylesheet
text/css 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css

Requested by

Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d8824f7067cdfea38afec7e9ffaf072125266824206d69ef1f112d72153a505e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://floresevegetais.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 01 Sep 2024 02:01:21 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2075400
x-jsd-version: 1.10.5
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 12016
x-served-by: cache-fra-etou8220110-FRA, cache-mxp6965-MXP
x-jsd-version-type: version
etag: W/"16e26-p4ONiiDb2g7p5MHLfx+DLOmvHBE"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 icon
fonts.googleapis.com/ 569 B
416 B 105ms
35ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://floresevegetais.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 01 Sep 2024 02:01:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 01 Sep 2024 02:01:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 01 Sep 2024 02:01:21 GMT

GET
H2 200 css2
fonts.googleapis.com/ 631 B
808 B 104ms
34ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200

Requested by

Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4a5728b5ab77d561a5cd9a1f5e98caa5f3507b52a02cf241985c6126463c279e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://floresevegetais.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 01 Sep 2024 02:01:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 01 Sep 2024 02:01:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 01 Sep 2024 02:01:21 GMT

GET
H2 200 style.css
floresevegetais.com.br/z/ 4 KB
1 KB 144ms
143ms Stylesheet
text/css 162.241.62.115
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://floresevegetais.com.br/z/style.css
Requested by: Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.62.115 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-62-115.unifiedlayer.com
Software: Apache /
Resource Hash: 4332f777ddb5a29e0c789417572f2f3414053843a477ceea703fc4f14c50121d

Request headers

Referer: https://floresevegetais.com.br/z/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 02:01:21 GMT
content-encoding: gzip
last-modified: Tue, 13 Aug 2024 08:40:42 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1372

GET
H2 200 responsive.css
floresevegetais.com.br/z/ 2 KB
374 B 144ms
143ms Stylesheet
text/css 162.241.62.115
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://floresevegetais.com.br/z/responsive.css
Requested by: Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.62.115 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-62-115.unifiedlayer.com
Software: Apache /
Resource Hash: 6e95868f238c4b71e47414db80bed9d327906f5be9f992c32ec7cb9c329256b9

Request headers

Referer: https://floresevegetais.com.br/z/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 02:01:21 GMT
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 21:18:52 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 284

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
968 B 92ms
37ms Script
text/javascript 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/login

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

ESF /

Resource Hash

72394445138f7540e9166b11781d667b32b780d09bc583b0c9ad2534a1ec843b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://floresevegetais.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 02:01:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
expires: Sun, 01 Sep 2024 02:01:21 GMT

GET
H2 200 wordmark-white.svg
floresevegetais.com.br/z/assets/images/ 1 KB
1 KB 147ms
147ms Image
image/svg+xml 162.241.62.115
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://floresevegetais.com.br/z/assets/images/wordmark-white.svg
Requested by: Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.62.115 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-62-115.unifiedlayer.com
Software: Apache /
Resource Hash: d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0

Request headers

Referer: https://floresevegetais.com.br/z/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 02:01:21 GMT
last-modified: Sat, 29 Apr 2023 15:29:02 GMT
server: Apache
accept-ranges: bytes
content-length: 1409
content-type: image/svg+xml

GET
H2 200 recaptcha__it.js Show response
www.gstatic.com/recaptcha/releases/WV-mUKO4xoWKy9M4ZzRyNrP_/ 538 KB
214 KB 123ms
37ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/WV-mUKO4xoWKy9M4ZzRyNrP_/recaptcha__it.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f95cfe3c66355a31d9531e46c37e385d2672064ebc6d874883387ad908ce6c1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://floresevegetais.com.br/
Origin: https://floresevegetais.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 30 Aug 2024 20:34:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106000
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 217989
x-xss-protection: 0
last-modified: Mon, 26 Aug 2024 04:00:28 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 30 Aug 2025 20:34:41 GMT

GET
H2 200 background.desktop.day.1.jpeg
floresevegetais.com.br/z/assets/images/ 299 KB
299 KB 272ms
272ms Image
image/jpeg 162.241.62.115
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://floresevegetais.com.br/z/assets/images/background.desktop.day.1.jpeg
Requested by: Host: floresevegetais.com.br
URL: https://floresevegetais.com.br/z/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.62.115 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-62-115.unifiedlayer.com
Software: Apache /
Resource Hash: 01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085

Request headers

Referer: https://floresevegetais.com.br/z/style.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 02:01:21 GMT
last-modified: Sat, 29 Apr 2023 15:29:02 GMT
server: Apache
accept-ranges: bytes
content-length: 306152
content-type: image/jpeg

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 18 KB
19 KB 127ms
38ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://floresevegetais.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 31 Aug 2024 08:35:27 GMT
x-content-type-options: nosniff
age: 62754
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18668
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 31 Aug 2025 08:35:27 GMT

GET
H3 200 bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/fonts/ 118 KB
119 KB 51ms
28ms Font
font/woff2 104.18.186.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/fonts/bootstrap-icons.woff2?1fa40e8900654d2863d011707b9fb6f2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.186.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfe45b981d1b91b173361a34cfce5f60893dbd1ac4af2c3ac11fc17552c5401f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css
Origin: https://floresevegetais.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 02:01:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10154676
x-jsd-version: 1.10.5
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 121340
x-served-by: cache-fra-etou8220051-FRA, cache-lga21968-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"1d9fc-TA788dzMcpXvwm+r6B/+jyjVlKM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4w%2F99u4HiF4eYS3zJFdSv7fDeuN7nZNwPYnAeMoHlVDuspHTEfdRJtoBwWYckcU8bTkVj8CBtrZP9lOTT578nmJXOlYB6fzrEth%2FRv%2BFiJ7o8dlPVrXGIFbm9wPEFyvpNew%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8bc1ac031db0523a-MXP

GET
H2 200 chasefavicon.ico
floresevegetais.com.br/z/assets/images/ 31 KB
31 KB 144ms
143ms Other
image/x-icon 162.241.62.115
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://floresevegetais.com.br/z/assets/images/chasefavicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.62.115 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-62-115.unifiedlayer.com
Software: Apache /
Resource Hash: 625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9

Request headers

Referer: https://floresevegetais.com.br/z/login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 01 Sep 2024 02:01:21 GMT
last-modified: Sat, 29 Apr 2023 15:29:02 GMT
server: Apache
content-type: image/x-icon
cache-control: max-age=604800
accept-ranges: bytes
content-length: 32038
expires: Sun, 08 Sep 2024 02:01:21 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://floresevegetais.com.br/z/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
chasrdr.online
floresevegetais.com.br
fonts.googleapis.com
fonts.gstatic.com
www.google.com
www.gstatic.com
104.18.186.31
142.250.185.68
162.241.62.115
162.255.119.78
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::200a
2a00:1450:4001:830::2003
2a04:4e42:200::485
01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085
12eebba255ce6f856459cab6b183b507be0417a322f46faf7dd71b3c4b0eec27
13a51a1a58a080ee0a4a7306f53d52c4145219b9d2b5ec3601b92a159976b13f
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
4332f777ddb5a29e0c789417572f2f3414053843a477ceea703fc4f14c50121d
4a5728b5ab77d561a5cd9a1f5e98caa5f3507b52a02cf241985c6126463c279e
625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9
6e95868f238c4b71e47414db80bed9d327906f5be9f992c32ec7cb9c329256b9
72394445138f7540e9166b11781d667b32b780d09bc583b0c9ad2534a1ec843b
cfe45b981d1b91b173361a34cfce5f60893dbd1ac4af2c3ac11fc17552c5401f
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
d8824f7067cdfea38afec7e9ffaf072125266824206d69ef1f112d72153a505e
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
f95cfe3c66355a31d9531e46c37e385d2672064ebc6d874883387ad908ce6c1b

floresevegetais.com.br Open in urlscan Pro 162.241.62.115 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

50 %IPv6

6 Domains

7 Subdomains

7 IPs

3 Countries

703 kBTransfer

1116 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

floresevegetais.com.br Open in urlscan Pro
162.241.62.115 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

703 kB
Transfer

1116 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!