chase.bank-com.xyz Open in urlscan Pro
172.67.212.217 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://chase.bank-com.xyz/
Effective URL:
https://chase.bank-com.xyz/Signin.php
Submission: On June 26 via automatic, source certstream-suspicious (June 26th 2024, 9:46:21 am UTC) — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 172.67.212.217, located in United States and belongs to CLOUDFLARENET, US. The main domain is chase.bank-com.xyz.
TLS certificate: Issued by WE1 on June 26th 2024. Valid for: 3 months.

This is the only time chase.bank-com.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 12	172.67.212.217 172.67.212.217		13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	1

12 172.67.212.217 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

chase.bank-com.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	bank-com.xyz 1 redirects chase.bank-com.xyz	500 KB
11	1

	Domain	Requested by
12	chase.bank-com.xyz	1 redirects chase.bank-com.xyz
11	1

This site contains no links.

Subject Issuer	Validity	Valid
bank-com.xyz WE1	`2024-06-26` - `2024-09-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://chase.bank-com.xyz/Signin.php
Frame ID: 537946A7619EA812BC2ED3AB33673D50
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chase Online

Page URL History Show full URLs

https://chase.bank-com.xyz/ HTTP 302
https://chase.bank-com.xyz/Signin.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

499 kB
Transfer

1150 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://chase.bank-com.xyz/ HTTP 302
https://chase.bank-com.xyz/Signin.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request Signin.php Show response chase.bank-com.xyz/ Redirect Chain https://chase.bank-com.xyz/ https://chase.bank-com.xyz/Signin.php	16 KB 4 KB	187ms 186ms	Document text/html	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/Signin.php Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f6fe62b14142bfdc891aee08042f256bcff25fecdcf2067d6db0c002cd2cb6a5` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 899c44d74ef39180-FRA content-encoding br content-type text/html; charset=UTF-8 date Wed, 26 Jun 2024 09:46:13 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h5x9F8j%2B%2B1Zx0dTRAggKR1NlY7HjlCAMZX9Wn075DGs6IHwZbt9WrkSHCMraj9N81viuXP1eQSg97ND9DEgP8HzEQUxzz8w4tqIr%2FnjIckV1JMtaZ6HMruS1PRZgCckx2QHSoF0%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 899c44d52cca9180-FRA content-type text/html; charset=UTF-8 date Wed, 26 Jun 2024 09:46:12 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location Signin.php nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AwhtD68yKTSYgxiseXyd1paCDDFinq9PzAGnHiEOqkOM1bV8EdQWdMBwKHtKGhpUMxy%2BtIqgNGaW%2BagIiIQa5r6Jm7tNWmy5upj4X0rBLWzgXiwJVKBhEUH5SjZriR49OK%2FCJc0%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	blue-ui.css chase.bank-com.xyz/style/css/	493 KB 59 KB	631ms 630ms	Stylesheet text/css	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/style/css/blue-ui.css Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/Signin.php Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `580c90efe26580ec49d22036bd0d25bd26d2fff974c0af3f037cc82a15e46aeb` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/Signin.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:13 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Sep 2021 18:28:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"7b5fb-614f6a44-13b2de;br" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0yhWxDv%2BdyOVjXaEpPSnfd4KOLZy67Z%2FjkXhMXlfziH9LW3%2BtSBiPBHhA%2FQEKEMy%2BDDgRLq4UCGNrWk%2BiVwTkWqhR3LBSauVn%2FruDnwl1HX3VkO9xMzhP2smlb%2BaKleNegAxtF4%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 899c44d878349180-FRA alt-svc h3=":443"; ma=86400 expires Wed, 03 Jul 2024 09:46:13 GMT
GET H3	200	fonto.css chase.bank-com.xyz/style/css/	1 KB 767 B	325ms 324ms	Stylesheet text/css	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/style/css/fonto.css Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/Signin.php Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5a517beb619ad73d6d9569ffe52749a751a691219d5a3550c4cfd01ce6ddd57a` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/Signin.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:13 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Sep 2021 20:38:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"5a8-614f88ae-13b2e4;br" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I1zkphtkw1b5v7DraAgwZEd6qZuqJ0A33j9OoTHn9XNi9sJ0oZQ2TQSj8%2FWOIgKhPnPhkTeTRMRScxgfqsH5Ov%2Fg%2B6IE0ibRwb4iDyP%2BzU0zD4vnLY0VVrVD7ie9yDk7S%2F6Rl8Q%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 899c44d878369180-FRA alt-svc h3=":443"; ma=86400 expires Wed, 03 Jul 2024 09:46:13 GMT
GET H3	200	logon.css chase.bank-com.xyz/style/css/	177 KB 27 KB	470ms 469ms	Stylesheet text/css	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/style/css/logon.css Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/Signin.php Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4c2991816cbd382d7a0699c55c3fed48bc50aba2bd812e9f2e63d3bb8af4f533` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/Signin.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:13 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Sep 2021 20:03:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2c23c-614f8078-13b2e6;br" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LmWZFxwfY3zdWsRybsdaQeyUQD0mZO2sxwtgMFR%2BDCv%2F%2FZbKfYrbxNDSjElS%2BpXhfoQwc%2FkUoSEK%2F3VfPwWoJdZj5F%2BQtnvtYpW5rFQ%2Fm9npn9vG3U5MMbaroUr7x7FDOGFrgvc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 899c44d878379180-FRA alt-svc h3=":443"; ma=86400 expires Wed, 03 Jul 2024 09:46:13 GMT
GET H3	200	wordmark-white.svg chase.bank-com.xyz/style/img/	1 KB 1 KB	334ms 333ms	Image image/svg+xml	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://chase.bank-com.xyz/style/img/wordmark-white.svg Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/style/css/logon.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/style/css/logon.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:14 GMT content-encoding br cf-cache-status MISS last-modified Wed, 24 Mar 2021 12:15:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"581-605b2d6e-13b317;br" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D10etlzMlyVhFDH4T9pYXFiSoWCBTXaYQtSw0Dvi%2FB0BIIMR8N%2BM9kGEeFwHAb6a68ewXSvzQzm2qp%2F02NEiNbMFFW3%2BDFUwuJNzAVFHNAfsq7cunKAssiB2ohcRbi9%2FKvJJ2nU%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 cf-ray 899c44dcdce79180-FRA alt-svc h3=":443"; ma=86400 expires Wed, 03 Jul 2024 09:46:14 GMT
GET H3	200	background.desktop.day.4.jpeg chase.bank-com.xyz/style/img/	299 KB 300 KB	604ms 604ms	Image image/jpeg	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://chase.bank-com.xyz/style/img/background.desktop.day.4.jpeg Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/Signin.php Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/Signin.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:14 GMT cf-cache-status MISS last-modified Sun, 29 Aug 2021 06:43:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4abe8-612b2ca0-13b306;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L6ZmXGp%2F7Pg4NBDi8T9vGLeqb%2FyyuvL4t0PvDon99fXvTWnBzYNOuguidIhmdr1H3SXs%2FM8VJRpEgWgFhJJ7fwAIvLheoBrCVMyg9RzebrrsYgHo%2BvFY0RJmWjoOXP1JUO8Mv%2BM%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes cf-ray 899c44dcdce89180-FRA alt-svc h3=":443"; ma=86400 content-length 306152 expires Wed, 03 Jul 2024 09:46:14 GMT
GET H3	200	opensans-regular.woff chase.bank-com.xyz/style/css/	24 KB 25 KB	474ms 473ms	Font application/font-woff	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/style/css/opensans-regular.woff Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/style/css/fonto.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/style/css/fonto.css Origin https://chase.bank-com.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:14 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Sep 2021 16:41:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"612c-614f514a-13b2fa;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2u7o%2F%2FQ4LFHMWGiKhu2ID1Ls3HAyhrfqIM8uH8G%2FfRmDUaT3eEQUJ1s6s%2B2ibPKlsaIsN%2FgDnwxd%2B9FT7wi7DSeE1weWbXrtqNDkBUReDnoBM6F0eWx1vSWu%2BSRmfGtn%2FSqaeko%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 899c44dd2d549180-FRA alt-svc h3=":443"; ma=86400
GET H3	200	dcefont.woff chase.bank-com.xyz/style/css/	69 KB 41 KB	607ms 606ms	Font application/font-woff	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/style/css/dcefont.woff Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/style/css/blue-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/style/css/blue-ui.css Origin https://chase.bank-com.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:14 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Sep 2021 16:42:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"11298-614f515a-13b2e3;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tY8V1VE%2FtkaOafMqLBc2i9MvezEHmO%2BQA%2B1lQHo2rjr0nciqZ8u92AajVRqCk%2FgyNLkZbbycwLuf%2F6G7CWinayqbfPuM9DrrMRQYZ3U4HbLshfsd4iXhfEHTQ0laNoh5D9jbgM4%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 899c44dd2d569180-FRA alt-svc h3=":443"; ma=86400
GET H3	200	opensans-bold.woff chase.bank-com.xyz/style/css/	14 KB 14 KB	466ms 466ms	Font application/font-woff	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/style/css/opensans-bold.woff Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/style/css/fonto.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/style/css/fonto.css Origin https://chase.bank-com.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:14 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Sep 2021 16:42:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"38a8-614f5178-13b2ee;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BXqXG6R1hD1%2BUTmp6mveOA8obkgGV1Z%2BFZbErh%2F6i%2FgLYY8KPlINFUo3CopsO6IxfcWN97EMa%2FXXEzhD86j3tI3TI9%2BccpRdp6NbkNPRc6DPr1dd1B%2BWWtbXjGk1doXQ7nID7GM%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 899c44dd2d599180-FRA alt-svc h3=":443"; ma=86400
GET H3	200	opensans-semibold.woff chase.bank-com.xyz/style/css/	25 KB 25 KB	468ms 468ms	Font application/font-woff	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/style/css/opensans-semibold.woff Requested by Host: chase.bank-com.xyz URL: https://chase.bank-com.xyz/style/css/fonto.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/style/css/fonto.css Origin https://chase.bank-com.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:14 GMT content-encoding br cf-cache-status MISS last-modified Sat, 25 Sep 2021 16:42:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6214-614f516e-13b2fe;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vhAIxe0ekfrQHODFgLmEA428zmSemm7xOEDwoO89wcZdd8YsF%2BFrJxP%2B1FduEhgM%2F2923Yg1uVcQ6eQbKPTfBpqHpwncC3DgRvlnzCj5qDfn9Lz4bCpb7UIoSNMvMxdHn%2F4lhnA%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 899c44dd2d5a9180-FRA alt-svc h3=":443"; ma=86400
GET H3	200	chasefavicon.ico chase.bank-com.xyz/style/img/	31 KB 3 KB	193ms 193ms	Other image/x-icon	172.67.212.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chase.bank-com.xyz/style/img/chasefavicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.212.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://chase.bank-com.xyz/Signin.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 09:46:15 GMT content-encoding br cf-cache-status MISS last-modified Wed, 24 Mar 2021 12:15:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"7d26-605b2d6e-13b30b;br" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BueuwBjU2NTbGWG6yyHSl901EsbCljGv6R0xbRJgBxPDCqTG1mFgx984WYucGr4TihKGki09%2Bc5Z%2FZg2lPRBMWgBCsvrtXM51x6903wB6cQNoBAqEcIpQwRmDoZYToN6WVh7O%2Fc%3D"}],"group":"cf-nel","max_age":604800} content-type image/x-icon cache-control public, max-age=604800 cf-ray 899c44e3ac389180-FRA alt-svc h3=":443"; ma=86400 expires Wed, 03 Jul 2024 09:46:15 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			chase.bank-com.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: tn2qm6in2btbfn6adrcvst5o0g

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

chase.bank-com.xyz
172.67.212.217
01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085
0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532
4c2991816cbd382d7a0699c55c3fed48bc50aba2bd812e9f2e63d3bb8af4f533
580c90efe26580ec49d22036bd0d25bd26d2fff974c0af3f037cc82a15e46aeb
5a517beb619ad73d6d9569ffe52749a751a691219d5a3550c4cfd01ce6ddd57a
625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
f6fe62b14142bfdc891aee08042f256bcff25fecdcf2067d6db0c002cd2cb6a5

chase.bank-com.xyz Open in urlscan Pro 172.67.212.217 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

499 kBTransfer

1150 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

1 Cookies

Indicators

chase.bank-com.xyz Open in urlscan Pro
172.67.212.217 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

499 kB
Transfer

1150 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!