urlscan.io logo urlscan.io
SecurityTrails logo

charmcitygaming.com Open in urlscan Pro
69.49.247.204  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://charmcitygaming.com/oreoo/
Submission: On April 07 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 10 domains to perform 19 HTTP transactions. The main IP is 69.49.247.204, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is charmcitygaming.com.
TLS certificate: Issued by R3 on April 7th 2022. Valid for: 3 months.
This is the only time charmcitygaming.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 69.49.247.204 46606 (UNIFIEDLA...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 8 66.179.179.70 7381 (SRS-6-Z-7381)
1 192.124.249.52 30148 (SUCURI-SEC)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
19 11
1    69.49.247.204 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 69-49-247-204.unifiedlayer.com
charmcitygaming.com
1    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
8    66.179.179.70 (Woodburn, United States)

ASN7381 (SRS-6-Z-7381, US)
primewestcorp.estatusconnect.com
1    192.124.249.52 (Menifee, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10052.sucuri.net
www.stratospherenetworks.com
2    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
8 estatusconnect.com
primewestcorp.estatusconnect.com
1 MB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
1 gstatic.com
fonts.gstatic.com
31 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 95
441 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238
4 KB
1 stratospherenetworks.com
www.stratospherenetworks.com
16 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 682
7 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
1 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
38 KB
1 charmcitygaming.com
charmcitygaming.com
19 KB
19 10
Domain Requested by
8 primewestcorp.estatusconnect.com 2 redirects charmcitygaming.com
primewestcorp.estatusconnect.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 fonts.gstatic.com fonts.googleapis.com
1 stats.g.doubleclick.net www.google-analytics.com
1 cdnjs.cloudflare.com charmcitygaming.com
1 www.stratospherenetworks.com charmcitygaming.com
1 maxcdn.bootstrapcdn.com charmcitygaming.com
1 fonts.googleapis.com charmcitygaming.com
1 www.googletagmanager.com charmcitygaming.com
1 charmcitygaming.com
19 10

This site contains no links.

Subject Issuer Validity Valid
webdisk.charmcitygaming.com
R3		 2022-04-07 -
2022-07-06		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
*.estatusconnect.com
Thawte RSA CA 2018		 2022-03-23 -
2023-04-02		 a year crt.sh
stratospherenetworks.com
Starfield Secure Certificate Authority - G2		 2021-11-17 -
2022-12-17		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://charmcitygaming.com/oreoo/
Frame ID: 14BCBF5B00C76252EAA8CF78F9B5187E
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login®

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

79 %
HTTPS

70 %
IPv6

10
Domains

10
Subdomains

11
IPs

3
Countries

1275 kB
Transfer

1387 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://primewestcorp.estatusconnect.com/FicsImages/FICSBackgroundV1.jpg HTTP 302
  • https://primewestcorp.estatusconnect.com/Cookies/Index?refData=D5991FB575B02DEA0BCE4232B7AE4180482AAF0CAD014B0CD21A71A09BECAC10154215F91749CF78E44E9071AB36970A HTTP 302
  • https://primewestcorp.estatusconnect.com/FicsImages/FICSBackgroundV1.jpg

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
charmcitygaming.com/oreoo/ 		19 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://charmcitygaming.com/oreoo/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.49.247.204 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
69-49-247-204.unifiedlayer.com
Software
Apache /
Resource Hash
42631457f09874a2c86060258c4f9d7503908378420df906a562d9a23171f74c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
19435
Content-Type
text/html
Date
Thu, 07 Apr 2022 17:33:34 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Thu, 07 Apr 2022 16:01:07 GMT
Server
Apache
js
www.googletagmanager.com/gtag/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-613827-14
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
78deaf783d6f1f6389f1020731fb8f74dd1fa8b85011df7b7316d2273d57926f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38088
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 16:27:48 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 07 Apr 2022 17:33:35 GMT
css
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400,700,200
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e454dfdb7ccf904670365f1628a22e172d02726e6070c839ab8360df61c3ad49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 17:11:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 07 Apr 2022 17:33:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 07 Apr 2022 17:33:35 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/latest/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/latest/css/font-awesome.min.css
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
565, 617, 617
age
3293769
cdn-cachedat
2021-06-08 02:11:52
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:56 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
6432a5574aa6c650a7c9ddaeec386e53
cf-ray
6f84825628829143-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
R6KS1aNe4Vi8sVnoGg8W8EEEplIRpbv_JKOyjJGbnK41.css
primewestcorp.estatusconnect.com/UserLoginBundles/ 		540 KB
541 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://primewestcorp.estatusconnect.com/UserLoginBundles/R6KS1aNe4Vi8sVnoGg8W8EEEplIRpbv_JKOyjJGbnK41.css?fics=3.10.10823.2
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.179.179.70 Woodburn, United States, ASN7381 (SRS-6-Z-7381, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
09224c5325207196869f714102ca19f7c50a85128d71186e53b7650a34dc1538

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
etag
"97b61bb66c99d71:0"
last-modified
Wed, 25 Aug 2021 04:50:22 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
text/css
cache-control
public
accept-ranges
bytes
content-length
552496
expires
Wed, 06 Jul 2022 17:33:35 GMT
custom.css
primewestcorp.estatusconnect.com/customCSS/192549/ 		14 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://primewestcorp.estatusconnect.com/customCSS/192549/custom.css?fics=01011900000000
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.179.179.70 Woodburn, United States, ASN7381 (SRS-6-Z-7381, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b25d7304e6da9e4931e411da014872aaa7e5336bcdee8d7125af0e80f9da99a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
etag
"5a5f2ed5073d71:0"
last-modified
Wed, 07 Jul 2021 16:49:28 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
text/css
cache-control
public
accept-ranges
bytes
content-length
13843
expires
Wed, 06 Jul 2022 17:33:35 GMT
office365-logo.png
www.stratospherenetworks.com/blog/wp-content/uploads/2018/08/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.stratospherenetworks.com/blog/wp-content/uploads/2018/08/office365-logo.png
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.52 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10052.sucuri.net
Software
nginx /
Resource Hash
cc1e0a87136da48d3ffa0aa6a1edafe770623a3d82964be0beebfedddbe9f8d5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
x-content-type-options
nosniff
last-modified
Tue, 28 Aug 2018 16:01:12 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
x-sucuri-cache
HIT
cache-control
max-age=315360000
x-sucuri-id
19002
content-security-policy
upgrade-insecure-requests;
accept-ranges
bytes
vary
Accept-Encoding
content-length
15736
x-xss-protection
1; mode=block
expires
Thu, 31 Dec 2037 23:55:55 GMT
21402_logo.png
primewestcorp.estatusconnect.com/CustomerImages/logo/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://primewestcorp.estatusconnect.com/CustomerImages/logo/21402_logo.png
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.179.179.70 Woodburn, United States, ASN7381 (SRS-6-Z-7381, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
0bfec40f53efd4eade77d60c5893a122130657608054437593bffd58879b29fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/png
cache-control
public
accept-ranges
bytes
content-length
9446
expires
Fri, 08 Apr 2022 12:46:22 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-613827-14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
5329
date
Thu, 07 Apr 2022 16:04:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 07 Apr 2022 18:04:46 GMT
router.min.js
primewestcorp.estatusconnect.com/routejs.axd/34923507715fcc8a0e805828cd1e3954a68975b1/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://primewestcorp.estatusconnect.com/routejs.axd/34923507715fcc8a0e805828cd1e3954a68975b1/router.min.js
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.179.179.70 Woodburn, United States, ASN7381 (SRS-6-Z-7381, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
cddd87f12ba3d9d91e7f0650bdd0b5b9750041b1152fe4006406caa61f0866ed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
etag
0a80686bf12a0c4403c1f172a077e9500714799d
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
vary
*
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=31508873
content-length
3779
expires
Fri, 08 Apr 2022 10:01:28 GMT
ZtJxTi23KZbUF1skBjYVQkd6li_zupLhDvoSt4uTr3A1.js
primewestcorp.estatusconnect.com/UserBundles/ 		455 KB
456 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://primewestcorp.estatusconnect.com/UserBundles/ZtJxTi23KZbUF1skBjYVQkd6li_zupLhDvoSt4uTr3A1.js?fics=3.10.10823.2
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.179.179.70 Woodburn, United States, ASN7381 (SRS-6-Z-7381, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e7d66465fd02ee30e7a88c9ba3be9cc686a658d8176079ceccdfabd71bd67b34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
etag
"2490bab76c99d71:0"
last-modified
Wed, 25 Aug 2021 04:50:24 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
application/javascript
cache-control
public
accept-ranges
bytes
content-length
465839
expires
Wed, 06 Jul 2022 17:33:35 GMT
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4399113
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3074
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-2087"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aQG6%2BEHyF3GOIk1pWHHZtAZHbhDjPUiIG1zohxcfp5arJR%2BWObU4QiwWl3kSN8mwM7HDeyjt9GLKIiqbnh7nW%2FHr4nFDpxKknX6zJg0xQZwOreeB8BffxH3pedRUXeBembkx8ilDkjyeliM37e8FvxcS"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6f848256ea9a9280-FRA
expires
Tue, 28 Mar 2023 17:33:35 GMT
collect
www.google-analytics.com/j/ 		2 B
209 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=282178318&t=pageview&_s=1&dl=https%3A%2F%2Fcharmcitygaming.com%2Foreoo%2F&ul=en-us&de=UTF-8&dt=Login%C2%AE&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=424762694&gjid=904863352&cid=908576071.1649352815&tid=UA-613827-14&_gid=570327193.1649352815&_r=1&gtm=2ou3u0&z=1603088301
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://charmcitygaming.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 07 Apr 2022 17:33:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://charmcitygaming.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-613827-14&cid=908576071.1649352815&jid=424762694&gjid=904863352&_gid=570327193.1649352815&_u=YEBAAUAAAAAAAC~&z=1685264529
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://charmcitygaming.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 07 Apr 2022 17:33:35 GMT
content-type
text/plain
access-control-allow-origin
https://charmcitygaming.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700,200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://charmcitygaming.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 11:55:47 GMT
x-content-type-options
nosniff
age
193069
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30876
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:11:59 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 05 Apr 2023 11:55:47 GMT
nucleo-icons.woff2
primewestcorp.estatusconnect.com/fonts/ 		0
0
FICSBackgroundV1.jpg
primewestcorp.estatusconnect.com/FicsImages/
Redirect Chain
  • https://primewestcorp.estatusconnect.com/FicsImages/FICSBackgroundV1.jpg
  • https://primewestcorp.estatusconnect.com/Cookies/Index?refData=D5991FB575B02DEA0BCE4232B7AE4180482AAF0CAD014B0CD21A71A09BECAC10154215F91749CF78E44E9071AB36970A
  • https://primewestcorp.estatusconnect.com/FicsImages/FICSBackgroundV1.jpg
114 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://primewestcorp.estatusconnect.com/FicsImages/FICSBackgroundV1.jpg
Requested by
Host: charmcitygaming.com
URL: https://charmcitygaming.com/oreoo/
Protocol
H2
Server
66.179.179.70 Woodburn, United States, ASN7381 (SRS-6-Z-7381, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b100b0405774e07aa3de8079df89ccc455ca66f7887da57c1516c565e5d07411

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://charmcitygaming.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 17:33:36 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/jpeg
cache-control
public
accept-ranges
bytes
content-length
116915
expires
Fri, 08 Apr 2022 10:01:34 GMT

Redirect headers

pragma
no-cache
date
Thu, 07 Apr 2022 17:33:36 GMT
x-aspnetmvc-version
5.2
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html; charset=utf-8
location
/FicsImages/FICSBackgroundV1.jpg
cache-control
no-cache, no-store, must-revalidate
expires
-1
nucleo-icons.woff
primewestcorp.estatusconnect.com/fonts/ 		0
0
nucleo-icons.ttf
primewestcorp.estatusconnect.com/fonts/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
primewestcorp.estatusconnect.com
URL
https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.woff2
Domain
primewestcorp.estatusconnect.com
URL
https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.woff
Domain
primewestcorp.estatusconnect.com
URL
https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| RouteJs object| Router string| isError string| message number| pageTimer object| displayCrossSelling function| debounce function| hasScrolled function| displayBusyIndicator function| hideBusyIndicator function| focusTrap function| getToastrModal function| closeSwalModal function| getLoanItems function| getCrossSelling function| getPaymentWarningModal function| scrollToDownload function| changeLoan function| changeInvestorSelect function| changeInvestorLoan function| countdownForLogout function| getLoanData function| FICSHtmlEncode function| getLoanMessage function| countdownForTimeout function| loadTimeoutMessage function| resetTimer function| closeMessageModal function| printCWA object| $jscomp number| countdown undefined| navbar_initialized object| big_image boolean| transparent boolean| transparentDemo boolean| fixedTop boolean| backgroundOrange boolean| toggle_initialized undefined| didScroll number| searchVisible number| lastScrollTop number| delta number| navbarHeight function| $ function| jQuery function| Popper object| bootstrap function| Sweetalert2 function| swal function| sweetAlert object| noUiSlider function| moment object| pk object| demo object| toastr function| register function| clickWrap function| clearError function| create function| createFinish function| resetCreate function| contactUs function| forgotPassword function| forgotPasswordStart function| forgotUserNameBegin function| captchaBegin function| captchaComplete function| clickWrapBegin function| clickWrapComplete function| createAccountBegin function| createAccountPostBegin function| createAccountPostComplete function| forgotComplete function| forgotUsername function| forgotUsernameComplete function| LoadImage number| window_width object| headerNavigationItems object| $page

5 Cookies

Domain/Path Name / Value
.charmcitygaming.com/ Name: _ga
Value: GA1.2.908576071.1649352815
.charmcitygaming.com/ Name: _gid
Value: GA1.2.570327193.1649352815
.charmcitygaming.com/ Name: _gat_gtag_UA_613827_14
Value: 1
primewestcorp.estatusconnect.com/ Name: X-Mapping-kbjeghcp
Value: EA3260E407D9BAC5BD9F02C175CD39B6
primewestcorp.estatusconnect.com/ Name: CookieCheck
Value: Detected

6 Console Messages

Source Level URL
Text
javascript error URL: https://charmcitygaming.com/oreoo/
Message:
Access to font at 'https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.woff2' from origin 'https://charmcitygaming.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://charmcitygaming.com/oreoo/
Message:
Access to font at 'https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.woff' from origin 'https://charmcitygaming.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://charmcitygaming.com/oreoo/
Message:
Access to font at 'https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.ttf' from origin 'https://charmcitygaming.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://primewestcorp.estatusconnect.com/fonts/nucleo-icons.ttf
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
charmcitygaming.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
primewestcorp.estatusconnect.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
www.stratospherenetworks.com
primewestcorp.estatusconnect.com
192.124.249.52
2606:4700::6811:190e
2606:4700::6812:acf
2a00:1450:4001:812::2008
2a00:1450:4001:828::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82f::200a
2a00:1450:400c:c06::9d
66.179.179.70
69.49.247.204
09224c5325207196869f714102ca19f7c50a85128d71186e53b7650a34dc1538
0bfec40f53efd4eade77d60c5893a122130657608054437593bffd58879b29fd
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
42631457f09874a2c86060258c4f9d7503908378420df906a562d9a23171f74c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
78deaf783d6f1f6389f1020731fb8f74dd1fa8b85011df7b7316d2273d57926f
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b100b0405774e07aa3de8079df89ccc455ca66f7887da57c1516c565e5d07411
b25d7304e6da9e4931e411da014872aaa7e5336bcdee8d7125af0e80f9da99a2
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
cc1e0a87136da48d3ffa0aa6a1edafe770623a3d82964be0beebfedddbe9f8d5
cddd87f12ba3d9d91e7f0650bdd0b5b9750041b1152fe4006406caa61f0866ed
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e454dfdb7ccf904670365f1628a22e172d02726e6070c839ab8360df61c3ad49
e7d66465fd02ee30e7a88c9ba3be9cc686a658d8176079ceccdfabd71bd67b34