novaverarealestate.com
Open in
urlscan Pro
50.116.94.51
Malicious Activity!
Public Scan
Effective URL: https://novaverarealestate.com/info/yf6np2ru1ra89tb3pfzqaz8k.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1...
Submission: On March 27 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 31st 2020. Valid for: 3 months.
This is the only time novaverarealestate.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 6 | 50.116.94.51 50.116.94.51 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
6 | 217.69.139.101 217.69.139.101 | 47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru) | |
1 | 2a00:1148:db0... 2a00:1148:db00::17 | 47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru) | |
9 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: flex4logistics.com
officialtempo.com | |
novaverarealestate.com |
ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: img.imgsmail.ru
img.imgsmail.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
imgsmail.ru
img.imgsmail.ru |
70 KB |
4 |
novaverarealestate.com
2 redirects
novaverarealestate.com |
20 KB |
2 |
officialtempo.com
2 redirects
officialtempo.com |
329 B |
1 |
mail.ru
rs.mail.ru |
428 B |
9 | 4 |
Domain | Requested by | |
---|---|---|
6 | img.imgsmail.ru |
novaverarealestate.com
|
4 | novaverarealestate.com |
2 redirects
novaverarealestate.com
|
2 | officialtempo.com | 2 redirects |
1 | rs.mail.ru |
novaverarealestate.com
|
9 | 4 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
novaverarealestate.com Let's Encrypt Authority X3 |
2020-01-31 - 2020-04-30 |
3 months | crt.sh |
*.imgsmail.ru GeoTrust RSA CA 2018 |
2019-07-10 - 2021-08-08 |
2 years | crt.sh |
*.mail.ru GlobalSign Organization Validation CA - SHA256 - G2 |
2019-01-18 - 2021-01-18 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://novaverarealestate.com/info/yf6np2ru1ra89tb3pfzqaz8k.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&HDggiinsdUDu73kdhdi=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: BD5A4FE86C80DF7FB5C0CF4FD1969AFE
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://officialtempo.com/info
HTTP 301
https://officialtempo.com/info/ HTTP 302
https://novaverarealestate.com/info?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13I... HTTP 301
https://novaverarealestate.com/info/?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13... HTTP 302
https://novaverarealestate.com/info/yf6np2ru1ra89tb3pfzqaz8k.php?rand=13InboxLightaspxn.1774256418&fid.4.12... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
BEM (JavaScript Frameworks) Expand
Detected patterns
- html /<[^>]+data-bem/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://officialtempo.com/info
HTTP 301
https://officialtempo.com/info/ HTTP 302
https://novaverarealestate.com/info?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&HDggiinsdUDu73kdhdi=&.rand=13InboxLight.aspx?n=1774256418&fid=4 HTTP 301
https://novaverarealestate.com/info/?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&HDggiinsdUDu73kdhdi=&.rand=13InboxLight.aspx?n=1774256418&fid=4 HTTP 302
https://novaverarealestate.com/info/yf6np2ru1ra89tb3pfzqaz8k.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&HDggiinsdUDu73kdhdi=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
yf6np2ru1ra89tb3pfzqaz8k.php
novaverarealestate.com/info/ Redirect Chain
|
16 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.css
img.imgsmail.ru/login/1521796407/css/ |
223 KB 60 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo2x.png
img.imgsmail.ru/login/1521796407/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d22345996.gif
rs.mail.ru/ |
43 B 428 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yf6np2ru1ra89tb3pfzqaz8k.php
novaverarealestate.com/info/ |
16 KB 16 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mail.ru.png
img.imgsmail.ru/r/account/mail/email-providers/ |
743 B 957 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yandex.ru.png
img.imgsmail.ru/r/account/mail/email-providers/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google.com.png
img.imgsmail.ru/r/account/mail/email-providers/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo.com.png
img.imgsmail.ru/r/account/mail/email-providers/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
27 KB 27 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
img.imgsmail.ru
novaverarealestate.com
officialtempo.com
rs.mail.ru
217.69.139.101
2a00:1148:db00::17
50.116.94.51
0e866b8d64654b9052cfa5670b91a247e4679116180781488a7a532675502988
166545b8868c29cc5fba8c9140abe3249b2ef4ad3ef182ee49e23c8ee5173e77
9d96acaf0704083c097028692a1636c2f81af1c4b7b30284d309ed500afe275a
a1013e730e5c0cac8b78b4a41de150e11d9767ee01f369740243f41bf55365d2
bc265b5c52350d03cce1f1f93245c9d869f0b7606eaa928fcf679e1d551ccd52
bdd136679982bb5b568a65fc5bc8e57f1f5de35ba49ad571a1f6a9c90d4cef31
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e0cd2fd2c89df609c3f88d55bc3cfd4d24678712eed3df229c117ad2dd7b0575
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebd109c9dc20771ccc839cc319992b911f5e96c1add52a22c9f8b803c8b11273