demo.primestonemedia.com Open in urlscan Pro
2606:4700:3035::6812:29c0 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ggg.html
Effective URL:
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
Submission: On September 23 via manual (September 23rd 2020, 6:12:59 pm UTC) from US

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3035::6812:29c0, located in United States and belongs to CLOUDFLARENET, US. The main domain is demo.primestonemedia.com.

This is the only time demo.primestonemedia.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	92.244.99.200 92.244.99.200	34056 (KIEVNET K...) (KIEVNET KievNet ISP AS)
1 9	2606:4700:303... 2606:4700:3035::6812:29c0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:4e6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	5

1 92.244.99.200 (Kyiv, Ukraine)

ASN34056 (KIEVNET KievNet ISP AS, UA)
PTR: 92-244-99-200.dls.gov.ua

www.dls.gov.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3035::6812:29c0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

demo.primestonemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:4e6b (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	primestonemedia.com 1 redirects demo.primestonemedia.com	917 KB
2	cloudflare.com cdnjs.cloudflare.com	10 KB
2	googleapis.com ajax.googleapis.com	63 KB
1	dls.gov.ua www.dls.gov.ua	488 B
16	4

	Domain	Requested by
9	demo.primestonemedia.com	1 redirects demo.primestonemedia.com
2	cdnjs.cloudflare.com	demo.primestonemedia.com
2	ajax.googleapis.com	demo.primestonemedia.com
1	www.dls.gov.ua
16	4

This site contains no links.

Subject Issuer	Validity	Valid
*.dls.gov.ua Sectigo RSA Domain Validation Secure Server CA	`2019-12-10` - `2021-12-09`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
cdnjs.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-12` - `2022-08-17`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
Frame ID: 3FE0905CA434B4F6544B4AB53804A8A7
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ggg.html Page URL
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/ HTTP 302
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso= Page URL

Detected technologies

Debian (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Debian/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

16
Requests

25 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

990 kB
Transfer

3458 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ggg.html Page URL
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/ HTTP 302
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js

Request Chain 14

http://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK ggg.html Show response
www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ 173 B
488 B 269ms
87ms Document
text/html 92.244.99.200
KIEVNET KievNet I...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ggg.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 92.244.99.200 Kyiv, Ukraine, ASN34056 (KIEVNET KievNet ISP AS, UA),
Reverse DNS: 92-244-99-200.dls.gov.ua
Software: Apache/2.4.25 (Debian) /
Resource Hash: 8b623ac8a8eab70c6a2c7c45beaed87151886702d9e9fe86090e3c2c8e0a7974

Request headers

Host: www.dls.gov.ua
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 18:12:43 GMT
Server: Apache/2.4.25 (Debian)
Last-Modified: Wed, 23 Sep 2020 12:40:18 GMT
ETag: "ad-5affa62cf7080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 152
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request login.php Show response
demo.primestonemedia.com/wp-content/mu-plugins/chase/
Redirect Chain

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

21 KB
4 KB

2601ms
2600ms

Document
text/html

2606:4700:3035::6812:29c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

HTTP/1.1

Server

2606:4700:3035::6812:29c0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbaab50301e1ec80b44ae9ff2ff2376ec3c94bce9c48768b9bac488d97dd45e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: demo.primestonemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: __cfduid=d44a5eca8bcc44cc9c25ca4a1f9a4fbf51600884764; PHPSESSID=9ee06c03ceccbb614ba3128b7d358d1d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ggg.html

Response headers

Date: Wed, 23 Sep 2020 18:12:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
X-Endurance-Cache-Level: 2
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
cf-request-id: 055dc418660000d6d19eae9200000001
Server: cloudflare
CF-RAY: 5d763c6d78b0d6d1-FRA
Content-Encoding: gzip

Redirect headers

Date: Wed, 23 Sep 2020 18:12:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d44a5eca8bcc44cc9c25ca4a1f9a4fbf51600884764; expires=Fri, 23-Oct-20 18:12:44 GMT; path=/; domain=.primestonemedia.com; HttpOnly; SameSite=Lax PHPSESSID=9ee06c03ceccbb614ba3128b7d358d1d; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?chase_id=48484848484&country=&iso=
X-Endurance-Cache-Level: 2
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
cf-request-id: 055dc405900000d6d19e9b1200000001
Server: cloudflare
CF-RAY: 5d763c4f4bbad6d1-FRA

GET
H/1.1 200
OK logon.css
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ 111 KB
25 KB 22ms
19ms Stylesheet
text/css 2606:4700:3035::6812:29c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/logon.css

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

HTTP/1.1

Server

2606:4700:3035::6812:29c0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f40ea87a66d48750ed0fd7c032e7139ba42096059bd466c2a08ec607c371ed2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 18:12:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 14847
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 055dc422a00000d6d19eb7f200000001
Last-Modified: Mon, 02 Sep 2019 22:50:44 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Endurance-Cache-Level: 2
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2592000
CF-RAY: 5d763c7dcc92d6d1-FRA
Expires: Fri, 23 Oct 2020 14:05:23 GMT

GET
H/1.1 200
OK blue-ui2.css
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ 481 KB
96 KB 28ms
20ms Stylesheet
text/css 2606:4700:3035::6812:29c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/blue-ui2.css

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

HTTP/1.1

Server

2606:4700:3035::6812:29c0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7040377762ae7d1cee43a7b3049efd717fa1c27b04875c5b180496589823b64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 18:12:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 14847
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 055dc422a500002bce93145200000001
Last-Modified: Mon, 02 Sep 2019 22:37:24 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Endurance-Cache-Level: 2
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2592000
CF-RAY: 5d763c7dd86e2bce-FRA
Expires: Fri, 23 Oct 2020 14:05:23 GMT

GET
H/1.1 200
OK dashboard.css
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ 2 MB
358 KB 735ms
728ms Stylesheet
text/css 2606:4700:3035::6812:29c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/dashboard.css

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

HTTP/1.1

Server

2606:4700:3035::6812:29c0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfc6ec791eba3e3aa7d36d1c20091f616eba89934ed52b526e1edf1299b0fff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 18:12:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 055dc422a5000064d98f832200000001
Last-Modified: Mon, 02 Sep 2019 21:59:02 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Endurance-Cache-Level: 2
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2592000
CF-RAY: 5d763c7ddfd264d9-FRA
Expires: Fri, 23 Oct 2020 18:12:51 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
30 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 12:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20530
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Sep 2021 12:30:41 GMT

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 91 KB
33 KB 13ms
6ms Script
text/javascript 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

HTTP/1.1

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 17:17:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Age: 3326
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 32954
X-XSS-Protection: 0
Expires: Thu, 23 Sep 2021 17:17:25 GMT

GET
H2

200

jquery.form-validator.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js

29 KB
9 KB

21ms
21ms

Script
application/javascript

2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1264020dbe3f8813dceb1e15a7d5f4a48f2142e413cb310e7a256f4999d949a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 18:12:51 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":31536000,"success_fraction":0.01,"include_subdomains":true,"response_headers":["cf-ray"]}
age: 1194101
cf-ray: 5d763c7dcb020621-FRA
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 055dc422a000000621b817f200000001
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
etag: W/"5eb03ec2-72c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
report-to: {"group":"cf-nel","max_age":31536000,"endpoints":[{"url":"https://gcp.nel.cloudflare.com/report?lkg-colo=fra&lkg-time=1600884771&lkg-ip=2a01:4f8:192:5414::2","weight":10}],"include_subdomains":true}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
timing-allow-origin: *
expires: Mon, 13 Sep 2021 18:12:51 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK blue-ui.css
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ 418 KB
82 KB 615ms
615ms Stylesheet
text/css 2606:4700:3035::6812:29c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/blue-ui.css

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/dashboard.css

Protocol

HTTP/1.1

Server

2606:4700:3035::6812:29c0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f81bcbda5218bdf462b2d17c817594735b27dbc73a6073e7f3f07ec2a4c0e79b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/dashboard.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 18:12:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 055dc42761000064d98f86b200000001
Last-Modified: Mon, 02 Sep 2019 22:02:08 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Endurance-Cache-Level: 2
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2592000
CF-RAY: 5d763c856b3b64d9-FRA
Expires: Fri, 23 Oct 2020 18:12:52 GMT

GET wordmark-white.svg
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/ 0
0

GET
H/1.1 200
OK background.desktop.day.9.jpeg
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/ 311 KB
312 KB 16ms
15ms Image
image/jpeg 2606:4700:3035::6812:29c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/background.desktop.day.9.jpeg

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

HTTP/1.1

Server

2606:4700:3035::6812:29c0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34a11532f5c4dd44c2848510ec6ee5f4f4d1fd645d769f37c6eec719afad0df7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 18:12:53 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 14846
Connection: keep-alive
Content-Length: 318366
cf-request-id: 055dc42a8d00002bce93280200000001
Last-Modified: Tue, 03 Sep 2019 00:46:00 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Endurance-Cache-Level: 2
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=31536000
Accept-Ranges: bytes
CF-RAY: 5d763c8a7e4e2bce-FRA
Expires: Thu, 23 Sep 2021 14:05:26 GMT

GET
H/1.1 200
OK opensans-regular.woff
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ 24 KB
25 KB 767ms
767ms Font
font/woff 2606:4700:3035::6812:29c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/opensans-regular.woff

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

HTTP/1.1

Server

2606:4700:3035::6812:29c0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: http://demo.primestonemedia.com
Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 18:12:54 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
Connection: keep-alive
Content-Length: 24876
cf-request-id: 055dc42a920000d6d19ebca200000001
Last-Modified: Mon, 02 Sep 2019 22:28:28 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Endurance-Cache-Level: 2
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=21600
Accept-Ranges: bytes
CF-RAY: 5d763c8a8826d6d1-FRA
Expires: Thu, 24 Sep 2020 00:12:53 GMT

GET
H/1.1 200
OK opensans-bold.woff
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ 14 KB
15 KB 767ms
761ms Font
font/woff 2606:4700:3035::6812:29c0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/opensans-bold.woff

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

HTTP/1.1

Server

2606:4700:3035::6812:29c0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: http://demo.primestonemedia.com
Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 23 Sep 2020 18:12:54 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
Connection: keep-alive
Content-Length: 14504
cf-request-id: 055dc42a9e000005d854004200000001
Last-Modified: Mon, 02 Sep 2019 22:30:32 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Endurance-Cache-Level: 2
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=21600
Accept-Ranges: bytes
CF-RAY: 5d763c8a983505d8-FRA
Expires: Thu, 24 Sep 2020 00:12:53 GMT

GET dcefont.woff
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/ 0
0

GET opensans-semibold.woff
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ 0
0

GET
H2

200

toggleDisabled.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js
https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js

1 KB
1000 B

26ms
25ms

Script
application/javascript

2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js

Requested by

Host: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256a06c938ecc394af763d147219fa14033d3528b1ed9da5f1e2f2ddbc8d2b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 18:12:53 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":31536000,"success_fraction":0.01,"include_subdomains":true,"response_headers":["cf-ray"]}
age: 1196056
cf-ray: 5d763c8b0daa0621-FRA
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 055dc42ae900000621b824d200000001
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
etag: W/"5eb03ec2-5dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
report-to: {"group":"cf-nel","max_age":31536000,"endpoints":[{"url":"https://gcp.nel.cloudflare.com/report?lkg-colo=fra&lkg-time=1600884773&lkg-ip=2a01:4f8:192:5414::2","weight":10}],"include_subdomains":true}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
timing-allow-origin: *
expires: Mon, 13 Sep 2021 18:12:53 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js
Non-Authoritative-Reason: HSTS

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/wordmark-white.svg

Domain: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/dcefont.woff

Domain: demo.primestonemedia.com
URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/opensans-semibold.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery object| jQuery110204079819169086032

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
demo.primestonemedia.com
www.dls.gov.ua
demo.primestonemedia.com
2606:4700:3035::6812:29c0
2606:4700::6811:4e6b
2a00:1450:4001:803::200a
92.244.99.200
0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1f40ea87a66d48750ed0fd7c032e7139ba42096059bd466c2a08ec607c371ed2
256a06c938ecc394af763d147219fa14033d3528b1ed9da5f1e2f2ddbc8d2b08
34a11532f5c4dd44c2848510ec6ee5f4f4d1fd645d769f37c6eec719afad0df7
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8b623ac8a8eab70c6a2c7c45beaed87151886702d9e9fe86090e3c2c8e0a7974
a7040377762ae7d1cee43a7b3049efd717fa1c27b04875c5b180496589823b64
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
bbaab50301e1ec80b44ae9ff2ff2376ec3c94bce9c48768b9bac488d97dd45e1
dfc6ec791eba3e3aa7d36d1c20091f616eba89934ed52b526e1edf1299b0fff2
f1264020dbe3f8813dceb1e15a7d5f4a48f2142e413cb310e7a256f4999d949a
f81bcbda5218bdf462b2d17c817594735b27dbc73a6073e7f3f07ec2a4c0e79b

demo.primestonemedia.com Open in urlscan Pro 2606:4700:3035::6812:29c0 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

25 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

990 kBTransfer

3458 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

demo.primestonemedia.com Open in urlscan Pro
2606:4700:3035::6812:29c0 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

25 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

990 kB
Transfer

3458 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!