demo.primestonemedia.com
Open in
urlscan Pro
2606:4700:3035::6812:29c0
Malicious Activity!
Public Scan
Effective URL: http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
Submission: On September 23 via manual from US
Summary
This is the only time demo.primestonemedia.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 92.244.99.200 92.244.99.200 | 34056 (KIEVNET K...) (KIEVNET KievNet ISP AS) | |
1 9 | 2606:4700:303... 2606:4700:3035::6812:29c0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:803::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6811:4e6b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 5 |
ASN34056 (KIEVNET KievNet ISP AS, UA)
PTR: 92-244-99-200.dls.gov.ua
www.dls.gov.ua |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
primestonemedia.com
1 redirects
demo.primestonemedia.com |
917 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
10 KB |
2 |
googleapis.com
ajax.googleapis.com |
63 KB |
1 |
dls.gov.ua
www.dls.gov.ua |
488 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
9 | demo.primestonemedia.com |
1 redirects
demo.primestonemedia.com
|
2 | cdnjs.cloudflare.com |
demo.primestonemedia.com
|
2 | ajax.googleapis.com |
demo.primestonemedia.com
|
1 | www.dls.gov.ua | |
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.dls.gov.ua Sectigo RSA Domain Validation Secure Server CA |
2019-12-10 - 2021-12-09 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
cdnjs.cloudflare.com DigiCert ECC Secure Server CA |
2020-08-12 - 2022-08-17 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso=
Frame ID: 3FE0905CA434B4F6544B4AB53804A8A7
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ggg.html Page URL
-
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/
HTTP 302
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso= Page URL
Detected technologies
Debian (Operating Systems) ExpandDetected patterns
- headers server /Debian/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ggg.html Page URL
-
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/
HTTP 302
http://demo.primestonemedia.com/wp-content/mu-plugins/chase/login.php?chase_id=48484848484&country=&iso= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- http://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js HTTP 307
- https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
- http://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js HTTP 307
- https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
ggg.html
www.dls.gov.ua/wp-content/plugins/insert-headers-and-footers/ |
173 B 488 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
demo.primestonemedia.com/wp-content/mu-plugins/chase/ Redirect Chain
|
21 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logon.css
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ |
111 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blue-ui2.css
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ |
481 KB 96 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dashboard.css
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ |
2 MB 358 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ |
91 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.form-validator.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/ Redirect Chain
|
29 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blue-ui.css
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ |
418 KB 82 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wordmark-white.svg
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.desktop.day.9.jpeg
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/ |
311 KB 312 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opensans-regular.woff
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
opensans-bold.woff
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ |
14 KB 15 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dcefont.woff
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-semibold.woff
demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toggleDisabled.js
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/ Redirect Chain
|
1 KB 1000 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- demo.primestonemedia.com
- URL
- http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/wordmark-white.svg
- Domain
- demo.primestonemedia.com
- URL
- http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/img/dcefont.woff
- Domain
- demo.primestonemedia.com
- URL
- http://demo.primestonemedia.com/wp-content/mu-plugins/chase/Spox/Files/css/opensans-semibold.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| $ function| jQuery object| jQuery1102040798191690860320 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
demo.primestonemedia.com
www.dls.gov.ua
demo.primestonemedia.com
2606:4700:3035::6812:29c0
2606:4700::6811:4e6b
2a00:1450:4001:803::200a
92.244.99.200
0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1f40ea87a66d48750ed0fd7c032e7139ba42096059bd466c2a08ec607c371ed2
256a06c938ecc394af763d147219fa14033d3528b1ed9da5f1e2f2ddbc8d2b08
34a11532f5c4dd44c2848510ec6ee5f4f4d1fd645d769f37c6eec719afad0df7
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8b623ac8a8eab70c6a2c7c45beaed87151886702d9e9fe86090e3c2c8e0a7974
a7040377762ae7d1cee43a7b3049efd717fa1c27b04875c5b180496589823b64
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
bbaab50301e1ec80b44ae9ff2ff2376ec3c94bce9c48768b9bac488d97dd45e1
dfc6ec791eba3e3aa7d36d1c20091f616eba89934ed52b526e1edf1299b0fff2
f1264020dbe3f8813dceb1e15a7d5f4a48f2142e413cb310e7a256f4999d949a
f81bcbda5218bdf462b2d17c817594735b27dbc73a6073e7f3f07ec2a4c0e79b