primeurbanre.com
Open in
urlscan Pro
181.214.133.72
Malicious Activity!
Public Scan
Submission: On May 01 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 28th 2020. Valid for: 3 months.
This is the only time primeurbanre.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 181.214.133.72 181.214.133.72 | 397423 (TIER-NET) (TIER-NET) | |
9 | 45.60.13.52 45.60.13.52 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 185.67.45.137 185.67.45.137 | 201682 (LIQUID-WE...) (LIQUID-WEB-BV) | |
1 5 | 2a00:1450:400... 2a00:1450:4001:809::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c0c::9d | 15169 (GOOGLE) (GOOGLE) | |
17 | 6 |
ASN397423 (TIER-NET, US)
PTR: vm7.timeaspire.com
primeurbanre.com |
ASN19551 (INCAPSULA, US)
cdn.clareitysecurity.net | |
collector.clareity.net |
ASN201682 (LIQUID-WEB-BV, NL)
PTR: uranus.mspcloudhost.com
www.novosco.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
clareitysecurity.net
cdn.clareitysecurity.net |
1 MB |
5 |
google-analytics.com
1 redirects
www.google-analytics.com |
18 KB |
2 |
primeurbanre.com
primeurbanre.com |
4 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
102 B |
1 |
novosco.com
www.novosco.com |
58 KB |
1 |
clareity.net
collector.clareity.net |
5 KB |
17 | 6 |
Domain | Requested by | |
---|---|---|
8 | cdn.clareitysecurity.net |
primeurbanre.com
cdn.clareitysecurity.net |
5 | www.google-analytics.com |
1 redirects
cdn.clareitysecurity.net
primeurbanre.com |
2 | primeurbanre.com |
primeurbanre.com
|
1 | stats.g.doubleclick.net |
primeurbanre.com
|
1 | www.novosco.com |
primeurbanre.com
|
1 | collector.clareity.net |
primeurbanre.com
|
17 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.primeurbanre.com Let's Encrypt Authority X3 |
2020-04-28 - 2020-07-27 |
3 months | crt.sh |
cdn.clareitysecurity.net DigiCert SHA2 High Assurance Server CA |
2020-03-31 - 2022-04-05 |
2 years | crt.sh |
*.clareity.net DigiCert SHA2 High Assurance Server CA |
2020-01-06 - 2022-01-10 |
2 years | crt.sh |
*.novosco.com Go Daddy Secure Certificate Authority - G2 |
2019-01-21 - 2021-02-15 |
2 years | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-04-07 - 2020-06-30 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-04-07 - 2020-06-30 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://primeurbanre.com/Login/Login.htm
Frame ID: 8617CF54FB349880B50EDEDC1292B19B
Requests: 17 HTTP requests in this frame
Frame:
https://primeurbanre.com/idp/server.jsp
Frame ID: 8A58274E88D2F159E138F2F06D786851
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui.*\.js/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: UA-39826640-43
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://www.google-analytics.com/r/collect?v=1&_v=j81&a=730329305&t=pageview&_s=1&dl=https%3A%2F%2Fprimeurbanre.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUAB~&jid=169347123&gjid=1068265020&cid=1904458374.1588364322&tid=UA-45101381-2&_gid=916369777.1588364322&_r=1&z=464900046 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=1904458374.1588364322&jid=169347123&_gid=916369777.1588364322&gjid=1068265020&_v=j81&z=464900046
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login.htm
primeurbanre.com/Login/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
cdn.clareitysecurity.net/css/ |
10 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cdn.clareitysecurity.net/js/ |
91 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginxkd-dd-2.9.min.js
cdn.clareitysecurity.net/js/ |
41 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1583937068116
collector.clareity.net/kdl/ |
18 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
googletrack.js
cdn.clareitysecurity.net/sys/alberta/ |
651 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Office-365.jpg
www.novosco.com/images/easyblog_articles/37/ |
58 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
server.jsp
primeurbanre.com/idp/ Frame 8A58 |
315 B 515 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paragon-login-background.png
cdn.clareitysecurity.net/sys/alberta/ |
860 KB 862 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paragon-login-bg.png
cdn.clareitysecurity.net/sys/alberta/ |
395 KB 396 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.js
cdn.clareitysecurity.net/js/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.css
cdn.clareitysecurity.net/css/ |
30 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 102 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ |
35 B 104 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 103 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 97 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)155 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery string| url boolean| isOnQA boolean| alertMe undefined| debugit boolean| ie8 function| isIE string| requiredKd string| idpurl string| cdnUrl string| jQueryUiUrl string| jQueryUiCssUrl string| ie8CssUrl string| inputs string| pleasewait string| loginTypeVal string| loginTypeMsg string| failureMsgId string| failMsg string| logincssMsg string| logoMsg string| loginbtnMsg string| loginXkdMsg string| loginformMsg string| warnalert number| keyedChars boolean| isChrome object| loginXkdId string| loginXkdUrl undefined| oldbrowserWarnData undefined| oldbrowserUrlData undefined| setFocus undefined| inputAutoData undefined| disablePageData undefined| backSpaceClearData undefined| savePwdData undefined| fakeSafariPwdData undefined| fakeChromePwdData undefined| fontIconsData undefined| redirectUrlData undefined| idpTimeoutData undefined| secondsLeftData undefined| sessionWarnData undefined| loadingData undefined| collectorIcon undefined| kdIconData boolean| oldie function| cdnCheck string| googleTrackMsg string| googleJsUrlMsg string| googleJsUrlCdnMsg string| mlsgooglecode boolean| trackit function| googleCheck string| forgotPwdUrlMsg string| changePwdUrlMsg function| passLinks string| setFocusMsg object| usernameInput function| setInputFocus string| inputAutoMsg boolean| autocomp function| autoComplete string| disablePageMsg string| disablePageDiv boolean| disablepage string| backSpaceClearMsg boolean| backspace function| backspaceClear string| savePwdMsg boolean| savepassword string| fakeSafariPwdMsg boolean| fakepwdadded boolean| fakepwd function| fakeSafariPwd string| fakeChromePwdMsg function| fakeChromePwd string| fontIconsUrl string| fontIconsMsg boolean| fontawesome function| iconsFonts string| redirectUrl string| redirectUrlMsg number| idpTimeout string| idpTimeoutMsg number| secondsLeft string| secondsLeftMsg string| sessionWarnMsg boolean| sessionWarnMe string| sessionDialogHtml function| sessionPop function| runSessionDialog object| assocDropdownId object| assocDropdownRememberJsId undefined| assocDropdownRememberJsUrl string| assocDropdownRememberJsMsg string| assocDropdownMsg string| assocDropdownCookieMsg boolean| assocDrop object| assocDropdownCookie function| checkDropDown function| setDropDown function| saveDropdown function| inputCheck object| loadingId string| loadingMsg object| loginFormId string| loginFormMsg function| showInputs string| checkBootStrapMsg boolean| useboostrap function| checkBootStrap string| ssoTypeMsg function| ssoType function| basicLogin function| doLogin function| keyPress function| submitLoginForm object| collectIframe string| collectorMsg string| collectorIconMsg boolean| collectorchecker function| checkCollector function| collecterSet boolean| docollect function| collectObjectCheck object| kdCollecterId string| kdCollecterMsg string| kdIconMsg boolean| didkdload function| loginKd string| qaDialogHtml function| runQaDialog function| qaDialog boolean| fakechromepwdadded boolean| fakechromepwd function| initCallback_3xkd function| validCallback_3xkd function| kdFailed_3xkd object| CLAREITY object| _0x6bf2 function| CLAREITY_KD function| madKD_getVersion function| xkd object| _0xb3d3 object| b64 string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.primeurbanre.com/ | Name: _gat_newTracker Value: 1 |
|
.primeurbanre.com/ | Name: _gat Value: 1 |
|
.primeurbanre.com/ | Name: _gid Value: GA1.2.916369777.1588364322 |
|
.primeurbanre.com/ | Name: _ga Value: GA1.2.1904458374.1588364322 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.clareitysecurity.net
collector.clareity.net
primeurbanre.com
stats.g.doubleclick.net
www.google-analytics.com
www.novosco.com
181.214.133.72
185.67.45.137
2a00:1450:4001:809::200e
2a00:1450:400c:c0c::9d
45.60.13.52
00f973f96f9fcebd037f59485a24ac1f3f073d0fb20879ddf445265c7ef77d87
02324fbade97fbc223834e6afa838dc1e01185bd0393f8e26e084834b512ae69
0a27dc147ed1d0048a35f49ae3977452fd2050a59a569f790954afdf7f170c33
15cc6fc3f739fa8573e2785f1f6af0cff8cebd1118a4b4f11df63d0f51c3bb64
17cecc18ee875908251a0ab107cc1ec9dd5fe73af2b759caa69316f5793c85b9
1dcab816ca5ee2317f01c1822391bcf8d8f9fdfaa3e5d776592d6c3ce6e559af
5265f71403a318cdbeb0c4ec01dbba2f00fbc8f046b0a79e40e8abe675b398ce
64907bac65b3d6080557dbc26e2cc1ec94433cce8a4b7ad63dcf7ba4b959f948
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9de5950e705f78d02ae70cc5ee55ee333562d8ec083384f64e8d4a401a809e7a
aa3100820558883e772cd41ec4030d56480d1567d6843895f498405f24a0bdb1
b7e5367878f252a70a3eaecd650b0613a9bf53439c6a73fc76213fab103baad9
d4c1acdde2d8dc96d4347a5da9c0a7198dfb1985fc6b863511f6eaa7bde4cc99
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d