urlscan.io logo urlscan.io
SecurityTrails logo

selladodejuntasasfalticas.com Open in urlscan Pro
163.172.75.153  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Submission: On May 01 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 5 countries across 6 domains to perform 17 HTTP transactions. The main IP is 163.172.75.153, located in France and belongs to Online SAS, FR. The main domain is selladodejuntasasfalticas.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 8th 2020. Valid for: 3 months.
This is the only time selladodejuntasasfalticas.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
2 163.172.75.153 12876 (Online SAS)
9 45.60.13.52 19551 (INCAPSULA)
1 185.67.45.137 201682 (LIQUID-WE...)
1 5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
17 6
2    163.172.75.153 (France)

ASN12876 (Online SAS, FR)
PTR: c02.iservidorweb.com
selladodejuntasasfalticas.com
9    45.60.13.52 (United States)

ASN19551 (INCAPSULA, US)
cdn.clareitysecurity.net
collector.clareity.net
1    185.67.45.137 (Netherlands)

ASN201682 (LIQUID-WEB-BV, NL)
PTR: uranus.mspcloudhost.com
www.novosco.com
5    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
Domain Requested by
8 cdn.clareitysecurity.net selladodejuntasasfalticas.com
cdn.clareitysecurity.net
5 www.google-analytics.com 1 redirects cdn.clareitysecurity.net
selladodejuntasasfalticas.com
2 selladodejuntasasfalticas.com selladodejuntasasfalticas.com
1 stats.g.doubleclick.net selladodejuntasasfalticas.com
1 www.novosco.com selladodejuntasasfalticas.com
1 collector.clareity.net selladodejuntasasfalticas.com
17 6

This site contains links to these domains. Also see Links.

Domain
www.google.com
Subject Issuer Validity Valid
selladodejuntasasfalticas.com
cPanel, Inc. Certification Authority		 2020-04-08 -
2020-07-07		 3 months crt.sh
cdn.clareitysecurity.net
DigiCert SHA2 High Assurance Server CA		 2020-03-31 -
2022-04-05		 2 years crt.sh
*.clareity.net
DigiCert SHA2 High Assurance Server CA		 2020-01-06 -
2022-01-10		 2 years crt.sh
*.novosco.com
Go Daddy Secure Certificate Authority - G2		 2019-01-21 -
2021-02-15		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-04-01 -
2020-06-24		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://selladodejuntasasfalticas.com/Login/Login.htm
Frame ID: AA0263A17F9CEAFED9206CC17C1B03BD
Requests: 17 HTTP requests in this frame

Frame: https://selladodejuntasasfalticas.com/idp/server.jsp
Frame ID: E4E451AFACC709C9C6931B03F0C62CAC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery-ui.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery-ui.*\.js/i

Page Statistics

17
Requests

100 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

5
Countries

1441 kB
Transfer

1639 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=810421563&t=pageview&_s=1&dl=https%3A%2F%2Fselladodejuntasasfalticas.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUAB~&jid=915447673&gjid=1385656744&cid=432988662.1588296847&tid=UA-45101381-2&_gid=876377509.1588296847&_r=1&z=829106927 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=432988662.1588296847&jid=915447673&_gid=876377509.1588296847&gjid=1385656744&_v=j81&z=829106927

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login.htm
selladodejuntasasfalticas.com/Login/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
163.172.75.153 , France, ASN12876 (Online SAS, FR),
Reverse DNS
c02.iservidorweb.com
Software
nginx /
Resource Hash
0a27dc147ed1d0048a35f49ae3977452fd2050a59a569f790954afdf7f170c33
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
selladodejuntasasfalticas.com
:scheme
https
:path
/Login/Login.htm
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
server
nginx
date
Fri, 01 May 2020 01:34:06 GMT
content-type
text/html
last-modified
Wed, 11 Mar 2020 10:57:02 GMT
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
content-encoding
gzip
login.css
cdn.clareitysecurity.net/css/ 		10 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.clareitysecurity.net/css/login.css
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
b7e5367878f252a70a3eaecd650b0613a9bf53439c6a73fc76213fab103baad9

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
5-91001355-91001437 NNNN CT(4 2 0) RT(1586723278822 170) q(0 2 2 155) r(3 3) U5, 4-3260640-3260641 NNNN CT(35 72 0) RT(1588296846898 15) q(0 0 1 1) r(1 1) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:26:26 GMT
Server
NetDNA-cache/2.2
ETag
W/"10321-1568913986000"
Content-Type
text/css
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/css/login.css>; rel="canonical"
jquery.min.js
cdn.clareitysecurity.net/js/ 		91 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.clareitysecurity.net/js/jquery.min.js
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
9de5950e705f78d02ae70cc5ee55ee333562d8ec083384f64e8d4a401a809e7a

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
11-64831527-64831528 NNNN CT(2 3 0) RT(1588148863797 4) q(0 0 0 0) r(1 1) U5, 1-1524489-1524491 NNNN CT(35 74 0) RT(1588296846898 15) q(0 0 1 1) r(1 1) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:27:47 GMT
Server
NetDNA-cache/2.2
ETag
W/"93061-1568914067000"
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/js/jquery.min.js>; rel="canonical"
loginxkd-dd-2.9.min.js
cdn.clareitysecurity.net/js/ 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.clareitysecurity.net/js/loginxkd-dd-2.9.min.js
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
d4c1acdde2d8dc96d4347a5da9c0a7198dfb1985fc6b863511f6eaa7bde4cc99

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
3-21937514-21937515 NNNN CT(2 3 0) RT(1588159230995 4) q(0 1 1 0) r(2 2) U5, 5-4108691-4108693 NNNN CT(35 73 0) RT(1588296846898 17) q(0 0 1 0) r(1 1) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Mon, 28 Oct 2019 15:54:02 GMT
Server
NetDNA-cache/2.2
ETag
W/"41698-1572278042000"
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/js/loginxkd-dd-2.9.min.js>; rel="canonical"
1583937068116
collector.clareity.net/kdl/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://collector.clareity.net/kdl/1583937068116?trxId=85143446b5ad7592524a5d61c8d9a7920aa3e5d7&deviceId=d0bea4362eff62c13bcbe1c63236b70243878dd1&systemName=rae&toc=1583937068116
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
be86ae8a9691504e237eac8c4a8038c5126a92d41a052ec6cff04f7a5e8dd4bf

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 01:34:07 GMT
via
1.1 google
server
Apache-Coyote/1.1
content-encoding
gzip
p3p
CP="CAO PSA OUR"
status
200
x-iinfo
5-4108694-4108695 NNYN CT(1 4 0) RT(1588296846929 0) q(0 0 0 0) r(1 1) U5
content-type
text/javascript;charset=ISO-8859-1
alt-svc
clear
x-cdn
Incapsula
googletrack.js
cdn.clareitysecurity.net/sys/alberta/ 		651 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.clareitysecurity.net/sys/alberta/googletrack.js
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
00f973f96f9fcebd037f59485a24ac1f3f073d0fb20879ddf445265c7ef77d87

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
3-29584626-29584661 NNNN CT(1 3 0) RT(1588274609399 164) q(0 0 0 0) r(1 1) U5, 1-1524490-1524492 NNNN CT(35 72 0) RT(1588296846898 16) q(0 0 1 2) r(1 1) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:27:48 GMT
Server
NetDNA-cache/2.2
ETag
W/"651-1568914068000"
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/sys/alberta/googletrack.js>; rel="canonical"
Office-365.jpg
www.novosco.com/images/easyblog_articles/37/ 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.novosco.com/images/easyblog_articles/37/Office-365.jpg
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.67.45.137 , Netherlands, ASN201682 (LIQUID-WEB-BV, NL),
Reverse DNS
uranus.mspcloudhost.com
Software
Apache /
Resource Hash
64907bac65b3d6080557dbc26e2cc1ec94433cce8a4b7ad63dcf7ba4b959f948
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 04 Apr 2019 14:55:00 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=1000
Content-Length
59082
Expires
Sun, 31 May 2020 01:34:07 GMT
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/sys/alberta/googletrack.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
2267
date
Fri, 01 May 2020 00:56:20 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18174
expires
Fri, 01 May 2020 02:56:20 GMT
server.jsp
selladodejuntasasfalticas.com/idp/ Frame E4E4 		315 B
392 B 		Document
General
Check archive.org
Download Go to
Full URL
https://selladodejuntasasfalticas.com/idp/server.jsp
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
163.172.75.153 , France, ASN12876 (Online SAS, FR),
Reverse DNS
c02.iservidorweb.com
Software
nginx /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

:method
GET
:authority
selladodejuntasasfalticas.com
:scheme
https
:path
/idp/server.jsp
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://selladodejuntasasfalticas.com/Login/Login.htm
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://selladodejuntasasfalticas.com/Login/Login.htm

Response headers

status
404
server
nginx
date
Fri, 01 May 2020 01:34:07 GMT
content-type
text/html; charset=iso-8859-1
content-length
315
paragon-login-background.png
cdn.clareitysecurity.net/sys/alberta/ 		860 KB
862 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.clareitysecurity.net/sys/alberta/paragon-login-background.png
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
17cecc18ee875908251a0ab107cc1ec9dd5fe73af2b759caa69316f5793c85b9

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
13-64065822-64065884 NNNY CT(0 0 0) RT(1588274609545 184) q(0 0 0 0) r(1 1) U5, 1-1524489-1524491 SNNN RT(1588296846898 289) q(0 0 0 -1) r(1 1) U5
Connection
keep-alive
Alt-Svc
clear
Content-Length
881145
Last-Modified
Thu, 19 Sep 2019 17:27:48 GMT
Server
NetDNA-cache/2.2
ETag
W/"881145-1568914068000"
Content-Type
image/png
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Link
<https://cdn.clareity.net/sys/alberta/paragon-login-background.png>; rel="canonical"
paragon-login-bg.png
cdn.clareitysecurity.net/sys/alberta/ 		395 KB
396 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.clareitysecurity.net/sys/alberta/paragon-login-bg.png
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
1dcab816ca5ee2317f01c1822391bcf8d8f9fdfaa3e5d776592d6c3ce6e559af

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
12-52989518-52989549 NNNY CT(0 0 0) RT(1588274609863 164) q(0 0 0 0) r(0 0) U5, 5-4108691-4108693 SNNN RT(1588296846898 289) q(0 0 0 -1) r(1 1) U5
Connection
keep-alive
Alt-Svc
clear
Content-Length
404857
Last-Modified
Thu, 19 Sep 2019 17:27:48 GMT
Server
NetDNA-cache/2.2
ETag
W/"404857-1568914068000"
Content-Type
image/png
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Link
<https://cdn.clareity.net/sys/alberta/paragon-login-bg.png>; rel="canonical"
jquery-ui.min.js
cdn.clareitysecurity.net/js/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.clareitysecurity.net/js/jquery-ui.min.js?_=1588296847357
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
15cc6fc3f739fa8573e2785f1f6af0cff8cebd1118a4b4f11df63d0f51c3bb64

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
11-66287387-66287389 NNNY CT(0 0 0) RT(1588159232259 11) q(0 0 0 0) r(1 1) U5, 1-1524490-1524492 SNNN RT(1588296846898 325) q(0 0 0 -1) r(0 0) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:27:47 GMT
Server
NetDNA-cache/2.2
ETag
W/"87902-1568914067000"
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/js/jquery-ui.min.js>; rel="canonical"
jquery-ui.min.css
cdn.clareitysecurity.net/css/ 		30 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.clareitysecurity.net/css/jquery-ui.min.css
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
5265f71403a318cdbeb0c4ec01dbba2f00fbc8f046b0a79e40e8abe675b398ce

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 01:34:07 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
2-92337097-92337153 NNNY CT(0 0 0) RT(1586967761143 312) q(0 0 0 9) r(1 1) U5, 4-3260640-3260641 SNNN RT(1588296846898 329) q(0 0 0 -1) r(0 0) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:26:18 GMT
Server
NetDNA-cache/2.2
ETag
W/"30585-1568913978000"
Content-Type
text/css
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/css/jquery-ui.min.css>; rel="canonical"
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=810421563&t=pageview&_s=1&dl=https%3A%2F%2Fselladodejuntasasfalticas.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=432988662.1588296847&jid=915447673&_gid=876377509.1588296847&gjid=1385656744&_v=j81&z=829106927
35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=432988662.1588296847&jid=915447673&_gid=876377509.1588296847&gjid=1385656744&_v=j81&z=829106927
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 01 May 2020 01:34:07 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 01 May 2020 01:34:07 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=432988662.1588296847&jid=915447673&_gid=876377509.1588296847&gjid=1385656744&_v=j81&z=829106927
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
416
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/r/ 		35 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=810421563&t=pageview&_s=1&dl=https%3A%2F%2Fselladodejuntasasfalticas.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUAB~&jid=1828345617&gjid=869563675&cid=432988662.1588296847&tid=UA-39826640-43&_gid=876377509.1588296847&_r=1&z=2037576865
Requested by
Host: selladodejuntasasfalticas.com
URL: https://selladodejuntasasfalticas.com/Login/Login.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 May 2020 01:34:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=810421563&t=event&_s=2&dl=https%3A%2F%2Fselladodejuntasasfalticas.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Collector%20Script&ea=Failed&_u=aEDAAUAB~&jid=&gjid=&cid=432988662.1588296847&tid=UA-45101381-2&_gid=876377509.1588296847&z=1928067366
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Apr 2020 14:18:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2546126
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=810421563&t=event&_s=3&dl=https%3A%2F%2Fselladodejuntasasfalticas.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=KD%20Script&ea=Loaded&el=madKD2.2.min.js&_u=aEDAAUAB~&jid=&gjid=&cid=432988662.1588296847&tid=UA-45101381-2&_gid=876377509.1588296847&z=1941701088
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://selladodejuntasasfalticas.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Apr 2020 14:18:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2546126
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
02324fbade97fbc223834e6afa838dc1e01185bd0393f8e26e084834b512ae69

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery string| url boolean| isOnQA boolean| alertMe undefined| debugit boolean| ie8 function| isIE string| requiredKd string| idpurl string| cdnUrl string| jQueryUiUrl string| jQueryUiCssUrl string| ie8CssUrl string| inputs string| pleasewait string| loginTypeVal string| loginTypeMsg string| failureMsgId string| failMsg string| logincssMsg string| logoMsg string| loginbtnMsg string| loginXkdMsg string| loginformMsg string| warnalert number| keyedChars boolean| isChrome object| loginXkdId string| loginXkdUrl undefined| oldbrowserWarnData undefined| oldbrowserUrlData undefined| setFocus undefined| inputAutoData undefined| disablePageData undefined| backSpaceClearData undefined| savePwdData undefined| fakeSafariPwdData undefined| fakeChromePwdData undefined| fontIconsData undefined| redirectUrlData undefined| idpTimeoutData undefined| secondsLeftData undefined| sessionWarnData undefined| loadingData undefined| collectorIcon undefined| kdIconData boolean| oldie function| cdnCheck string| googleTrackMsg string| googleJsUrlMsg string| googleJsUrlCdnMsg string| mlsgooglecode boolean| trackit function| googleCheck string| forgotPwdUrlMsg string| changePwdUrlMsg function| passLinks string| setFocusMsg object| usernameInput function| setInputFocus string| inputAutoMsg boolean| autocomp function| autoComplete string| disablePageMsg string| disablePageDiv boolean| disablepage string| backSpaceClearMsg boolean| backspace function| backspaceClear string| savePwdMsg boolean| savepassword string| fakeSafariPwdMsg boolean| fakepwdadded boolean| fakepwd function| fakeSafariPwd string| fakeChromePwdMsg function| fakeChromePwd string| fontIconsUrl string| fontIconsMsg boolean| fontawesome function| iconsFonts string| redirectUrl string| redirectUrlMsg number| idpTimeout string| idpTimeoutMsg number| secondsLeft string| secondsLeftMsg string| sessionWarnMsg boolean| sessionWarnMe string| sessionDialogHtml function| sessionPop function| runSessionDialog object| assocDropdownId object| assocDropdownRememberJsId undefined| assocDropdownRememberJsUrl string| assocDropdownRememberJsMsg string| assocDropdownMsg string| assocDropdownCookieMsg boolean| assocDrop object| assocDropdownCookie function| checkDropDown function| setDropDown function| saveDropdown function| inputCheck object| loadingId string| loadingMsg object| loginFormId string| loginFormMsg function| showInputs string| checkBootStrapMsg boolean| useboostrap function| checkBootStrap string| ssoTypeMsg function| ssoType function| basicLogin function| doLogin function| keyPress function| submitLoginForm object| collectIframe string| collectorMsg string| collectorIconMsg boolean| collectorchecker function| checkCollector function| collecterSet boolean| docollect function| collectObjectCheck object| kdCollecterId string| kdCollecterMsg string| kdIconMsg boolean| didkdload function| loginKd string| qaDialogHtml function| runQaDialog function| qaDialog boolean| fakechromepwdadded boolean| fakechromepwd function| initCallback_3xkd function| validCallback_3xkd function| kdFailed_3xkd object| CLAREITY object| _0xb3d3 object| b64 function| xkd object| _0x6bf2 function| CLAREITY_KD function| madKD_getVersion string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.selladodejuntasasfalticas.com/ Name: _gat_newTracker
Value: 1
.selladodejuntasasfalticas.com/ Name: _gat
Value: 1
.selladodejuntasasfalticas.com/ Name: _gid
Value: GA1.2.876377509.1588296847
.selladodejuntasasfalticas.com/ Name: _ga
Value: GA1.2.432988662.1588296847

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block