selladodejuntasasfalticas.com
Open in
urlscan Pro
163.172.75.153
Malicious Activity!
Public Scan
Submission: On May 01 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 8th 2020. Valid for: 3 months.
This is the only time selladodejuntasasfalticas.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 163.172.75.153 163.172.75.153 | 12876 (Online SAS) (Online SAS) | |
9 | 45.60.13.52 45.60.13.52 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 185.67.45.137 185.67.45.137 | 201682 (LIQUID-WE...) (LIQUID-WEB-BV) | |
1 5 | 2a00:1450:400... 2a00:1450:4001:81c::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c0c::9c | 15169 (GOOGLE) (GOOGLE) | |
17 | 6 |
ASN12876 (Online SAS, FR)
PTR: c02.iservidorweb.com
selladodejuntasasfalticas.com |
ASN19551 (INCAPSULA, US)
cdn.clareitysecurity.net | |
collector.clareity.net |
ASN201682 (LIQUID-WEB-BV, NL)
PTR: uranus.mspcloudhost.com
www.novosco.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
clareitysecurity.net
cdn.clareitysecurity.net |
1 MB |
5 |
google-analytics.com
1 redirects
www.google-analytics.com |
18 KB |
2 |
selladodejuntasasfalticas.com
selladodejuntasasfalticas.com |
2 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
136 B |
1 |
novosco.com
www.novosco.com |
58 KB |
1 |
clareity.net
collector.clareity.net |
5 KB |
17 | 6 |
Domain | Requested by | |
---|---|---|
8 | cdn.clareitysecurity.net |
selladodejuntasasfalticas.com
cdn.clareitysecurity.net |
5 | www.google-analytics.com |
1 redirects
cdn.clareitysecurity.net
selladodejuntasasfalticas.com |
2 | selladodejuntasasfalticas.com |
selladodejuntasasfalticas.com
|
1 | stats.g.doubleclick.net |
selladodejuntasasfalticas.com
|
1 | www.novosco.com |
selladodejuntasasfalticas.com
|
1 | collector.clareity.net |
selladodejuntasasfalticas.com
|
17 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
selladodejuntasasfalticas.com cPanel, Inc. Certification Authority |
2020-04-08 - 2020-07-07 |
3 months | crt.sh |
cdn.clareitysecurity.net DigiCert SHA2 High Assurance Server CA |
2020-03-31 - 2022-04-05 |
2 years | crt.sh |
*.clareity.net DigiCert SHA2 High Assurance Server CA |
2020-01-06 - 2022-01-10 |
2 years | crt.sh |
*.novosco.com Go Daddy Secure Certificate Authority - G2 |
2019-01-21 - 2021-02-15 |
2 years | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-04-07 - 2020-06-30 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-04-01 - 2020-06-24 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://selladodejuntasasfalticas.com/Login/Login.htm
Frame ID: AA0263A17F9CEAFED9206CC17C1B03BD
Requests: 17 HTTP requests in this frame
Frame:
https://selladodejuntasasfalticas.com/idp/server.jsp
Frame ID: E4E451AFACC709C9C6931B03F0C62CAC
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui.*\.js/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: UA-39826640-43
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://www.google-analytics.com/r/collect?v=1&_v=j81&a=810421563&t=pageview&_s=1&dl=https%3A%2F%2Fselladodejuntasasfalticas.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUAB~&jid=915447673&gjid=1385656744&cid=432988662.1588296847&tid=UA-45101381-2&_gid=876377509.1588296847&_r=1&z=829106927 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=432988662.1588296847&jid=915447673&_gid=876377509.1588296847&gjid=1385656744&_v=j81&z=829106927
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login.htm
selladodejuntasasfalticas.com/Login/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
cdn.clareitysecurity.net/css/ |
10 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cdn.clareitysecurity.net/js/ |
91 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginxkd-dd-2.9.min.js
cdn.clareitysecurity.net/js/ |
41 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1583937068116
collector.clareity.net/kdl/ |
18 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
googletrack.js
cdn.clareitysecurity.net/sys/alberta/ |
651 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Office-365.jpg
www.novosco.com/images/easyblog_articles/37/ |
58 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
server.jsp
selladodejuntasasfalticas.com/idp/ Frame E4E4 |
315 B 392 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paragon-login-background.png
cdn.clareitysecurity.net/sys/alberta/ |
860 KB 862 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paragon-login-bg.png
cdn.clareitysecurity.net/sys/alberta/ |
395 KB 396 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.js
cdn.clareitysecurity.net/js/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.css
cdn.clareitysecurity.net/css/ |
30 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 136 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ |
35 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 122 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 93 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)155 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery string| url boolean| isOnQA boolean| alertMe undefined| debugit boolean| ie8 function| isIE string| requiredKd string| idpurl string| cdnUrl string| jQueryUiUrl string| jQueryUiCssUrl string| ie8CssUrl string| inputs string| pleasewait string| loginTypeVal string| loginTypeMsg string| failureMsgId string| failMsg string| logincssMsg string| logoMsg string| loginbtnMsg string| loginXkdMsg string| loginformMsg string| warnalert number| keyedChars boolean| isChrome object| loginXkdId string| loginXkdUrl undefined| oldbrowserWarnData undefined| oldbrowserUrlData undefined| setFocus undefined| inputAutoData undefined| disablePageData undefined| backSpaceClearData undefined| savePwdData undefined| fakeSafariPwdData undefined| fakeChromePwdData undefined| fontIconsData undefined| redirectUrlData undefined| idpTimeoutData undefined| secondsLeftData undefined| sessionWarnData undefined| loadingData undefined| collectorIcon undefined| kdIconData boolean| oldie function| cdnCheck string| googleTrackMsg string| googleJsUrlMsg string| googleJsUrlCdnMsg string| mlsgooglecode boolean| trackit function| googleCheck string| forgotPwdUrlMsg string| changePwdUrlMsg function| passLinks string| setFocusMsg object| usernameInput function| setInputFocus string| inputAutoMsg boolean| autocomp function| autoComplete string| disablePageMsg string| disablePageDiv boolean| disablepage string| backSpaceClearMsg boolean| backspace function| backspaceClear string| savePwdMsg boolean| savepassword string| fakeSafariPwdMsg boolean| fakepwdadded boolean| fakepwd function| fakeSafariPwd string| fakeChromePwdMsg function| fakeChromePwd string| fontIconsUrl string| fontIconsMsg boolean| fontawesome function| iconsFonts string| redirectUrl string| redirectUrlMsg number| idpTimeout string| idpTimeoutMsg number| secondsLeft string| secondsLeftMsg string| sessionWarnMsg boolean| sessionWarnMe string| sessionDialogHtml function| sessionPop function| runSessionDialog object| assocDropdownId object| assocDropdownRememberJsId undefined| assocDropdownRememberJsUrl string| assocDropdownRememberJsMsg string| assocDropdownMsg string| assocDropdownCookieMsg boolean| assocDrop object| assocDropdownCookie function| checkDropDown function| setDropDown function| saveDropdown function| inputCheck object| loadingId string| loadingMsg object| loginFormId string| loginFormMsg function| showInputs string| checkBootStrapMsg boolean| useboostrap function| checkBootStrap string| ssoTypeMsg function| ssoType function| basicLogin function| doLogin function| keyPress function| submitLoginForm object| collectIframe string| collectorMsg string| collectorIconMsg boolean| collectorchecker function| checkCollector function| collecterSet boolean| docollect function| collectObjectCheck object| kdCollecterId string| kdCollecterMsg string| kdIconMsg boolean| didkdload function| loginKd string| qaDialogHtml function| runQaDialog function| qaDialog boolean| fakechromepwdadded boolean| fakechromepwd function| initCallback_3xkd function| validCallback_3xkd function| kdFailed_3xkd object| CLAREITY object| _0xb3d3 object| b64 function| xkd object| _0x6bf2 function| CLAREITY_KD function| madKD_getVersion string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.selladodejuntasasfalticas.com/ | Name: _gat_newTracker Value: 1 |
|
.selladodejuntasasfalticas.com/ | Name: _gat Value: 1 |
|
.selladodejuntasasfalticas.com/ | Name: _gid Value: GA1.2.876377509.1588296847 |
|
.selladodejuntasasfalticas.com/ | Name: _ga Value: GA1.2.432988662.1588296847 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.clareitysecurity.net
collector.clareity.net
selladodejuntasasfalticas.com
stats.g.doubleclick.net
www.google-analytics.com
www.novosco.com
163.172.75.153
185.67.45.137
2a00:1450:4001:81c::200e
2a00:1450:400c:c0c::9c
45.60.13.52
00f973f96f9fcebd037f59485a24ac1f3f073d0fb20879ddf445265c7ef77d87
02324fbade97fbc223834e6afa838dc1e01185bd0393f8e26e084834b512ae69
0a27dc147ed1d0048a35f49ae3977452fd2050a59a569f790954afdf7f170c33
15cc6fc3f739fa8573e2785f1f6af0cff8cebd1118a4b4f11df63d0f51c3bb64
17cecc18ee875908251a0ab107cc1ec9dd5fe73af2b759caa69316f5793c85b9
1dcab816ca5ee2317f01c1822391bcf8d8f9fdfaa3e5d776592d6c3ce6e559af
5265f71403a318cdbeb0c4ec01dbba2f00fbc8f046b0a79e40e8abe675b398ce
64907bac65b3d6080557dbc26e2cc1ec94433cce8a4b7ad63dcf7ba4b959f948
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9de5950e705f78d02ae70cc5ee55ee333562d8ec083384f64e8d4a401a809e7a
b7e5367878f252a70a3eaecd650b0613a9bf53439c6a73fc76213fab103baad9
be86ae8a9691504e237eac8c4a8038c5126a92d41a052ec6cff04f7a5e8dd4bf
d4c1acdde2d8dc96d4347a5da9c0a7198dfb1985fc6b863511f6eaa7bde4cc99
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d