primeurbanre.com Open in urlscan Pro
181.214.133.72  Malicious Activity! Public Scan

URL: https://primeurbanre.com/Login/Login.htm
Submission: On May 01 via api from US

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 17 HTTP transactions. The main IP is 181.214.133.72, located in Dallas, United States and belongs to TIER-NET, US. The main domain is primeurbanre.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 28th 2020. Valid for: 3 months.
This is the only time primeurbanre.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
2 181.214.133.72 397423 (TIER-NET)
9 45.60.13.52 19551 (INCAPSULA)
1 185.67.45.137 201682 (LIQUID-WE...)
1 5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
17 6
Domain Requested by
8 cdn.clareitysecurity.net primeurbanre.com
cdn.clareitysecurity.net
5 www.google-analytics.com 1 redirects cdn.clareitysecurity.net
primeurbanre.com
2 primeurbanre.com primeurbanre.com
1 stats.g.doubleclick.net primeurbanre.com
1 www.novosco.com primeurbanre.com
1 collector.clareity.net primeurbanre.com
17 6

This site contains links to these domains. Also see Links.

Domain
www.google.com
Subject Issuer Validity Valid
www.primeurbanre.com
Let's Encrypt Authority X3
2020-04-28 -
2020-07-27
3 months crt.sh
cdn.clareitysecurity.net
DigiCert SHA2 High Assurance Server CA
2020-03-31 -
2022-04-05
2 years crt.sh
*.clareity.net
DigiCert SHA2 High Assurance Server CA
2020-01-06 -
2022-01-10
2 years crt.sh
*.novosco.com
Go Daddy Secure Certificate Authority - G2
2019-01-21 -
2021-02-15
2 years crt.sh
*.google-analytics.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh

This page contains 2 frames:

Primary Page: https://primeurbanre.com/Login/Login.htm
Frame ID: 8617CF54FB349880B50EDEDC1292B19B
Requests: 17 HTTP requests in this frame

Frame: https://primeurbanre.com/idp/server.jsp
Frame ID: 8A58274E88D2F159E138F2F06D786851
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery-ui.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery-ui.*\.js/i

Page Statistics

17
Requests

100 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

1443 kB
Transfer

1639 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=730329305&t=pageview&_s=1&dl=https%3A%2F%2Fprimeurbanre.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUAB~&jid=169347123&gjid=1068265020&cid=1904458374.1588364322&tid=UA-45101381-2&_gid=916369777.1588364322&_r=1&z=464900046 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=1904458374.1588364322&jid=169347123&_gid=916369777.1588364322&gjid=1068265020&_v=j81&z=464900046

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Login.htm
primeurbanre.com/Login/
3 KB
4 KB
Document
General
Full URL
https://primeurbanre.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
181.214.133.72 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS
vm7.timeaspire.com
Software
Apache /
Resource Hash
0a27dc147ed1d0048a35f49ae3977452fd2050a59a569f790954afdf7f170c33

Request headers

Host
primeurbanre.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Server
Apache
Last-Modified
Wed, 11 Mar 2020 08:57:02 GMT
Accept-Ranges
bytes
Content-Length
3433
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
login.css
cdn.clareitysecurity.net/css/
10 KB
6 KB
Stylesheet
General
Full URL
https://cdn.clareitysecurity.net/css/login.css
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
b7e5367878f252a70a3eaecd650b0613a9bf53439c6a73fc76213fab103baad9

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
4-53280567-53280581 NNNN CT(0 3 0) RT(1587095089892 180) q(0 0 0 0) r(1 1) U5, 7-1839839-1839843 NNNN CT(36 56 0) RT(1588364320703 52) q(0 0 1 1) r(1 1) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:26:26 GMT
Server
NetDNA-cache/2.2
ETag
W/"10321-1568913986000"
Content-Type
text/css
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/css/login.css>; rel="canonical"
jquery.min.js
cdn.clareitysecurity.net/js/
91 KB
38 KB
Script
General
Full URL
https://cdn.clareitysecurity.net/js/jquery.min.js
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
9de5950e705f78d02ae70cc5ee55ee333562d8ec083384f64e8d4a401a809e7a

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
6-27914701-27914727 NNNY CT(0 0 0) RT(1588149566571 282) q(0 0 0 0) r(3 3) U5, 8-2114602-2114606 NNNN CT(25 75 0) RT(1588364320703 52) q(0 0 1 0) r(2 2) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:27:47 GMT
Server
NetDNA-cache/2.2
ETag
W/"93061-1568914067000"
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/js/jquery.min.js>; rel="canonical"
loginxkd-dd-2.9.min.js
cdn.clareitysecurity.net/js/
41 KB
14 KB
Script
General
Full URL
https://cdn.clareitysecurity.net/js/loginxkd-dd-2.9.min.js
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
d4c1acdde2d8dc96d4347a5da9c0a7198dfb1985fc6b863511f6eaa7bde4cc99

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
3-65747561-65747576 NNNN CT(0 3 0) RT(1588144129120 175) q(0 0 1 0) r(1 1) U5, 9-2437546-2437547 NNNN CT(21 56 0) RT(1588364320703 53) q(0 0 1 0) r(1 1) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Mon, 28 Oct 2019 15:54:03 GMT
Server
NetDNA-cache/2.2
ETag
W/"41698-1572278043000"
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/js/loginxkd-dd-2.9.min.js>; rel="canonical"
1583937068116
collector.clareity.net/kdl/
18 KB
5 KB
Script
General
Full URL
https://collector.clareity.net/kdl/1583937068116?trxId=85143446b5ad7592524a5d61c8d9a7920aa3e5d7&deviceId=d0bea4362eff62c13bcbe1c63236b70243878dd1&systemName=rae&toc=1583937068116
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
aa3100820558883e772cd41ec4030d56480d1567d6843895f498405f24a0bdb1

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 20:18:41 GMT
via
1.1 google
server
Apache-Coyote/1.1
content-encoding
gzip
p3p
CP="CAO PSA OUR"
status
200
x-iinfo
3-2703702-2703703 NNYN CT(2 3 0) RT(1588364320747 0) q(0 0 0 0) r(2 2) U5
content-type
text/javascript;charset=ISO-8859-1
alt-svc
clear
x-cdn
Incapsula
googletrack.js
cdn.clareitysecurity.net/sys/alberta/
651 B
2 KB
Script
General
Full URL
https://cdn.clareitysecurity.net/sys/alberta/googletrack.js
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
00f973f96f9fcebd037f59485a24ac1f3f073d0fb20879ddf445265c7ef77d87

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
6-86872248-86872317 NNNN CT(4 7 0) RT(1588171804459 191) q(0 0 0 8) r(1 1) U5, 2-2595197-2595200 NNNN CT(26 89 0) RT(1588364320703 52) q(0 0 1 0) r(2 2) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:27:48 GMT
Server
NetDNA-cache/2.2
ETag
W/"651-1568914068000"
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/sys/alberta/googletrack.js>; rel="canonical"
Office-365.jpg
www.novosco.com/images/easyblog_articles/37/
58 KB
58 KB
Image
General
Full URL
https://www.novosco.com/images/easyblog_articles/37/Office-365.jpg
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.67.45.137 , Netherlands, ASN201682 (LIQUID-WEB-BV, NL),
Reverse DNS
uranus.mspcloudhost.com
Software
Apache /
Resource Hash
64907bac65b3d6080557dbc26e2cc1ec94433cce8a4b7ad63dcf7ba4b959f948
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 04 Apr 2019 14:55:00 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=1000
Content-Length
59082
Expires
Sun, 31 May 2020 20:18:41 GMT
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/sys/alberta/googletrack.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6006
date
Fri, 01 May 2020 18:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18174
expires
Fri, 01 May 2020 20:38:35 GMT
server.jsp
primeurbanre.com/idp/ Frame 8A58
315 B
515 B
Document
General
Full URL
https://primeurbanre.com/idp/server.jsp
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
181.214.133.72 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS
vm7.timeaspire.com
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Host
primeurbanre.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://primeurbanre.com/Login/Login.htm
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://primeurbanre.com/Login/Login.htm

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Server
Apache
Content-Length
315
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
paragon-login-background.png
cdn.clareitysecurity.net/sys/alberta/
860 KB
862 KB
Image
General
Full URL
https://cdn.clareitysecurity.net/sys/alberta/paragon-login-background.png
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
17cecc18ee875908251a0ab107cc1ec9dd5fe73af2b759caa69316f5793c85b9

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
3-95151372-95151443 NNNY CT(0 0 0) RT(1588171804658 189) q(0 0 0 1) r(1 1) U5, 8-2114602-2114606 SNNN RT(1588364320703 330) q(0 0 0 -1) r(0 0) U5
Connection
keep-alive
Alt-Svc
clear
Content-Length
881145
Last-Modified
Thu, 19 Sep 2019 17:27:48 GMT
Server
NetDNA-cache/2.2
ETag
W/"881145-1568914068000"
Content-Type
image/png
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Link
<https://cdn.clareity.net/sys/alberta/paragon-login-background.png>; rel="canonical"
paragon-login-bg.png
cdn.clareitysecurity.net/sys/alberta/
395 KB
396 KB
Image
General
Full URL
https://cdn.clareitysecurity.net/sys/alberta/paragon-login-bg.png
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
1dcab816ca5ee2317f01c1822391bcf8d8f9fdfaa3e5d776592d6c3ce6e559af

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
10-115849143-115849217 NNNY CT(0 0 0) RT(1588171805001 206) q(0 0 0 8) r(1 1) U5, 2-2595197-2595200 SNNN RT(1588364320703 324) q(0 0 0 -1) r(0 0) U5
Connection
keep-alive
Alt-Svc
clear
Content-Length
404857
Last-Modified
Thu, 19 Sep 2019 17:27:48 GMT
Server
NetDNA-cache/2.2
ETag
W/"404857-1568914068000"
Content-Type
image/png
Access-Control-Allow-Origin
*
Accept-Ranges
bytes
Link
<https://cdn.clareity.net/sys/alberta/paragon-login-bg.png>; rel="canonical"
jquery-ui.min.js
cdn.clareitysecurity.net/js/
86 KB
30 KB
Script
General
Full URL
https://cdn.clareitysecurity.net/js/jquery-ui.min.js?_=1588364321724
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
15cc6fc3f739fa8573e2785f1f6af0cff8cebd1118a4b4f11df63d0f51c3bb64

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
5-88289052-88289073 NNNY CT(0 0 0) RT(1588144129869 187) q(0 0 0 4) r(1 1) U5, 9-2437546-2437547 SNNN RT(1588364320703 337) q(0 0 0 -1) r(0 0) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:27:48 GMT
Server
NetDNA-cache/2.2
ETag
W/"87902-1568914068000"
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/js/jquery-ui.min.js>; rel="canonical"
jquery-ui.min.css
cdn.clareitysecurity.net/css/
30 KB
9 KB
Stylesheet
General
Full URL
https://cdn.clareitysecurity.net/css/jquery-ui.min.css
Requested by
Host: cdn.clareitysecurity.net
URL: https://cdn.clareitysecurity.net/js/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.52 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
5265f71403a318cdbeb0c4ec01dbba2f00fbc8f046b0a79e40e8abe675b398ce

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 01 May 2020 20:18:41 GMT
Via
1.1 google
X-CDN
Incapsula, Incapsula
Transfer-Encoding
chunked
X-Cache
HIT
P3P
CP="CAO PSA OUR"
X-Iinfo
12-48777033-48777079 NNNY CT(0 0 0) RT(1588149568388 299) q(0 0 0 0) r(3 3) U5, 7-1839839-1839843 SNNN RT(1588364320703 352) q(0 0 0 -1) r(0 0) U5
Connection
keep-alive
Content-Encoding
gzip
Alt-Svc
clear
Last-Modified
Thu, 19 Sep 2019 17:26:18 GMT
Server
NetDNA-cache/2.2
ETag
W/"30585-1568913978000"
Content-Type
text/css
Access-Control-Allow-Origin
*
Link
<https://cdn.clareity.net/css/jquery-ui.min.css>; rel="canonical"
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=730329305&t=pageview&_s=1&dl=https%3A%2F%2Fprimeurbanre.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=16...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=1904458374.1588364322&jid=169347123&_gid=916369777.1588364322&gjid=1068265020&_v=j81&z=464900046
35 B
102 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=1904458374.1588364322&jid=169347123&_gid=916369777.1588364322&gjid=1068265020&_v=j81&z=464900046
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 01 May 2020 20:18:41 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 01 May 2020 20:18:41 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=1904458374.1588364322&jid=169347123&_gid=916369777.1588364322&gjid=1068265020&_v=j81&z=464900046
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
417
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/r/
35 B
104 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=730329305&t=pageview&_s=1&dl=https%3A%2F%2Fprimeurbanre.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUAB~&jid=1363687369&gjid=552100252&cid=1904458374.1588364322&tid=UA-39826640-43&_gid=916369777.1588364322&_r=1&z=1505941312
Requested by
Host: primeurbanre.com
URL: https://primeurbanre.com/Login/Login.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 01 May 2020 20:18:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
103 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=730329305&t=event&_s=2&dl=https%3A%2F%2Fprimeurbanre.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Collector%20Script&ea=Failed&_u=aEDAAUAB~&jid=&gjid=&cid=1904458374.1588364322&tid=UA-45101381-2&_gid=916369777.1588364322&z=1488044348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 28 Mar 2020 09:59:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2974744
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
97 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=730329305&t=event&_s=3&dl=https%3A%2F%2Fprimeurbanre.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=KD%20Script&ea=Loaded&el=madKD2.2.min.js&_u=aEDAAUAB~&jid=&gjid=&cid=1904458374.1588364322&tid=UA-45101381-2&_gid=916369777.1588364322&z=2044248122
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://primeurbanre.com/Login/Login.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 28 Mar 2020 09:59:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2974744
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
02324fbade97fbc223834e6afa838dc1e01185bd0393f8e26e084834b512ae69

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery string| url boolean| isOnQA boolean| alertMe undefined| debugit boolean| ie8 function| isIE string| requiredKd string| idpurl string| cdnUrl string| jQueryUiUrl string| jQueryUiCssUrl string| ie8CssUrl string| inputs string| pleasewait string| loginTypeVal string| loginTypeMsg string| failureMsgId string| failMsg string| logincssMsg string| logoMsg string| loginbtnMsg string| loginXkdMsg string| loginformMsg string| warnalert number| keyedChars boolean| isChrome object| loginXkdId string| loginXkdUrl undefined| oldbrowserWarnData undefined| oldbrowserUrlData undefined| setFocus undefined| inputAutoData undefined| disablePageData undefined| backSpaceClearData undefined| savePwdData undefined| fakeSafariPwdData undefined| fakeChromePwdData undefined| fontIconsData undefined| redirectUrlData undefined| idpTimeoutData undefined| secondsLeftData undefined| sessionWarnData undefined| loadingData undefined| collectorIcon undefined| kdIconData boolean| oldie function| cdnCheck string| googleTrackMsg string| googleJsUrlMsg string| googleJsUrlCdnMsg string| mlsgooglecode boolean| trackit function| googleCheck string| forgotPwdUrlMsg string| changePwdUrlMsg function| passLinks string| setFocusMsg object| usernameInput function| setInputFocus string| inputAutoMsg boolean| autocomp function| autoComplete string| disablePageMsg string| disablePageDiv boolean| disablepage string| backSpaceClearMsg boolean| backspace function| backspaceClear string| savePwdMsg boolean| savepassword string| fakeSafariPwdMsg boolean| fakepwdadded boolean| fakepwd function| fakeSafariPwd string| fakeChromePwdMsg function| fakeChromePwd string| fontIconsUrl string| fontIconsMsg boolean| fontawesome function| iconsFonts string| redirectUrl string| redirectUrlMsg number| idpTimeout string| idpTimeoutMsg number| secondsLeft string| secondsLeftMsg string| sessionWarnMsg boolean| sessionWarnMe string| sessionDialogHtml function| sessionPop function| runSessionDialog object| assocDropdownId object| assocDropdownRememberJsId undefined| assocDropdownRememberJsUrl string| assocDropdownRememberJsMsg string| assocDropdownMsg string| assocDropdownCookieMsg boolean| assocDrop object| assocDropdownCookie function| checkDropDown function| setDropDown function| saveDropdown function| inputCheck object| loadingId string| loadingMsg object| loginFormId string| loginFormMsg function| showInputs string| checkBootStrapMsg boolean| useboostrap function| checkBootStrap string| ssoTypeMsg function| ssoType function| basicLogin function| doLogin function| keyPress function| submitLoginForm object| collectIframe string| collectorMsg string| collectorIconMsg boolean| collectorchecker function| checkCollector function| collecterSet boolean| docollect function| collectObjectCheck object| kdCollecterId string| kdCollecterMsg string| kdIconMsg boolean| didkdload function| loginKd string| qaDialogHtml function| runQaDialog function| qaDialog boolean| fakechromepwdadded boolean| fakechromepwd function| initCallback_3xkd function| validCallback_3xkd function| kdFailed_3xkd object| CLAREITY object| _0x6bf2 function| CLAREITY_KD function| madKD_getVersion function| xkd object| _0xb3d3 object| b64 string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.primeurbanre.com/ Name: _gat_newTracker
Value: 1
.primeurbanre.com/ Name: _gat
Value: 1
.primeurbanre.com/ Name: _gid
Value: GA1.2.916369777.1588364322
.primeurbanre.com/ Name: _ga
Value: GA1.2.1904458374.1588364322