ytarerstion.info Open in urlscan Pro
18.194.28.187 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ytarerstion.info/
Effective URL:
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat...
Submission: On February 03 via manual (February 3rd 2020, 1:39:56 pm UTC) from CA

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 18.194.28.187, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is ytarerstion.info.

This is the only time ytarerstion.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) DK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
2 11	18.194.28.187 18.194.28.187	16509 (AMAZON-02) (AMAZON-02)
3	147.29.150.71 147.29.150.71	3292 (TDC TDC A/S) (TDC TDC A/S)
1	95.100.68.245 95.100.68.245	16625 (AKAMAI-AS) (AKAMAI-AS)
13	4

11 18.194.28.187 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com

ytarerstion.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.29.150.71 (Denmark)

ASN3292 (TDC TDC A/S, DK)
PTR: www.tastselv.skat.dk

www.tastselv.skat.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.68.245 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-68-245.deploy.static.akamaitechnologies.com

applet.danid.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	ytarerstion.info 2 redirects ytarerstion.info	56 KB
3	skat.dk www.tastselv.skat.dk	51 KB
1	danid.dk applet.danid.dk	460 B
13	3

	Domain	Requested by
11	ytarerstion.info	2 redirects ytarerstion.info
3	www.tastselv.skat.dk	ytarerstion.info
1	applet.danid.dk	ytarerstion.info
13	3

This site contains no links.

Subject Issuer	Validity	Valid
www.tastselv.skat.dk GlobalSign Extended Validation CA - SHA256 - G3	`2019-10-23` - `2021-12-21`	2 years	crt.sh
applet.danid.dk GlobalSign Organization Validation CA - SHA256 - G2	`2017-05-16` - `2020-07-06`	3 years	crt.sh

This page contains 2 frames:

Primary Page: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Frame ID: 927F82449C649B6CF427370070F98AAA
Requests: 9 HTTP requests in this frame

Frame: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/login.php
Frame ID: 0BAA86EEE6CB27A1E3A3CBA64ECB3972
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://ytarerstion.info/ HTTP 302
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285 HTTP 301
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Page URL
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=ht... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

31 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

106 kB
Transfer

106 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ytarerstion.info/ HTTP 302
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285 HTTP 301
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Page URL
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://ytarerstion.info/ HTTP 302
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285 HTTP 301
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/
Redirect Chain

http://ytarerstion.info/
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/

203 B
519 B

66ms
65ms

Document
text/html

18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 7d2f170da8ff8e3b8cdcaa9967f86af52b22389d21157489bbdb19f57b30fc87

Request headers

Host: ytarerstion.info
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=7cdbcf54d9533109dcd5b9bf61b1a0e7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Mon, 03 Feb 2020 13:39:39 GMT
Server: Apache
Location: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/
Content-Length: 272
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Primary Request update.php Show response
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ 5 KB
5 KB 39ms
39ms Document
text/html 18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 3c1a9c4452bf00b9311bd8d8e49984b84d37242da012e5852fa7d967f22f6e4e

Request headers

Host: ytarerstion.info
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=7cdbcf54d9533109dcd5b9bf61b1a0e7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/

Response headers

Date: Mon, 03 Feb 2020 13:39:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK TastSelvMain.css
www.tastselv.skat.dk/sktscommon-2.1.4-NyIdentitet/Styles/ 45 KB
46 KB 371ms
43ms Stylesheet
text/css 147.29.150.71
TDC TDC A/S

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tastselv.skat.dk/sktscommon-2.1.4-NyIdentitet/Styles/TastSelvMain.css

Requested by

Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

147.29.150.71 , Denmark, ASN3292 (TDC TDC A/S, DK),

Reverse DNS

www.tastselv.skat.dk

Software

Resource Hash

f90ce75c3b731ff1ccb8f9adb1fee1b6591ad649fb25ceb2f9e0ffdb12c41392

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:40 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 27 Jun 2018 17:03:19 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
ETag: "262dc69-b4bb-56fa29771b260"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Accept-Ranges: bytes
X-MIGRATED: 1
Keep-Alive: timeout=5, max=200
Content-Length: 46267
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK default.css
www.tastselv.skat.dk/borger/rykkerskriv/styles/ 176 B
708 B 372ms
44ms Stylesheet
text/css 147.29.150.71
TDC TDC A/S

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tastselv.skat.dk/borger/rykkerskriv/styles/default.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

147.29.150.71 , Denmark, ASN3292 (TDC TDC A/S, DK),

Reverse DNS

www.tastselv.skat.dk

Software

Resource Hash

b594e9867a406ae3d85a1322744f4d29b6aeee50f6d33035e65f30381f689d45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:40 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 03 Jul 2018 04:29:46 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
ETag: "26886a3-b0-57010c392d436"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Accept-Ranges: bytes
X-MIGRATED: 1
Keep-Alive: timeout=5, max=200
Content-Length: 176
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK screen.css
ytarerstion.info/files/v/ 3 KB
3 KB 22ms
20ms Stylesheet
text/css 18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/files/v/screen.css
Requested by: Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 48bbdf7d8aaebaca04f421b21404d5318304481bbaa2b61aeb2eb6df7600c62e

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:39 GMT
Last-Modified: Wed, 11 May 2016 12:39:46 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2790

GET
H/1.1 200
OK gh-buttons.css
ytarerstion.info/files/v/ 13 KB
13 KB 24ms
20ms Stylesheet
text/css 18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/files/v/gh-buttons.css
Requested by: Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 3057d5dbf85fe03d0a170420553290fc044358e77ba4a88df2b3af48ff19515a

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:39 GMT
Last-Modified: Wed, 11 May 2016 12:39:46 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 12948

GET
H/1.1 200
OK v.js Show response
ytarerstion.info/files/js/ 12 KB
12 KB 41ms
29ms Script
application/javascript 18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/files/js/v.js
Requested by: Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 344ce7ae9a0179e949d1daf2b1811828294ec092ebdd622a7d8f2f379e801823

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:39 GMT
Last-Modified: Tue, 14 Jun 2016 09:22:34 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 12315

GET
H/1.1 200
OK v.js Show response
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ 12 KB
12 KB 41ms
29ms Script
application/javascript 18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/v.js
Requested by: Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 0cca8e3229f9e7d6f463ae4339a87dc393694106fbf1cc65e0bbc0ae9ba5d9a1

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:39 GMT
Last-Modified: Mon, 03 Feb 2020 13:39:39 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 11909

GET
H/1.1 200
OK load.php Show response
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Frame 0BAA 8 KB
9 KB 40ms
39ms Document
text/html 18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/load.php
Requested by: Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: adc5ffabc3a934863f9555aeb5e5ecb22120e39947b5bf3773c393884b2c302e

Request headers

Host: ytarerstion.info
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=7cdbcf54d9533109dcd5b9bf61b1a0e7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX

Response headers

Date: Mon, 03 Feb 2020 13:39:40 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK skatdk-logo-white-full.svg
www.tastselv.skat.dk/sktscommon-2.1.4-NyIdentitet/Images/ 4 KB
4 KB 42ms
42ms Image
image/svg+xml 147.29.150.71
TDC TDC A/S

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tastselv.skat.dk/sktscommon-2.1.4-NyIdentitet/Images/skatdk-logo-white-full.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

147.29.150.71 , Denmark, ASN3292 (TDC TDC A/S, DK),

Reverse DNS

www.tastselv.skat.dk

Software

Resource Hash

b801c61fd99dd33f20a43ebc3f2107791205919654e474e30aa86fd420a658a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.tastselv.skat.dk/sktscommon-2.1.4-NyIdentitet/Styles/TastSelvMain.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:40 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 27 Jun 2018 17:03:19 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
ETag: "26a0ee0-f78-56fa2976f2dd8"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Accept-Ranges: bytes
X-MIGRATED: 1
Keep-Alive: timeout=5, max=199
Content-Length: 3960
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found nemid.css
ytarerstion.info/resources/ Frame 0BAA 0
0 21ms
20ms Stylesheet
text/html 18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/resources/nemid.css
Requested by: Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/load.php
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/load.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Mon, 03 Feb 2020 13:39:40 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK KAAAAHQNMRk05BzMTZf-hNssOTCM8QhgKsvMh9DZUqgt1Qz_tnP0bLyCB0ZVX43tTf9sdlkh Show response
applet.danid.dk/init/ Frame 0BAA 116 B
460 B 232ms
137ms Script
application/javascript 95.100.68.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://applet.danid.dk/init/KAAAAHQNMRk05BzMTZf-hNssOTCM8QhgKsvMh9DZUqgt1Qz_tnP0bLyCB0ZVX43tTf9sdlkh
Requested by: Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/load.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.68.245 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-68-245.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a8043c4b72e80ddd872f7086367d30622f7d62b5b862d97180f897bb190b4af6

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/load.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 03 Feb 2020 13:39:40 GMT
Last-Modified: Mon, 03 Feb 2020 13:39:40 GMT
Vary: *
Content-Language: en-US
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Content-Length: 116
Expires: Fri, 01 Jan 2010 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 0BAA 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ceb3546bf17ea471197d321e4bb1b474d58b62d25f3e0978c33a31e05f748870

Request headers

Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/load.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK Cookie set login.php Show response
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Frame 0BAA 74 B
455 B 40ms
40ms Document
text/html 18.194.28.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/login.php
Requested by: Host: ytarerstion.info
URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Protocol: HTTP/1.1
Server: 18.194.28.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: dad77b4e03da0b316a68760e47d7fa73d38b6aee78c004fbf5cb41b5a5d83ebf

Request headers

Host: ytarerstion.info
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/load.php
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/load.php

Response headers

Date: Mon, 03 Feb 2020 13:39:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=e9491b4af18946ea510bd2ee6a6c6837; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) DK Government (Government)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ytarerstion.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7cdbcf54d9533109dcd5b9bf61b1a0e7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

applet.danid.dk
www.tastselv.skat.dk
ytarerstion.info
147.29.150.71
18.194.28.187
95.100.68.245
0cca8e3229f9e7d6f463ae4339a87dc393694106fbf1cc65e0bbc0ae9ba5d9a1
3057d5dbf85fe03d0a170420553290fc044358e77ba4a88df2b3af48ff19515a
344ce7ae9a0179e949d1daf2b1811828294ec092ebdd622a7d8f2f379e801823
3c1a9c4452bf00b9311bd8d8e49984b84d37242da012e5852fa7d967f22f6e4e
48bbdf7d8aaebaca04f421b21404d5318304481bbaa2b61aeb2eb6df7600c62e
7d2f170da8ff8e3b8cdcaa9967f86af52b22389d21157489bbdb19f57b30fc87
a8043c4b72e80ddd872f7086367d30622f7d62b5b862d97180f897bb190b4af6
adc5ffabc3a934863f9555aeb5e5ecb22120e39947b5bf3773c393884b2c302e
b594e9867a406ae3d85a1322744f4d29b6aeee50f6d33035e65f30381f689d45
b801c61fd99dd33f20a43ebc3f2107791205919654e474e30aa86fd420a658a2
ceb3546bf17ea471197d321e4bb1b474d58b62d25f3e0978c33a31e05f748870
dad77b4e03da0b316a68760e47d7fa73d38b6aee78c004fbf5cb41b5a5d83ebf
f90ce75c3b731ff1ccb8f9adb1fee1b6591ad649fb25ceb2f9e0ffdb12c41392

ytarerstion.info Open in urlscan Pro 18.194.28.187 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

31 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

106 kBTransfer

106 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

Indicators

ytarerstion.info Open in urlscan Pro
18.194.28.187 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

31 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

106 kB
Transfer

106 kB
Size

1
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!