ytarerstion.info
Open in
urlscan Pro
18.194.28.187
Malicious Activity!
Public Scan
Effective URL: http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat...
Submission: On February 03 via manual from CA
Summary
This is the only time ytarerstion.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) DK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 11 | 18.194.28.187 18.194.28.187 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 147.29.150.71 147.29.150.71 | 3292 (TDC TDC A/S) (TDC TDC A/S) | |
1 | 95.100.68.245 95.100.68.245 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
13 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-28-187.eu-central-1.compute.amazonaws.com
ytarerstion.info |
ASN16625 (AKAMAI-AS, US)
PTR: a95-100-68-245.deploy.static.akamaitechnologies.com
applet.danid.dk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
ytarerstion.info
2 redirects
ytarerstion.info |
56 KB |
3 |
skat.dk
www.tastselv.skat.dk |
51 KB |
1 |
danid.dk
applet.danid.dk |
460 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
11 | ytarerstion.info |
2 redirects
ytarerstion.info
|
3 | www.tastselv.skat.dk |
ytarerstion.info
|
1 | applet.danid.dk |
ytarerstion.info
|
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.tastselv.skat.dk GlobalSign Extended Validation CA - SHA256 - G3 |
2019-10-23 - 2021-12-21 |
2 years | crt.sh |
applet.danid.dk GlobalSign Organization Validation CA - SHA256 - G2 |
2017-05-16 - 2020-07-06 |
3 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX
Frame ID: 927F82449C649B6CF427370070F98AAA
Requests: 9 HTTP requests in this frame
Frame:
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/login.php
Frame ID: 0BAA86EEE6CB27A1E3A3CBA64ECB3972
Requests: 5 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://ytarerstion.info/
HTTP 302
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285 HTTP 301
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Page URL
- http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=ht... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ytarerstion.info/
HTTP 302
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285 HTTP 301
http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Page URL
- http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/update.php?locale=da-dk&returnURL=https%3A%2F%2Fwww.skat.dk%2Fdk-da%2F%23log_paa_selvbetjening%3Fid%3D6338&dk_ID=BqRfftVhRouPxEWRufwqQBZxaheLEQgBWTwniRTIX Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ytarerstion.info/ HTTP 302
- http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285 HTTP 301
- http://ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Redirect Chain
|
203 B 519 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
update.php
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TastSelvMain.css
www.tastselv.skat.dk/sktscommon-2.1.4-NyIdentitet/Styles/ |
45 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.css
www.tastselv.skat.dk/borger/rykkerskriv/styles/ |
176 B 708 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
screen.css
ytarerstion.info/files/v/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gh-buttons.css
ytarerstion.info/files/v/ |
13 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v.js
ytarerstion.info/files/js/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v.js
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
load.php
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Frame 0BAA |
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
skatdk-logo-white-full.svg
www.tastselv.skat.dk/sktscommon-2.1.4-NyIdentitet/Images/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nemid.css
ytarerstion.info/resources/ Frame 0BAA |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KAAAAHQNMRk05BzMTZf-hNssOTCM8QhgKsvMh9DZUqgt1Qz_tnP0bLyCB0ZVX43tTf9sdlkh
applet.danid.dk/init/ Frame 0BAA |
116 B 460 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 0BAA |
4 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
login.php
ytarerstion.info/prv/fef55bb80813925c57584dd1b6cd9a02285/ Frame 0BAA |
74 B 455 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) DK Government (Government)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| Validator function| set_addnl_vfunction function| clear_all_validations function| form_submit_handler function| add_validation function| ValidationDesc function| vdesc_validate function| ValidationSet function| add_validationdesc function| vset_validate function| validateEmailv2 function| mod10 function| V2validateData1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ytarerstion.info/ | Name: PHPSESSID Value: 7cdbcf54d9533109dcd5b9bf61b1a0e7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
applet.danid.dk
www.tastselv.skat.dk
ytarerstion.info
147.29.150.71
18.194.28.187
95.100.68.245
0cca8e3229f9e7d6f463ae4339a87dc393694106fbf1cc65e0bbc0ae9ba5d9a1
3057d5dbf85fe03d0a170420553290fc044358e77ba4a88df2b3af48ff19515a
344ce7ae9a0179e949d1daf2b1811828294ec092ebdd622a7d8f2f379e801823
3c1a9c4452bf00b9311bd8d8e49984b84d37242da012e5852fa7d967f22f6e4e
48bbdf7d8aaebaca04f421b21404d5318304481bbaa2b61aeb2eb6df7600c62e
7d2f170da8ff8e3b8cdcaa9967f86af52b22389d21157489bbdb19f57b30fc87
a8043c4b72e80ddd872f7086367d30622f7d62b5b862d97180f897bb190b4af6
adc5ffabc3a934863f9555aeb5e5ecb22120e39947b5bf3773c393884b2c302e
b594e9867a406ae3d85a1322744f4d29b6aeee50f6d33035e65f30381f689d45
b801c61fd99dd33f20a43ebc3f2107791205919654e474e30aa86fd420a658a2
ceb3546bf17ea471197d321e4bb1b474d58b62d25f3e0978c33a31e05f748870
dad77b4e03da0b316a68760e47d7fa73d38b6aee78c004fbf5cb41b5a5d83ebf
f90ce75c3b731ff1ccb8f9adb1fee1b6591ad649fb25ceb2f9e0ffdb12c41392