www.kjbolig.dk Open in urlscan Pro
194.150.113.90 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud?rem=kundensystematik@bundesbank.de
Effective URL:
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=...
Submission: On November 25 via manual (November 25th 2019, 11:47:23 am UTC) from DE

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 194.150.113.90, located in Moldrup, Denmark and belongs to ZITCOM, DK. The main domain is www.kjbolig.dk.

This is the only time www.kjbolig.dk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
4 8	194.150.113.90 194.150.113.90	48854 (ZITCOM) (ZITCOM)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
7	4

8 194.150.113.90 (Moldrup, Denmark) 4 redirects

ASN48854 (ZITCOM, DK)
PTR: nixweb06.dandomain.dk

www.kjbolig.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	kjbolig.dk 4 redirects www.kjbolig.dk	533 KB
1	gstatic.com fonts.gstatic.com	13 KB
1	googleapis.com fonts.googleapis.com	451 B
0	Failed function sub() { [native code] }. Failed
7	4

	Domain	Requested by
8	www.kjbolig.dk	4 redirects www.kjbolig.dk
1	fonts.gstatic.com	www.kjbolig.dk
1	fonts.googleapis.com	www.kjbolig.dk
0	favicon.ico Failed	www.kjbolig.dk
7	4

This site contains no links.

Subject Issuer	Validity	Valid
*.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Frame ID: 3B9A73AABE0A383D886F90EF7AA0DA64
Requests: 11 HTTP requests in this frame

Frame: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=c&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&a=0&m=
Frame ID: 3F3134054C930F2A7C6539B089B144D9
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud?rem=kundensystematik@bundesban... HTTP 301
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/?rem=kundensystematik@bundesba... HTTP 302
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864?pg=a&rem=kunde... HTTP 301
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/?pg=a&rem=kund... HTTP 302
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te... Page URL
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

29 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

586 kB
Transfer

1395 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud?rem=kundensystematik@bundesbank.de HTTP 301
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/?rem=kundensystematik@bundesbank.de HTTP 302
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864?pg=a&rem=kundensystematik@bundesbank.de&sessionid=WAKJRuenvktmqXszLHQriB=rRoqJVC8F9BMleDvsUtN0YdwAnTgOahjuzPpx524ZiW7XGSc=&r= HTTP 301
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/?pg=a&rem=kundensystematik@bundesbank.de&sessionid=WAKJRuenvktmqXszLHQriB=rRoqJVC8F9BMleDvsUtN0YdwAnTgOahjuzPpx524ZiW7XGSc=&r= HTTP 302
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b= Page URL
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud?rem=kundensystematik@bundesbank.de HTTP 301
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/?rem=kundensystematik@bundesbank.de HTTP 302
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864?pg=a&rem=kundensystematik@bundesbank.de&sessionid=WAKJRuenvktmqXszLHQriB=rRoqJVC8F9BMleDvsUtN0YdwAnTgOahjuzPpx524ZiW7XGSc=&r= HTTP 301
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/?pg=a&rem=kundensystematik@bundesbank.de&sessionid=WAKJRuenvktmqXszLHQriB=rRoqJVC8F9BMleDvsUtN0YdwAnTgOahjuzPpx524ZiW7XGSc=&r= HTTP 302
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=

7 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

ymj64jbamx21te5lsd9damx7ra.php Show response
www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/
Redirect Chain

http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud?rem=kundensystematik@bundesbank.de
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/?rem=kundensystematik@bundesbank.de
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864?pg=a&rem=kundensystematik@bundesbank.de&sessionid=WAKJRuenvktmqXszLHQriB=rRoqJVC8F9BMleDvsUtN0YdwAnTgOahjuzPpx524...
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/?pg=a&rem=kundensystematik@bundesbank.de&sessionid=WAKJRuenvktmqXszLHQriB=rRoqJVC8F9BMleDvsUtN0YdwAnTgOahjuzPpx52...
http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y...

509 KB
340 KB

353ms
353ms

Document
text/html

194.150.113.90
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=
Protocol: HTTP/1.1
Server: 194.150.113.90 Moldrup, Denmark, ASN48854 (ZITCOM, DK),
Reverse DNS: nixweb06.dandomain.dk
Software: Apache / PHP/5.3.10-1ubuntu3.26
Resource Hash: 65bf505f283434b582c47809727f1575930e98e5e1f0e2254dfd402e5ffe586b

Request headers

Host: www.kjbolig.dk
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 Nov 2019 11:47:06 GMT
Server: Apache
X-Powered-By: PHP/5.3.10-1ubuntu3.26
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=1, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

Redirect headers

Date: Mon, 25 Nov 2019 11:47:06 GMT
Server: Apache
X-Powered-By: PHP/5.3.10-1ubuntu3.26
Location: ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Keep-Alive: timeout=1, max=97
Connection: Keep-Alive
Content-Type: text/html

GET
H2 200 css
fonts.googleapis.com/ 783 B
451 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway

Requested by

Host: www.kjbolig.dk
URL: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

3147026ff99804131affcb3cadbdfd49c0a07583682aefcc1198f57e2614d5b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 25 Nov 2019 11:47:07 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 25 Nov 2019 11:47:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 25 Nov 2019 11:47:07 GMT

GET
DATA 200
OK truncated
/ 380 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93480ff073d2be70226222836850f5e26b10e30d203b5a7f2be249a2b89a7de4

Request headers

Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/css

GET
DATA 200
OK truncated
/ 474 B
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6fc3d1520a00be1c8c8cb060a85bdb76f8daa6596e58d2b2a977ea67bb0a886

Request headers

Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/css

GET
DATA 200
OK truncated Show response
/ 280 B
0 Script
application/x-javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92fd40762d767ac7711c39b19506d470d901d31c8ac193499b3b673ec1261396

Request headers

Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: application/x-javascript

GET
DATA 200
OK truncated
/ 244 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae3ca3cd183c8dfe9acdf92751d544555cb50b5e2f3adfdd57edb1ba9a6250a4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 40 KB
40 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0820a01e8be18589121c87e194a0f23f631ad9da45637c4719d218f5d124bf5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: http://www.kjbolig.dk

Response headers

Content-Type: application/octet-stream

GET
H2 200 1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v14/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v14/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Raleway
Origin: http://www.kjbolig.dk

Response headers

date: Wed, 20 Nov 2019 23:39:44 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:48:04 GMT
server: sffe
age: 389243
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13428
x-xss-protection: 0
expires: Thu, 19 Nov 2020 23:39:44 GMT

GET
H/1.1 200
OK Primary Request ymj64jbamx21te5lsd9damx7ra.php Show response
www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ 2 KB
2 KB 391ms
365ms Document
text/html 194.150.113.90
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Protocol: HTTP/1.1
Server: 194.150.113.90 Moldrup, Denmark, ASN48854 (ZITCOM, DK),
Reverse DNS: nixweb06.dandomain.dk
Software: Apache / PHP/5.3.10-1ubuntu3.26
Resource Hash: 53e8d5a7d9adbdccbd55e880525fdf13fe48b9ae127e1565745a6fa2a8048c36

Request headers

Host: www.kjbolig.dk
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=a&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&sessionid=BufX9ZSPaolgtcRTkr2A3y=&Country=_ue7WJTINOlK5opVZqcBHXaiFM9v1xDnRrdsm8bhw6gjEAQz0=&r=&b=

Response headers

Date: Mon, 25 Nov 2019 11:47:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.10-1ubuntu3.26
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1311
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
DATA 200
OK truncated
/ 1 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: edecc97d12f824eeb7bd13ef2e4cf551c3139f79a63504a7cd0dfc3e5333badc

Request headers

Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/css

GET
H/1.1 200
OK ymj64jbamx21te5lsd9damx7ra.php Show response
www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ Frame 3F31 10 KB
5 KB 353ms
352ms Document
text/html 194.150.113.90
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=c&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&a=0&m=
Requested by: Host: www.kjbolig.dk
URL: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Protocol: HTTP/1.1
Server: 194.150.113.90 Moldrup, Denmark, ASN48854 (ZITCOM, DK),
Reverse DNS: nixweb06.dandomain.dk
Software: Apache / PHP/5.3.10-1ubuntu3.26
Resource Hash: 238d74f52c3b19c0df936efdbf85da402500b44db7651da90a949f753655d89d

Request headers

Host: www.kjbolig.dk
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc

Response headers

Date: Mon, 25 Nov 2019 11:47:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.10-1ubuntu3.26
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4347
Keep-Alive: timeout=1, max=99
Connection: Keep-Alive
Content-Type: text/html
X-Pad: avoid browser bug

GET
H/1.1 200
OK bg.jpg
www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/serv/mode/ 185 KB
186 KB 52ms
27ms Image
image/jpeg 194.150.113.90
ZITCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/serv/mode/bg.jpg
Requested by: Host: www.kjbolig.dk
URL: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
Protocol: HTTP/1.1
Server: 194.150.113.90 Moldrup, Denmark, ASN48854 (ZITCOM, DK),
Reverse DNS: nixweb06.dandomain.dk
Software: Apache /
Resource Hash: baa0ab5394bd362caba2a85b0d7c713ba60f58824aea1b080a2d790752812c01

Request headers

Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=b&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&guce_referrer=aHR0cHM6Ly&m=&9sb2dpbi55YWhvby5jb20v&guce_referrer_sig=AQAAABA99NmGR9iNQOyU5mI3ASjQfYjcPATD_A8modgjxpNXYNmo8n5zxdi8EZV7GFYPzoSc_RpMz0hYfdCk0OLmxnMB6tpfZnd5ENc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 25 Nov 2019 11:47:11 GMT
Last-Modified: Mon, 25 Nov 2019 11:47:06 GMT
Server: Apache
ETag: "494357d-2e5c9-5982a52a2c280"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Content-Length: 189897

GET /
favicon.ico/ Frame 3F31 0
0

GET
DATA 200
OK truncated Show response
/ Frame 3F31 6 KB
0 Script
application/x-javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1bcbd711541fce74fc4c58fce450956c507db9e1e9d83af8f13ed448e114f9a0

Request headers

Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=c&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&a=0&m=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: application/x-javascript

GET
DATA 200
OK truncated
/ Frame 3F31 2 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ed1e994bade292287d68f312066b6e6369244e751aa07d2d61ea9fc2ecffe06

Request headers

Referer: http://www.kjbolig.dk/components/com_jce/editor/libraries/img/cloud/xrp/user-611864/ymj64jbamx21te5lsd9damx7ra.php?pg=c&rem=a3VuZGVuc3lzdGVtYXRpa0BidW5kZXNiYW5rLmRl&a=0&m=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/css

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: favicon.ico
URL: http://favicon.ico/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

favicon.ico
fonts.googleapis.com
fonts.gstatic.com
www.kjbolig.dk
favicon.ico
194.150.113.90
2a00:1450:4001:81f::2003
2a00:1450:4001:820::200a
1bcbd711541fce74fc4c58fce450956c507db9e1e9d83af8f13ed448e114f9a0
238d74f52c3b19c0df936efdbf85da402500b44db7651da90a949f753655d89d
3147026ff99804131affcb3cadbdfd49c0a07583682aefcc1198f57e2614d5b0
53e8d5a7d9adbdccbd55e880525fdf13fe48b9ae127e1565745a6fa2a8048c36
65bf505f283434b582c47809727f1575930e98e5e1f0e2254dfd402e5ffe586b
7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082
92fd40762d767ac7711c39b19506d470d901d31c8ac193499b3b673ec1261396
93480ff073d2be70226222836850f5e26b10e30d203b5a7f2be249a2b89a7de4
9ed1e994bade292287d68f312066b6e6369244e751aa07d2d61ea9fc2ecffe06
ae3ca3cd183c8dfe9acdf92751d544555cb50b5e2f3adfdd57edb1ba9a6250a4
baa0ab5394bd362caba2a85b0d7c713ba60f58824aea1b080a2d790752812c01
d6fc3d1520a00be1c8c8cb060a85bdb76f8daa6596e58d2b2a977ea67bb0a886
e0820a01e8be18589121c87e194a0f23f631ad9da45637c4719d218f5d124bf5
edecc97d12f824eeb7bd13ef2e4cf551c3139f79a63504a7cd0dfc3e5333badc

www.kjbolig.dk Open in urlscan Pro 194.150.113.90 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

29 %HTTPS

67 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

586 kBTransfer

1395 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

www.kjbolig.dk Open in urlscan Pro
194.150.113.90 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

29 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

586 kB
Transfer

1395 kB
Size

0
Cookies

7 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!