www.hmz.gov.me Open in urlscan Pro
195.66.163.23 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.hmz.gov.me/galerija/id.php
Submission: On September 18 via automatic, source openphish (September 18th 2017, 2:55:29 am UTC)

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 195.66.163.23, located in Podgorica, Montenegro and belongs to INTERNET-CG, ME. The main domain is www.hmz.gov.me.

This is the only time www.hmz.gov.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial) iTunes Connect (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	195.66.163.23 195.66.163.23	8585 (INTERNET-CG) (INTERNET-CG)
17	194.192.15.42 194.192.15.42	3292 (TDC TDC A/S) (TDC TDC A/S)
19	3

1 195.66.163.23 (Podgorica, Montenegro)

ASN8585 (INTERNET-CG, ME)
PTR: web.meteo.co.me

www.hmz.gov.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 194.192.15.42 (Denmark)

ASN3292 (TDC TDC A/S, DK)

lejlighedsudlejning.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	lejlighedsudlejning.dk lejlighedsudlejning.dk Failed	483 KB
1	hmz.gov.me www.hmz.gov.me	119 B
19	2

	Domain	Requested by
17	lejlighedsudlejning.dk	lejlighedsudlejning.dk
1	www.hmz.gov.me
19	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Frame: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/
Frame ID: 23703.1
Requests: 2 HTTP requests in this frame

Frame: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019
Frame ID: 23715.1
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

19
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

483 kB
Transfer

484 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/ HTTP 302
http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541 HTTP 301
http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/ HTTP 302
http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en HTTP 301
http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request id.php Show response www.hmz.gov.me/galerija/	114 B 119 B	864ms 37ms	Document text/html	195.66.163.23 INTERNET-CG
General Check archive.org Show headers Download Go to Full URL http://www.hmz.gov.me/galerija/id.php Protocol HTTP/1.1 Server 195.66.163.23 Podgorica, Montenegro, ASN8585 (INTERNET-CG, ME), Reverse DNS web.meteo.co.me Software Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.14 Resource Hash `6f08fd6e8b358aa8da5aee2068887e9c5199a2e1d7bbca1043e10dacceaed001` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:55:19 GMT Content-Encoding gzip Server Apache/2.4.7 (Ubuntu) X-Powered-By PHP/5.5.9-1ubuntu4.14 Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 119
GET		/ lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/ Redirect Chain http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/ http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541 http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/ http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/	0 0

GET H/1.1	200 OK	/ Show response lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/ Frame 2371	151 B 157 B	80ms 80ms	Document text/html	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/ Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / PHP/5.6.14 Resource Hash `fbae4ae2bc3733948c802905d6c8ed91f67e56cd02d613e197074a8492b26639` Request headers Upgrade-Insecure-Requests 1 Referer http://www.hmz.gov.me/galerija/id.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security Connection Keep-Alive X-Powered-By PHP/5.6.14 Transfer-Encoding chunked Keep-Alive timeout=5, max=96 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	rauth.php Show response lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/ Frame 2371	8 KB 8 KB	328ms 328ms	Document text/html	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / PHP/5.6.14 Resource Hash `bc569a5406e6163002bb1870f3f2579e61bba2cb37d4b7b0099ede8d73f8e058` Request headers Upgrade-Insecure-Requests 1 Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security Connection Keep-Alive X-Powered-By PHP/5.6.14 Transfer-Encoding chunked Keep-Alive timeout=5, max=95 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	khawarezmi.js Show response lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/ Frame 2371	10 KB 10 KB	38ms 38ms	Script application/javascript	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/khawarezmi.js Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `c1bd636bf0d8ff0d11412c550d36701feee023040877800e7358b61c02bba592` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"261e-5596d42e8b1ed" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 9758
GET H/1.1	200 OK	main.js Show response lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/css/js/ Frame 2371	200 KB 200 KB	39ms 39ms	Script application/javascript	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/css/js/main.js Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `24276c995e9820b9247e93effc2ec5c5d313a0ad2eae84e7aaf0cbe80e8fb25c` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"320df-5596d42e8a635" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 205023
GET H/1.1	200 OK	app.css lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/ Frame 2371	74 KB 74 KB	38ms 38ms	Stylesheet text/css	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/app.css Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `7ddeb0cf70753733881e5c166d9b7d188503233e7a0ae38f712fa69fc247f925` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"12753-5596d42e8b9bd" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 75603
GET H/1.1	200 OK	msl.png lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/ Frame 2371	6 KB 6 KB	38ms 38ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/msl.png Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `129a97f9b2716d52599ce5a4c20113b0302d6ebeb5d0ba81e1798afb8947e069` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"1740-5596d42e8b9bd" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 5952
GET H/1.1	200 OK	cvcv.PNG lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/ Frame 2371	18 KB 18 KB	38ms 37ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/cvcv.PNG Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `113e8d5a246248042c3b97272fd83fa7c3ac13c1797dbf7eec99e182748a3fd3` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"4753-5596d42e8b5d5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 18259
GET H/1.1	200 OK	mpd.png lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/ Frame 2371	1 KB 1 KB	40ms 40ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/mpd.png Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `d6868950b01b5f00db72ec565254552fabbd29fefb512710d4cae7a96bdb46af` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"4d2-5596d42e8bda5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 1234
GET H/1.1	200 OK	hrlp.PNG lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/ Frame 2371	20 KB 20 KB	41ms 40ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/hrlp.PNG Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `11289166d6bfe3b5f217f0d58fa896d37cb2049365da8a95a806e9f8bb9246c4` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"5089-5596d42e8b5d5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 20617
GET H/1.1	200 OK	cdf.PNG lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/ Frame 2371	24 KB 24 KB	81ms 44ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/cdf.PNG Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `b7d3cfed7386a6f8726ae09ea0015ecaffee2b5a27979af74ff7b126aff0bb25` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"60bd-5596d42e8b5d5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 24765
GET H/1.1	200 OK	space-120.png lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/ Frame 2371	1 KB 1 KB	78ms 41ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/space-120.png Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `8bf3752843f0bb445b2e9a0c0261df0e48d611a28d8896608352e871f9722fba` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"55c-5596d42e8bda5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1372
GET H/1.1	200 OK	dsds.png lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/ Frame 2371	19 KB 19 KB	81ms 41ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/dsds.png Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `8867869aea1f0c88cb8dbcaa261265b18ce652c1c738efd2488c20703d40efe5` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"4c65-5596d42e8b5d5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 19557
GET H/1.1	200 OK	require-2.0.1.js Show response lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/css/js/ Frame 2371	16 KB 16 KB	38ms 38ms	Script application/javascript	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/css/js/require-2.0.1.js Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `70877ac1e11bcccb0f11ed46a3d8ca49416d6fe4973c388c5fd14b85bea7683c` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"3e7d-5596d42e8a635" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 15997
GET H/1.1	200 OK	scr_content-bkgd.png lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/ Frame 2371	3 KB 3 KB	79ms 39ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/scr_content-bkgd.png Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/app.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"a79-5596d42e8b5d5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 2681
GET H/1.1	404 Not Found	interior-gradient-top.png lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/ Frame 2371	292 B 0	67ms 38ms	Image text/html	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/interior-gradient-top.png Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `b0d8ff4515c57c3f863bbbaf229b1ec3c3b0188c90569251e189b7fb7ef698ad` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/app.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Server CentOS WebPanel: Protected by Mod Security Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 292 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	authflow_illustrations.png lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/ Frame 2371	84 KB 84 KB	67ms 38ms	Image image/png	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Show image Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/img/authflow_illustrations.png Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash `32109b9c067c5e91334ffc53c10eb845691fd544e0ee2fc271773b8a7d0b583b` Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/loginfiles/css1/app.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Last-Modified Mon, 18 Sep 2017 02:11:32 GMT Server CentOS WebPanel: Protected by Mod Security ETag W/"14ffe-5596d42e8b5d5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 86014
GET H/1.1	404 Not Found	.js lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/css/js/view/ Frame 2371	0 0	38ms 38ms	Script text/html	194.192.15.42 TDC TDC A/S
General Check archive.org Show headers Download Go to Full URL http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/css/js/view/.js Requested by Host: lejlighedsudlejning.dk URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/css/js/require-2.0.1.js Protocol HTTP/1.1 Server 194.192.15.42 , Denmark, ASN3292 (TDC TDC A/S, DK), Reverse DNS Software CentOS WebPanel: Protected by Mod Security / Resource Hash Request headers Referer http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/rauth.php?Go=_Restore_Start&_Acess_Tooken=e2eda21edf2915c97ffa2a658712b019e2eda21edf2915c97ffa2a658712b019 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Mon, 18 Sep 2017 02:11:33 GMT Server CentOS WebPanel: Protected by Mod Security Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 262 Content-Type text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lejlighedsudlejning.dk
URL: http://lejlighedsudlejning.dk/wp-content/themes/twentyfifteen/inc/ID/4f8541/en/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial) iTunes Connect (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lejlighedsudlejning.dk
www.hmz.gov.me
lejlighedsudlejning.dk
194.192.15.42
195.66.163.23
0de9dc4df795b30e9fa458090c49ab8137e65a7901803c81895cef56ac543d13
11289166d6bfe3b5f217f0d58fa896d37cb2049365da8a95a806e9f8bb9246c4
113e8d5a246248042c3b97272fd83fa7c3ac13c1797dbf7eec99e182748a3fd3
129a97f9b2716d52599ce5a4c20113b0302d6ebeb5d0ba81e1798afb8947e069
24276c995e9820b9247e93effc2ec5c5d313a0ad2eae84e7aaf0cbe80e8fb25c
32109b9c067c5e91334ffc53c10eb845691fd544e0ee2fc271773b8a7d0b583b
6f08fd6e8b358aa8da5aee2068887e9c5199a2e1d7bbca1043e10dacceaed001
70877ac1e11bcccb0f11ed46a3d8ca49416d6fe4973c388c5fd14b85bea7683c
7ddeb0cf70753733881e5c166d9b7d188503233e7a0ae38f712fa69fc247f925
8867869aea1f0c88cb8dbcaa261265b18ce652c1c738efd2488c20703d40efe5
8bf3752843f0bb445b2e9a0c0261df0e48d611a28d8896608352e871f9722fba
b0d8ff4515c57c3f863bbbaf229b1ec3c3b0188c90569251e189b7fb7ef698ad
b7d3cfed7386a6f8726ae09ea0015ecaffee2b5a27979af74ff7b126aff0bb25
bc569a5406e6163002bb1870f3f2579e61bba2cb37d4b7b0099ede8d73f8e058
c1bd636bf0d8ff0d11412c550d36701feee023040877800e7358b61c02bba592
d6868950b01b5f00db72ec565254552fabbd29fefb512710d4cae7a96bdb46af
fbae4ae2bc3733948c802905d6c8ed91f67e56cd02d613e197074a8492b26639

www.hmz.gov.me Open in urlscan Pro 195.66.163.23 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

19 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

483 kBTransfer

484 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.hmz.gov.me Open in urlscan Pro
195.66.163.23 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

483 kB
Transfer

484 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!