ateneapre.simumak.com Open in urlscan Pro
185.37.227.213  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://pestiszomszedok.hu/images/UPDATE~REDD0/ Page URL
2. http://ateneapre.simumak.com/atenea/js/UPDATE~RED/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response pestiszomszedok.hu/images/UPDATE~REDD0/	486 B 477 B	121ms 87ms	Document text/html	5.159.233.36 DOCLERNET DoclerN...
General Check archive.org Show headers Download Go to Full URL http://pestiszomszedok.hu/images/UPDATE~REDD0/ Protocol HTTP/1.1 Server 5.159.233.36 , Hungary, ASN47381 (DOCLERNET DoclerNet Hosting Kft., HU), Reverse DNS srv4-2.ratior.hu Software nginx / Resource Hash a0dcf17158aa0dfc74b3edc6e0b8dac7586501d4c2cf0b0f1fcd57e21b59aa03 Request headers Host pestiszomszedok.hu Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 05935D9A54D1A36E9829FF7B155CE25A Response headers Server nginx Date Sat, 01 Sep 2018 19:52:15 GMT Content-Type text/html; charset=UTF-8 Content-Length 253 Connection keep-alive Vary Accept-Encoding Content-Encoding gzip X-Proxy-Cache MISS
GET H/1.1	200 OK	Primary Request / Show response ateneapre.simumak.com/atenea/js/UPDATE~RED/	255 KB 255 KB	224ms 36ms	Document text/html	185.37.227.213 ASGIGAS
General Check archive.org Show headers Download Go to Full URL http://ateneapre.simumak.com/atenea/js/UPDATE~RED/ Requested by Host: pestiszomszedok.hu URL: http://pestiszomszedok.hu/images/UPDATE~REDD0/ Protocol HTTP/1.1 Server 185.37.227.213 , Spain, ASN57286 (ASGIGAS, ES), Reverse DNS dev.simumak.com Software nginx / PleskLin Resource Hash 34c1664a6123b2e5e3897c2381a218167936e355458213b1e214e3c43a3be877 Request headers Host ateneapre.simumak.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer http://pestiszomszedok.hu/images/UPDATE~REDD0/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 05935D9A54D1A36E9829FF7B155CE25A Referer http://pestiszomszedok.hu/images/UPDATE~REDD0/ Response headers Server nginx Date Sat, 01 Sep 2018 19:57:18 GMT Content-Type text/html Content-Length 260795 Last-Modified Fri, 31 Aug 2018 00:14:34 GMT Connection keep-alive ETag "5b88886a-3fabb" X-Powered-By PleskLin Accept-Ranges bytes
GET H/1.1	200 OK	bootstrap.min.css maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/	120 KB 20 KB	12ms 6ms	Stylesheet text/css	209.197.3.15 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css Requested by Host: ateneapre.simumak.com URL: http://ateneapre.simumak.com/atenea/js/UPDATE~RED/ Protocol HTTP/1.1 Server 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip0x00f.map2.ssl.hwcdn.net Software / Resource Hash 31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87 Request headers Referer http://ateneapre.simumak.com/atenea/js/UPDATE~RED/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sat, 01 Sep 2018 19:52:15 GMT Content-Encoding gzip Last-Modified Tue, 20 Feb 2018 05:57:55 GMT Connection Keep-Alive ETag "1519106275" Vary Accept-Encoding X-Cache HIT Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=31536000 X-Hello-Human Say hello back! @getBootstrapCDN on Twitter Accept-Ranges bytes Content-Length 19879
GET H/1.1	200 OK	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/	36 KB 10 KB	12ms 6ms	Script application/javascript	209.197.3.15 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js Requested by Host: ateneapre.simumak.com URL: http://ateneapre.simumak.com/atenea/js/UPDATE~RED/ Protocol HTTP/1.1 Server 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip0x00f.map2.ssl.hwcdn.net Software / Resource Hash 4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327 Request headers Referer http://ateneapre.simumak.com/atenea/js/UPDATE~RED/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sat, 01 Sep 2018 19:52:15 GMT Content-Encoding gzip Last-Modified Tue, 20 Feb 2018 05:58:02 GMT Connection Keep-Alive ETag "1519106282" Vary Accept-Encoding X-Cache HIT Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=31536000 X-Hello-Human Say hello back! @getBootstrapCDN on Twitter Accept-Ranges bytes Content-Length 9743
GET H/1.1	200 OK	529600993.gif www3.0zz0.com/2016/01/13/23/	8 KB 8 KB	10ms 0ms	Image image/gif	138.201.36.233 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://www3.0zz0.com/2016/01/13/23/529600993.gif Requested by Host: ateneapre.simumak.com URL: http://ateneapre.simumak.com/atenea/js/UPDATE~RED/ Protocol HTTP/1.1 Server 138.201.36.233 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.233.36.201.138.clients.your-server.de Software Apache/2.4.6 / Resource Hash d1ae7277d8ad6c4ecfb1f2269db1cfd85a04c8e2b97a3c2bf4c65fa622fe9e08 Request headers Referer http://ateneapre.simumak.com/atenea/js/UPDATE~RED/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sat, 01 Sep 2018 19:52:15 GMT Last-Modified Wed, 13 Jan 2016 20:36:07 GMT Server Apache/2.4.6 ETag "1e34-5293d1e9e7bc0" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7732
GET DATA	200 OK	truncated /	20 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9d5fc598370f6c9d4351eb07721dce8cec3bd9e23c1742bbc2072aca72190047 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	39 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 068e477ec35bd99a21071af5452d6fdfde51acc56bc446a5bc987be0468ec271 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	25 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 81def36135071eaaa0d85428e6069e34aae6585a39e919091d7dec56d50403d1 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	23 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ab930b74298e8fa09eefb73302db38134f7c1a05f75bec6231c9f59b1f9a62d0 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	22 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a39294ea45534dac800dd691a862c2dde436d583df6aaf89545c97a554c98c95 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	30 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9e7946578543a4a6f874c8d8025fd8f9ba2e6ce6d1fbd55b7d09f6b0c25cd162 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| done function| isNumber boolean| isCtrl number| isNS function| mischandler function| mousehandler undefined| usr0 undefined| usr1 undefined| usr2 undefined| usr3 undefined| usr4 undefined| usr5 undefined| usr6 undefined| usr7 undefined| usr8 undefined| usr9 undefined| usr10 undefined| usr11 undefined| usr12 undefined| usr13 undefined| usr14 undefined| usr15 function| _ function| master function| mind function| dr function| s1x function| piece

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ateneapre.simumak.com
maxcdn.bootstrapcdn.com
pestiszomszedok.hu
www3.0zz0.com
138.201.36.233
185.37.227.213
209.197.3.15
5.159.233.36
068e477ec35bd99a21071af5452d6fdfde51acc56bc446a5bc987be0468ec271
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
34c1664a6123b2e5e3897c2381a218167936e355458213b1e214e3c43a3be877
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
81def36135071eaaa0d85428e6069e34aae6585a39e919091d7dec56d50403d1
9d5fc598370f6c9d4351eb07721dce8cec3bd9e23c1742bbc2072aca72190047
9e7946578543a4a6f874c8d8025fd8f9ba2e6ce6d1fbd55b7d09f6b0c25cd162
a0dcf17158aa0dfc74b3edc6e0b8dac7586501d4c2cf0b0f1fcd57e21b59aa03
a39294ea45534dac800dd691a862c2dde436d583df6aaf89545c97a554c98c95
ab930b74298e8fa09eefb73302db38134f7c1a05f75bec6231c9f59b1f9a62d0
d1ae7277d8ad6c4ecfb1f2269db1cfd85a04c8e2b97a3c2bf4c65fa622fe9e08