urlscan.io logo urlscan.io
SecurityTrails logo

www.hgz.hr Open in urlscan Pro
185.58.73.33  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Submission: On June 03 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 21 HTTP transactions. The main IP is 185.58.73.33, located in Croatia and belongs to AVALON-AS, HR. The main domain is www.hgz.hr.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 25th 2018. Valid for: 3 months.
This is the only time www.hgz.hr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
17 185.58.73.33 201563 (AVALON-AS)
3 2.18.233.20 16625 (AKAMAI-AS)
1 2 93.179.69.54 57311 (NEOHOST-AS)
21 4
Apex Domain
Subdomains		 Transfer
17 hgz.hr
www.hgz.hr
577 KB
3 paypalobjects.com
www.paypalobjects.com
39 KB
2 xoxxxoooxo.ml
xoxxxoooxo.ml
2 KB
21 3
Domain Requested by
17 www.hgz.hr www.hgz.hr
3 www.paypalobjects.com www.hgz.hr
2 xoxxxoooxo.ml 1 redirects www.hgz.hr
21 3

This site contains no links.

Subject Issuer Validity Valid
hgz.hr
cPanel, Inc. Certification Authority		 2018-05-25 -
2018-08-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Frame ID: CA5EA1A7638884A619A357FA4D83F397
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

21
Requests

81 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

617 kB
Transfer

613 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • http://xoxxxoooxo.ml/_1_ HTTP 301
  • http://xoxxxoooxo.ml/

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request bankacc.php
www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/ 		23 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
437014f5a73d666f7a57a003c1966fe3dc45aee1105230c88d6ecfcdfea3e697

Request headers

:method
GET
:authority
www.hgz.hr
:scheme
https
:path
/components/com_banners/helpers/c0/fPWAZ/bankacc.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CA5EA1A7638884A619A357FA4D83F397

Response headers

status
200
date
Sun, 03 Jun 2018 16:56:50 GMT
server
Apache
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5; path=/
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
crypt.js
www.hgz.hr/components/com_banners/helpers/c0/assets/js/ 		20 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/js/crypt.js
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
75229eb0a3642ec7b99af3af2002d56c2546a1e2bea777c93c46b166211e6756

Request headers

:path
/components/com_banners/helpers/c0/assets/js/crypt.js
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Fri, 09 Jun 2017 02:18:04 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
20201
bootstrap.min.css
www.hgz.hr/components/com_banners/helpers/c0/assets/css/ 		147 KB
149 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/bootstrap.min.css
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
cf59a29f53a40724e7d91bafe58288ae04dcccc4661aefa11144247b69c71103

Request headers

:path
/components/com_banners/helpers/c0/assets/css/bootstrap.min.css
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Sat, 04 Mar 2017 11:06:40 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
151023
font-awesome.min.css
www.hgz.hr/components/com_banners/helpers/c0/assets/css/ 		28 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/font-awesome.min.css
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
ed0f05101d480726c58bcd4956a1e7b02f12b538d02058f1b0ebfdabe8a7ef42

Request headers

:path
/components/com_banners/helpers/c0/assets/css/font-awesome.min.css
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Fri, 13 May 2016 04:44:28 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
29067
VerifyPage.css
www.hgz.hr/components/com_banners/helpers/c0/assets/css/ 		23 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/VerifyPage.css
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
5a526de48275e963dace520bd1bc7059966a980913e4289445dcedccab21cb20

Request headers

:path
/components/com_banners/helpers/c0/assets/css/VerifyPage.css
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Mon, 12 Jun 2017 23:35:08 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
23349
jquery.min.js
www.hgz.hr/components/com_banners/helpers/c0/assets/js/ 		95 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/js/jquery.min.js
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
ed0206f3256580b4c5adc28086a186034943d01b0c811909a4ad34dd9c42e98b

Request headers

:path
/components/com_banners/helpers/c0/assets/js/jquery.min.js
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Fri, 09 Jun 2017 19:16:18 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
97164
bootstrap.min.js
www.hgz.hr/components/com_banners/helpers/c0/assets/js/ 		46 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/js/bootstrap.min.js
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
c53b394850444558af588cf6e99af57c81e4d5d3d76a8bb7828ebe4aa862f703

Request headers

:path
/components/com_banners/helpers/c0/assets/js/bootstrap.min.js
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Tue, 30 May 2017 17:08:32 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
46649
CardType.js
www.hgz.hr/components/com_banners/helpers/c0/assets/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/js/CardType.js
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
a338021847c2200aa766b0bc50cb8b49ed55a5ab8880903ff84b83c5e7bb0569

Request headers

:path
/components/com_banners/helpers/c0/assets/js/CardType.js
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Thu, 02 Mar 2017 18:00:50 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
2630
profilepic.png
www.hgz.hr/components/com_banners/helpers/c0/assets/img/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/img/profilepic.png
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
c70b57b1057c609807d74198a36618f84172ec9df043bcaec831949032a8557b

Request headers

:path
/components/com_banners/helpers/c0/assets/img/profilepic.png
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

status
200
date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Sat, 25 Feb 2017 11:10:16 GMT
server
Apache
accept-ranges
bytes
content-length
12692
content-type
image/png
warning-alert.jpg
www.hgz.hr/components/com_banners/helpers/c0/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/img/warning-alert.jpg
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
989d604c0929ddfa9a58dc4f650c3f4c41c6dda33ada1def7ce293811402822f

Request headers

:path
/components/com_banners/helpers/c0/assets/img/warning-alert.jpg
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

status
200
date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Wed, 31 May 2017 11:28:40 GMT
server
Apache
accept-ranges
bytes
content-length
1575
content-type
image/jpeg
paypal-security.png
www.hgz.hr/components/com_banners/helpers/c0/assets/img// 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/img//paypal-security.png
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
0ace5bdf6e145befa5689513e1ed1fc3852e5d5583aa99c0784cfb42c2f0bb53

Request headers

:path
/components/com_banners/helpers/c0/assets/img//paypal-security.png
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

status
200
date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Thu, 09 Mar 2017 16:36:04 GMT
server
Apache
accept-ranges
bytes
content-length
5325
content-type
image/png
paypal-fast.png
www.hgz.hr/components/com_banners/helpers/c0/assets/img// 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/img//paypal-fast.png
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
e7dd1161d62cc96af771f59fdde7435c423910ddebada4a1891a6a471625a76b

Request headers

:path
/components/com_banners/helpers/c0/assets/img//paypal-fast.png
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

status
200
date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Thu, 09 Mar 2017 16:35:20 GMT
server
Apache
accept-ranges
bytes
content-length
5755
content-type
image/png
cardreader-new.png
www.hgz.hr/components/com_banners/helpers/c0/assets/img// 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/img//cardreader-new.png
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
bd4f5d061cef9d9bac0a984af28cabda52182e0f4ff897af0f048c0754b59ca7

Request headers

:path
/components/com_banners/helpers/c0/assets/img//cardreader-new.png
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

status
200
date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Thu, 09 Mar 2017 16:35:30 GMT
server
Apache
accept-ranges
bytes
content-length
2350
content-type
image/png
paypal-donation.png
www.hgz.hr/components/com_banners/helpers/c0/assets/img/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/img/paypal-donation.png
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
66c1d89da11f0a0f8569eb9c11f5770a47535de54039c5eb2185911a1cfedefd

Request headers

:path
/components/com_banners/helpers/c0/assets/img/paypal-donation.png
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
:scheme
https
:method
GET
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

status
200
date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Thu, 09 Mar 2017 16:35:32 GMT
server
Apache
accept-ranges
bytes
content-length
11393
content-type
image/png
nav_step.png
www.paypalobjects.com/web/res/205/785babd2456d8a578524c2a7b1a2e/img/ 		288 B
619 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/web/res/205/785babd2456d8a578524c2a7b1a2e/img/nav_step.png
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/assets/js/jquery.min.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-20.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c1f83353eba493cb606981c6434c45dee76481f5589e57a3aab3a2168f931885
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/VerifyPage.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Jun 2018 16:56:51 GMT
x-content-type-options
nosniff
last-modified
Fri, 24 Feb 2017 03:33:45 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
288
expires
Sun, 03 Jun 2018 16:56:51 GMT
nav_step_current.png
www.paypalobjects.com/web/res/205/785babd2456d8a578524c2a7b1a2e/img/ 		230 B
560 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/web/res/205/785babd2456d8a578524c2a7b1a2e/img/nav_step_current.png
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/assets/js/jquery.min.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-20.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f57d8f8bae4d3d7d6bc47ed10c3a7909e49181ad01c978891e02cb4b3b45b6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/VerifyPage.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Jun 2018 16:56:51 GMT
x-content-type-options
nosniff
last-modified
Fri, 24 Feb 2017 03:33:45 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
230
expires
Sun, 03 Jun 2018 16:56:51 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d5db3b907609c4110204c6b690669146ea129afc11f5de317d7312f9d24536bf

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/svg+xml
PayPalSansBig-Light.woff2
www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/PayPalSansBig-Light.woff2
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/assets/js/jquery.min.js
Protocol
SPDY
Server
2.18.233.20 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-20.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4619d70d7bd1b3d7572940e9ee7f31bc4c07f4c9cad6ae2d3e5b2eb555b6a2c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/VerifyPage.css
Origin
https://www.hgz.hr

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 08 Jun 2016 16:50:06 GMT
server
Apache
status
200
vary
Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
strict-transport-security
max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Jul 2018 16:56:51 GMT
fontawesome-webfont.woff2
www.hgz.hr/components/com_banners/helpers/c0/assets/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/assets/js/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash

Request headers

:path
/components/com_banners/helpers/c0/assets/fonts/fontawesome-webfont.woff2?v=4.6.3
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
origin
https://www.hgz.hr
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/font-awesome.min.css
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/font-awesome.min.css
Origin
https://www.hgz.hr

Response headers

status
404
date
Sun, 03 Jun 2018 16:56:51 GMT
server
Apache
content-length
389
content-type
text/html; charset=iso-8859-1
/
xoxxxoooxo.ml/
Redirect Chain
  • http://xoxxxoooxo.ml/_1_
  • http://xoxxxoooxo.ml/
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://xoxxxoooxo.ml/
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
HTTP/1.1
Server
93.179.69.54 , Russian Federation, ASN57311 (NEOHOST-AS, UA),
Reverse DNS
w3bc0d3r13.example.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Content-Type
text/html; charset=UTF-8

Redirect headers

Location
/
Date
Sun, 03 Jun 2018 16:56:51 GMT
Server
nginx/1.12.2
Connection
keep-alive
X-Powered-By
PHP/7.1.15
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
fontawesome-webfont.woff
www.hgz.hr/components/com_banners/helpers/c0/assets/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/fonts/fontawesome-webfont.woff?v=4.6.3
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash

Request headers

:path
/components/com_banners/helpers/c0/assets/fonts/fontawesome-webfont.woff?v=4.6.3
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
origin
https://www.hgz.hr
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/font-awesome.min.css
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/font-awesome.min.css
Origin
https://www.hgz.hr

Response headers

status
404
date
Sun, 03 Jun 2018 16:56:51 GMT
server
Apache
content-length
388
content-type
text/html; charset=iso-8859-1
fontawesome-webfont.ttf
www.hgz.hr/components/com_banners/helpers/c0/assets/fonts/ 		149 KB
150 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hgz.hr/components/com_banners/helpers/c0/assets/fonts/fontawesome-webfont.ttf?v=4.6.3
Requested by
Host: www.hgz.hr
URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.58.73.33 , Croatia, ASN201563 (AVALON-AS, HR),
Reverse DNS
natrij.avalon.hr
Software
Apache /
Resource Hash
ae19e2e4c04f2b04bf030684c4c1db8faf5c8fe3ee03d1e0c409046608b38912

Request headers

:path
/components/com_banners/helpers/c0/assets/fonts/fontawesome-webfont.ttf?v=4.6.3
pragma
no-cache
cookie
PHPSESSID=m5cu9h45njpqbdhu2de6amnsb5
origin
https://www.hgz.hr
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.hgz.hr
referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/font-awesome.min.css
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://www.hgz.hr/components/com_banners/helpers/c0/assets/css/font-awesome.min.css
Origin
https://www.hgz.hr

Response headers

date
Sun, 03 Jun 2018 16:56:51 GMT
last-modified
Fri, 13 May 2016 04:44:26 GMT
server
Apache
vary
Accept-Encoding
content-type
font/ttf
status
200
accept-ranges
bytes
content-length
152796

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Aes object| Base64 object| Utf8 string| V2 string| Viper string| output string| ctrTxt function| $ function| jQuery object| jQuery1122029020205634285423

1 Cookies

Domain/Path Name / Value
www.hgz.hr/ Name: PHPSESSID
Value: m5cu9h45njpqbdhu2de6amnsb5

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.hgz.hr/components/com_banners/helpers/c0/fPWAZ/bankacc.php(Line 76)
Message:
console.clear

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.hgz.hr
www.paypalobjects.com
xoxxxoooxo.ml
185.58.73.33
2.18.233.20
93.179.69.54
0ace5bdf6e145befa5689513e1ed1fc3852e5d5583aa99c0784cfb42c2f0bb53
437014f5a73d666f7a57a003c1966fe3dc45aee1105230c88d6ecfcdfea3e697
4619d70d7bd1b3d7572940e9ee7f31bc4c07f4c9cad6ae2d3e5b2eb555b6a2c0
5a526de48275e963dace520bd1bc7059966a980913e4289445dcedccab21cb20
66c1d89da11f0a0f8569eb9c11f5770a47535de54039c5eb2185911a1cfedefd
75229eb0a3642ec7b99af3af2002d56c2546a1e2bea777c93c46b166211e6756
8f57d8f8bae4d3d7d6bc47ed10c3a7909e49181ad01c978891e02cb4b3b45b6d
989d604c0929ddfa9a58dc4f650c3f4c41c6dda33ada1def7ce293811402822f
a338021847c2200aa766b0bc50cb8b49ed55a5ab8880903ff84b83c5e7bb0569
ae19e2e4c04f2b04bf030684c4c1db8faf5c8fe3ee03d1e0c409046608b38912
bd4f5d061cef9d9bac0a984af28cabda52182e0f4ff897af0f048c0754b59ca7
c1f83353eba493cb606981c6434c45dee76481f5589e57a3aab3a2168f931885
c53b394850444558af588cf6e99af57c81e4d5d3d76a8bb7828ebe4aa862f703
c70b57b1057c609807d74198a36618f84172ec9df043bcaec831949032a8557b
cf59a29f53a40724e7d91bafe58288ae04dcccc4661aefa11144247b69c71103
d5db3b907609c4110204c6b690669146ea129afc11f5de317d7312f9d24536bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7dd1161d62cc96af771f59fdde7435c423910ddebada4a1891a6a471625a76b
ed0206f3256580b4c5adc28086a186034943d01b0c811909a4ad34dd9c42e98b
ed0f05101d480726c58bcd4956a1e7b02f12b538d02058f1b0ebfdabe8a7ef42