www.fitvarovanje.si Open in urlscan Pro
212.44.102.137 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.fitvarovanje.si/media/step2.php
Submission: On February 25 via automatic, source phishtank (February 25th 2018, 1:15:04 pm UTC)

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 212.44.102.137, located in Slovenia and belongs to DHH-AS, SI. The main domain is www.fitvarovanje.si.

This is the only time www.fitvarovanje.si was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
8	212.44.102.137 212.44.102.137	43128 (DHH-AS) (DHH-AS)
1	54.148.84.95 54.148.84.95	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	104.19.192.102 104.19.192.102	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
14	3

8 212.44.102.137 (Slovenia)

ASN43128 (DHH-AS, SI)
PTR: rcp-9.controlpanel.si

www.fitvarovanje.si	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.148.84.95 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com

www.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.19.192.102 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	fitvarovanje.si www.fitvarovanje.si	182 KB
5	cloudflare.com cdnjs.cloudflare.com	107 KB
1	sitepoint.com www.sitepoint.com	6 KB
14	3

	Domain	Requested by
8	www.fitvarovanje.si	www.fitvarovanje.si
5	cdnjs.cloudflare.com	www.fitvarovanje.si
1	www.sitepoint.com	www.fitvarovanje.si
14	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.fitvarovanje.si/media/step2.php
Frame ID: (ACA98B03B06F8873E76C99BAB7CF1987)
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

14
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

295 kB
Transfer

563 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set step2.php Show response
www.fitvarovanje.si/media/ 21 KB
22 KB 70ms
46ms Document
text/html 212.44.102.137
DHH-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 212.44.102.137 , Slovenia, ASN43128 (DHH-AS, SI),
Reverse DNS: rcp-9.controlpanel.si
Software: Apache / PHP/5.2.17
Resource Hash: 8df159b89c330effcfad640ee3d399bcc96fb9f1c9a6fa4ca59ed7ba0de4ae99

Request headers

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
Host: www.fitvarovanje.si
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:54 GMT
Cache-control: private
Server: Apache
Set-Cookie: PH_HPXY_CHECK=s1; path=/
X-Powered-By: PHP/5.2.17
Transfer-Encoding: chunked
Content-Type: text/html

GET
H/1.1 200
OK MaskedPassword.js Show response
www.sitepoint.com/examples/password/MaskedPassword/ 17 KB
6 KB 557ms
186ms Script
application/javascript 54.148.84.95
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js
Requested by: Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 54.148.84.95 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-148-84-95.us-west-2.compute.amazonaws.com
Software: Apache/2.2.22 (Debian) /
Resource Hash: 93a2dceda60cdb67ba976bd36f211dcc74cb3720d21845b8d1ad2155f08a1e0a

Request headers

Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:24 GMT
Content-Encoding: gzip
X-Cache-Lookup: HIT from ip-172-31-31-237.us-west-2.compute.internal:3128
Last-Modified: Fri, 15 Oct 2010 00:03:45 GMT
Server: Apache/2.2.22 (Debian)
Age: 30
ETag: "680936-4208-4929c8f629a40"
Vary: User-Agent,Accept-Encoding
X-Cache: HIT from ip-172-31-31-237.us-west-2.compute.internal
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 5767

GET
S 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ 256 KB
78 KB 60ms
10ms Script
application/javascript 104.19.192.102
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js

Requested by

Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php

Protocol

SPDY

Server

104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 25 Feb 2018 13:14:54 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2016 14:42:33 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 3f2aee281b74235a-FRA
expires: Fri, 15 Feb 2019 13:14:54 GMT

GET
S 200 jquery.validate.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ 45 KB
12 KB 78ms
28ms Script
application/javascript 104.19.192.102
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.js

Requested by

Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php

Protocol

SPDY

Server

104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 25 Feb 2018 13:14:54 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2016 14:42:31 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 3f2aee281b79235a-FRA
expires: Fri, 15 Feb 2019 13:14:54 GMT

GET
S 200 additional-methods.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ 38 KB
11 KB 79ms
29ms Script
application/javascript 104.19.192.102
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/additional-methods.js

Requested by

Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php

Protocol

SPDY

Server

104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 25 Feb 2018 13:14:54 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2016 14:42:31 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 3f2aee281b7c235a-FRA
expires: Fri, 15 Feb 2019 13:14:54 GMT

GET
S 200 jquery.maskedinput.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ 10 KB
3 KB 102ms
53ms Script
application/javascript 104.19.192.102
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js

Requested by

Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php

Protocol

SPDY

Server

104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 25 Feb 2018 13:14:54 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2016 14:42:32 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 3f2aee281b7b235a-FRA
expires: Fri, 15 Feb 2019 13:14:54 GMT

GET
S 200 jquery.payment.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/ 17 KB
4 KB 92ms
43ms Script
application/javascript 104.19.192.102
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/jquery.payment.js

Requested by

Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php

Protocol

SPDY

Server

104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Sun, 25 Feb 2018 13:14:54 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2016 14:42:32 GMT
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 3f2aee281b76235a-FRA
expires: Fri, 15 Feb 2019 13:14:54 GMT

GET
H/1.1 200
OK h1.png
www.fitvarovanje.si/media/images/ 120 KB
120 KB 43ms
42ms Image
image/png 212.44.102.137
DHH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.fitvarovanje.si/media/images/h1.png
Requested by: Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 212.44.102.137 , Slovenia, ASN43128 (DHH-AS, SI),
Reverse DNS: rcp-9.controlpanel.si
Software: Apache /
Resource Hash: 0825cef7cf59f401a476cbcc34032070845e97e480e6b72f7906e3bc6e80f802

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fitvarovanje.si
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.fitvarovanje.si/media/step2.php
Cookie: PH_HPXY_CHECK=s1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:54 GMT
Last-Modified: Thu, 15 Feb 2018 23:20:28 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 122723
Content-Type: image/png

GET
H/1.1 200
OK h4.png
www.fitvarovanje.si/media/images/ 10 KB
10 KB 41ms
41ms Image
image/png 212.44.102.137
DHH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.fitvarovanje.si/media/images/h4.png
Requested by: Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 212.44.102.137 , Slovenia, ASN43128 (DHH-AS, SI),
Reverse DNS: rcp-9.controlpanel.si
Software: Apache /
Resource Hash: 261ae7cc232ea3db335d1d5ee10387df780c1f4c35cb6541c1822dc0bfd1c47e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fitvarovanje.si
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.fitvarovanje.si/media/step2.php
Cookie: PH_HPXY_CHECK=s1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:54 GMT
Last-Modified: Thu, 15 Feb 2018 23:37:24 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 9847
Content-Type: image/png

GET
H/1.1 200
OK h5.png
www.fitvarovanje.si/media/images/ 6 KB
7 KB 50ms
49ms Image
image/png 212.44.102.137
DHH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.fitvarovanje.si/media/images/h5.png
Requested by: Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 212.44.102.137 , Slovenia, ASN43128 (DHH-AS, SI),
Reverse DNS: rcp-9.controlpanel.si
Software: Apache /
Resource Hash: 49199fbddd74e7bcec5d942f896fc75742b328570f8af3144e55955036e4beac

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fitvarovanje.si
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.fitvarovanje.si/media/step2.php
Cookie: PH_HPXY_CHECK=s1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:54 GMT
Last-Modified: Thu, 15 Feb 2018 23:37:38 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 6515
Content-Type: image/png

GET
H/1.1 200
OK h6.png
www.fitvarovanje.si/media/images/ 11 KB
11 KB 42ms
42ms Image
image/png 212.44.102.137
DHH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.fitvarovanje.si/media/images/h6.png
Requested by: Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 212.44.102.137 , Slovenia, ASN43128 (DHH-AS, SI),
Reverse DNS: rcp-9.controlpanel.si
Software: Apache /
Resource Hash: 533ac0a0f85de00c1fc064b2e2fd05a40e2ca9af38366cb9f5653344a12b6699

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fitvarovanje.si
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.fitvarovanje.si/media/step2.php
Cookie: PH_HPXY_CHECK=s1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:54 GMT
Last-Modified: Thu, 15 Feb 2018 23:38:00 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 11184
Content-Type: image/png

GET
H/1.1 200
OK h3.png
www.fitvarovanje.si/media/images/ 4 KB
4 KB 41ms
41ms Image
image/png 212.44.102.137
DHH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.fitvarovanje.si/media/images/h3.png
Requested by: Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 212.44.102.137 , Slovenia, ASN43128 (DHH-AS, SI),
Reverse DNS: rcp-9.controlpanel.si
Software: Apache /
Resource Hash: 3580d91b7924d6e653cf2dd55a157d36c5463eb04dc0ab0e9e9c95feef8cd71b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fitvarovanje.si
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.fitvarovanje.si/media/step2.php
Cookie: PH_HPXY_CHECK=s1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:54 GMT
Last-Modified: Thu, 15 Feb 2018 22:44:48 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 3788
Content-Type: image/png

GET
H/1.1 200
OK h2.png
www.fitvarovanje.si/media/images/ 7 KB
7 KB 42ms
41ms Image
image/png 212.44.102.137
DHH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.fitvarovanje.si/media/images/h2.png
Requested by: Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 212.44.102.137 , Slovenia, ASN43128 (DHH-AS, SI),
Reverse DNS: rcp-9.controlpanel.si
Software: Apache /
Resource Hash: 8f9faa43a31e94d022b57e2e1229804d86636f9a55564bc216ca2614a9a82517

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fitvarovanje.si
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.fitvarovanje.si/media/step2.php
Cookie: PH_HPXY_CHECK=s1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:54 GMT
Last-Modified: Thu, 15 Feb 2018 22:44:06 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 7011
Content-Type: image/png

GET
H/1.1 200
OK hbtn.png
www.fitvarovanje.si/media/images/ 2 KB
2 KB 41ms
41ms Image
image/png 212.44.102.137
DHH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.fitvarovanje.si/media/images/hbtn.png
Requested by: Host: www.fitvarovanje.si
URL: http://www.fitvarovanje.si/media/step2.php
Protocol: HTTP/1.1
Server: 212.44.102.137 , Slovenia, ASN43128 (DHH-AS, SI),
Reverse DNS: rcp-9.controlpanel.si
Software: Apache /
Resource Hash: 559b440dea4b934d2215a512671f9faf7bcfd6fd3e866d7bf6318240639bd3b1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fitvarovanje.si
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.fitvarovanje.si/media/step2.php
Cookie: PH_HPXY_CHECK=s1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.fitvarovanje.si/media/step2.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Sun, 25 Feb 2018 13:14:54 GMT
Last-Modified: Thu, 15 Feb 2018 23:07:10 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1679
Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MaskedPassword function| $ function| jQuery function| unhideBody

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.fitvarovanje.si/	1969-12-31 23:59:59	Name: PH_HPXY_CHECK Value: s1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
www.fitvarovanje.si
www.sitepoint.com
104.19.192.102
212.44.102.137
54.148.84.95
0825cef7cf59f401a476cbcc34032070845e97e480e6b72f7906e3bc6e80f802
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
261ae7cc232ea3db335d1d5ee10387df780c1f4c35cb6541c1822dc0bfd1c47e
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
3580d91b7924d6e653cf2dd55a157d36c5463eb04dc0ab0e9e9c95feef8cd71b
49199fbddd74e7bcec5d942f896fc75742b328570f8af3144e55955036e4beac
533ac0a0f85de00c1fc064b2e2fd05a40e2ca9af38366cb9f5653344a12b6699
559b440dea4b934d2215a512671f9faf7bcfd6fd3e866d7bf6318240639bd3b1
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
8df159b89c330effcfad640ee3d399bcc96fb9f1c9a6fa4ca59ed7ba0de4ae99
8f9faa43a31e94d022b57e2e1229804d86636f9a55564bc216ca2614a9a82517
93a2dceda60cdb67ba976bd36f211dcc74cb3720d21845b8d1ad2155f08a1e0a

www.fitvarovanje.si Open in urlscan Pro 212.44.102.137 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

295 kBTransfer

563 kBSize

1 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

www.fitvarovanje.si Open in urlscan Pro
212.44.102.137 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

295 kB
Transfer

563 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!