rc-ctyrlistek.cz Open in urlscan Pro
2606:4700:3036::ac43:8605 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com
Effective URL:
https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com
Submission: On July 28 via automatic, source openphish (July 28th 2021, 1:27:04 am UTC)

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3036::ac43:8605, located in United States and belongs to CLOUDFLARENET, US. The main domain is rc-ctyrlistek.cz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 10th 2021. Valid for: a year.

This is the only time rc-ctyrlistek.cz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 11	2606:4700:303... 2606:4700:3036::ac43:8605		13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	1

11 2606:4700:3036::ac43:8605 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

rc-ctyrlistek.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	rc-ctyrlistek.cz 1 redirects rc-ctyrlistek.cz	639 KB
10	1

	Domain	Requested by
11	rc-ctyrlistek.cz	1 redirects rc-ctyrlistek.cz
10	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-10` - `2022-05-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com
Frame ID: 8723587F8463C043EA9AB0301D6C4F62
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com HTTP 301
https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

638 kB
Transfer

1668 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com HTTP 301
https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/ Redirect Chain http://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com	2 KB 1 KB	116ms 99ms	Document text/html	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 PleskLin Resource Hash `48cc567df93eb99a542c3a4c84cc27e363d4e2da5eeaf27527f3f5a7871318ad` Request headers :method GET :authority rc-ctyrlistek.cz :scheme https :path /OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/5.6.40 PleskLin cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N0RgMIc13o42UP8z8p9PXDSW0rFC%2BMoZMY47PcWZKsxG337p61Tn63NVTj8TTfIHTd2ASvQsw14jp3LZbCfQHbK%2FfXlZknExUsSBfkDfPl8s7WBbqNms6mZgfLtzSD1mr9aHz1TgEmtRyhIV0m0N"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 675a52427df71f51-FRA content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 Redirect headers Date Wed, 28 Jul 2021 01:26:47 GMT Transfer-Encoding chunked Connection keep-alive Cache-Control max-age=3600 Expires Wed, 28 Jul 2021 02:26:47 GMT Location https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com cf-request-id 0b8c51bd6d000032504086d000000001 Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=twPBcDO2q%2Bydq9B%2BqV1Tq3MwGJV1ypPJ5MGi77qFXmThNn6OjJc4pqE5yOpCz32%2B%2Bw9qlEgT24HkJDjsD3HiNcxk0VGUCXqo27walmsBHjbkHuW5VKo1i5lEp%2F7P0UMkquWb76C35wuZA3aXUeT0"}],"group":"cf-nel","max_age":604800} NEL {"report_to":"cf-nel","max_age":604800} Vary Accept-Encoding Server cloudflare CF-RAY 675a52424cfd3250-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET H3-29	200	bootstrap.min.css rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/bootstrap/css/	138 KB 22 KB	48ms 34ms	Stylesheet text/css	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/bootstrap/css/bootstrap.min.css Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11` Request headers :path /OWA/auth-OWA/outlook/vendor/bootstrap/css/bootstrap.min.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2405 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag W/"5f1a72bd-22688" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O45gqDhK%2FUfo00aAJQYt4k6Zxp%2B6lqgaVYQmtVC6SNmI9mA65GAt0IWF4QqO%2BVcZPqddA80TRwwgeLEfo3jKkTdiozEtZuo%2BtrlzZrOZb7v8DIB6LguWqpdxGPsv9FQ2qorukuIWasRD%2FBObpOWI"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 675a524349ae05b3-FRA
GET H3-29	200	all.css rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/	69 KB 13 KB	35ms 22ms	Stylesheet text/css	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/all.css Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `05b29e731ac5a3e11c7b0fcde0785296c564342bcd8831c9c9206ca967224d88` Request headers :path /OWA/auth-OWA/outlook/font-awesome/css/all.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2404 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 last-modified Fri, 24 Jul 2020 05:33:48 GMT server cloudflare etag W/"5f1a72bc-115ea" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gA8QBhXt2I%2BnUOc4BzbhrN9KNu8GDhEtouQEuOTdieYov%2Ft0aRX9Qx%2FlktyZq%2FZDPnhTFx5X0XgWohJrZKto8VBanXBlkD8MV3W8cqRAFZJP7HIyHin0qZdB9%2FQA9iEfY2FCbLVsJLSJTUsNQ2JQ"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 675a524349a905b3-FRA
GET H3-29	200	logo.png rc-ctyrlistek.cz/OWA/auth-OWA/outlook/	17 KB 17 KB	24ms 16ms	Image image/png	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/logo.png Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `52dc127d5e6245dd9b1f1ff1c75448817a69b5cc1bc6b64f6c0ee82b81e84cfa` Request headers :path /OWA/auth-OWA/outlook/logo.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2404 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 16949 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag "5f1a72bd-4235" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8%2BejPTnEbPAVc7DoiJw41Fbr%2BT8z0ZbqTJ9VXAbbudVJI1MB2SgubcsI%2FrBGRD%2BILUh13Un9K0tAAMtiS3GpehI0rETq8KjAJBVhcOUVlcR1TTWQLt8s%2Bv2QgVg6Q7MijtTMnWi1EaWAP3eRnPC"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 675a524349a105b3-FRA
GET H3-29	200	outlook.png rc-ctyrlistek.cz/OWA/auth-OWA/outlook/	47 KB 48 KB	31ms 23ms	Image image/png	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/outlook.png Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `ea470c3755ab03df351ecd688c7a30dd0f98be3bcdb60df5a410c8ba582fc220` Request headers :path /OWA/auth-OWA/outlook/outlook.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2404 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 48430 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag "5f1a72bd-bd2e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fx%2Fr6RgAb7YXzanoM%2FEbZQHJlZt1TxV0H%2BYLN85CMXu9A0F9iwjeQDxGjhgYCaajirVoAvPjVJYWi6VLTQC3Utb5lgpHvFMskFSAKnIHVJfs75041VjyFpT%2Fiwl5d4intu1fqXCtdhCLGuROOFC%2F"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 675a524349ac05b3-FRA
GET H3-29	200	jquery-2.2.3.min.js Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/jquery/	84 KB 31 KB	43ms 33ms	Script application/javascript	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/jquery/jquery-2.2.3.min.js Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a` Request headers :path /OWA/auth-OWA/outlook/vendor/jquery/jquery-2.2.3.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2404 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag W/"5f1a72bd-14e9b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7jqK6hEsjCNCEYAhpDOpsRFuxczcm2Ygr4sW%2BDWeSrX3EoVop7qfWAScH%2BYY%2FON2rdzeAVn5T6U3J5CDDnZkEW%2FmWfgERZbwcfWKla3Q3JI0AsD%2FtAMMG9QvbDnbs18r%2BRqjY2hKI%2BOnIdcontiE"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 675a524349ad05b3-FRA
GET H3-29	200	bootstrap.min.js Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/bootstrap/js/	50 KB 15 KB	48ms 38ms	Script application/javascript	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/bootstrap/js/bootstrap.min.js Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4` Request headers :path /OWA/auth-OWA/outlook/vendor/bootstrap/js/bootstrap.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2404 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag W/"5f1a72bd-c75f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jMlWDlarUr0uL42eaIRu7IoEYj%2BuZY587D2lSiebDn2Puhyb6%2FBvlN%2FeAgvTEvJQL8Ic4F2%2BcttgTcAP57VUotj%2BG1KqELuaYuwVRtorFCVgVT14j7clP3VIgBfMlBLhFLn%2B6hQE9ZNUkrfuxYb9"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 675a524349af05b3-FRA
GET H3-29	200	all.js Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/js/	1 MB 415 KB	48ms 38ms	Script application/javascript	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/js/all.js Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `f3c8ccac95cb1dfdcb72f5addf1d0042ff1de141904ed5e2e2e9797e2abd2861` Request headers :path /OWA/auth-OWA/outlook/font-awesome/js/all.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2404 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 last-modified Fri, 24 Jul 2020 05:33:48 GMT server cloudflare etag W/"5f1a72bc-1281ec" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=klqCSFN0joOFX8fwW1Ack81giwSh6iBl86DsjquITa1s%2FBXW8u3Cp9tcal2mmaHof2RjQ4JobtUmyr%2BRxQRgy%2FXsIRYFwXUg6wuo8yRY86hxeYC2AZqhjz19BDhXPkDLBxfiuyYN%2BGAh1nVojrjs"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 675a524349b005b3-FRA
GET H3-29	200	data.js Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/js/	3 KB 1 KB	31ms 22ms	Script application/javascript	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/js/data.js Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `b2ea2c659fb68dc2e92d7dd0e659a594f0b3bcb86ec96adc72904335f0003311` Request headers :path /OWA/auth-OWA/outlook/js/data.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2404 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag W/"5f1a72bd-b09" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xavs7yHwiho%2BzepZhIS9rJo8t8gV4nIzxlPqC4qMCK0AotagB3hcPqGR45I4r3%2FnWtM9c91v58MRDDKgklzoE6egZ7jQXJx2zpgRz11QuGkdxyxZJCwsvtDdh6cWyfFStAstk2uwpND8M6U0Lsfa"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 675a524349a605b3-FRA
GET H3-29	200	fa-solid-900.woff2 rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/webfonts/	74 KB 75 KB	13ms 12ms	Font font/woff2	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/webfonts/fa-solid-900.woff2 Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/all.css Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c` Request headers :path /OWA/auth-OWA/outlook/font-awesome/webfonts/fa-solid-900.woff2 pragma no-cache origin https://rc-ctyrlistek.cz accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept / cache-control no-cache sec-fetch-dest font :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/all.css :scheme https sec-fetch-site same-origin :method GET Origin https://rc-ctyrlistek.cz Referer https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/all.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 28 Jul 2021 01:26:47 GMT cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2404 x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 76120 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag "5f1a72bd-12958" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2B1on9aXV20xzS2R9QjIRvWc0sJBkLku3yQwaw%2FKq%2B49wA8EZozalWJ9TvQ0qMF3MQm1EHHxPDZp1jLuXlZY%2FATviz19vmKaamGbHZmHSBkoSq4YI67EO6wLm5F%2FFM9gKiezy8cBl3p1FGrp1saP"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 675a52439a0f05b3-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rc-ctyrlistek.cz
2606:4700:3036::ac43:8605
05b29e731ac5a3e11c7b0fcde0785296c564342bcd8831c9c9206ca967224d88
2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c
48cc567df93eb99a542c3a4c84cc27e363d4e2da5eeaf27527f3f5a7871318ad
52dc127d5e6245dd9b1f1ff1c75448817a69b5cc1bc6b64f6c0ee82b81e84cfa
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
b2ea2c659fb68dc2e92d7dd0e659a594f0b3bcb86ec96adc72904335f0003311
ea470c3755ab03df351ecd688c7a30dd0f98be3bcdb60df5a410c8ba582fc220
f3c8ccac95cb1dfdcb72f5addf1d0042ff1de141904ed5e2e2e9797e2abd2861

rc-ctyrlistek.cz Open in urlscan Pro 2606:4700:3036::ac43:8605 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

638 kBTransfer

1668 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

rc-ctyrlistek.cz Open in urlscan Pro
2606:4700:3036::ac43:8605 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

638 kB
Transfer

1668 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!