urlscan.io logo urlscan.io
SecurityTrails logo

c17n.wlocl.pl Open in urlscan Pro
188.114.96.3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://c17n.wlocl.pl/owa/secure.html
Effective URL: https://c17n.wlocl.pl/owa/secure.html
Submission: On October 25 via manual from US — Scanned from PL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is c17n.wlocl.pl.
TLS certificate: Issued by WE1 on October 13th 2024. Valid for: 3 months.
This is the only time c17n.wlocl.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
1 5 188.114.96.3 13335 (CLOUDFLAR...)
1 142.250.185.138 15169 (GOOGLE)
1 104.18.11.207 13335 (CLOUDFLAR...)
7 4
Apex Domain
Subdomains		 Transfer
5 c17n.wlocl.pl
c17n.wlocl.pl
34 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3270
16 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412
30 KB
0 bayltd.com Failed
webmail.bayltd.com Failed
7 4
Domain Requested by
5 c17n.wlocl.pl 1 redirects c17n.wlocl.pl
1 stackpath.bootstrapcdn.com c17n.wlocl.pl
1 ajax.googleapis.com c17n.wlocl.pl
0 webmail.bayltd.com Failed
7 4

This site contains no links.

Subject Issuer Validity Valid
c17n.wlocl.pl
WE1		 2024-10-13 -
2025-01-11		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
bootstrapcdn.com
WE1		 2024-09-20 -
2024-12-19		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://c17n.wlocl.pl/owa/secure.html
Frame ID: 87EE08884BB9EF1C5852090B870A6432
Requests: 10 HTTP requests in this frame

Frame: https://c17n.wlocl.pl/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js
Frame ID: 68068B37265F69FD158847076C5B44A2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Outlook

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

79 kB
Transfer

217 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://c17n.wlocl.pl/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://c17n.wlocl.pl/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request secure.html
c17n.wlocl.pl/owa/ 		59 KB
28 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c17n.wlocl.pl/owa/secure.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
566035cb648036fcb34e8e998f97f55932d472dbf2b20a23fba7fa5b6be9a6eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8d84e5968dd43bc4-WAW
content-encoding
br
content-type
text/html
date
Fri, 25 Oct 2024 20:18:37 GMT
last-modified
Fri, 25 Oct 2024 12:40:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ryuncqoEw9ACFbRzJZvu%2Fpp7%2Bq52k4IGBDW9TgnyjgTrWg2MAWWcTB1KTAWQJekhZ3Uq7ix3bMFNg09cuwOBIEV7V4BqVB67cM1hkmp0rvsqUADJrB9fXZgRkiffBk56"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=21733&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3983&recv_bytes=2392&delivery_rate=178495&cwnd=253&unsent_bytes=0&cid=40156a76c1e11a1d&ts=149&x=0"
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
segoeui-regular.ttf
c17n.wlocl.pl/owa/auth/15.2.922/themes/resources/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://c17n.wlocl.pl/owa/auth/15.2.922/themes/resources/segoeui-regular.ttf
Requested by
Host: c17n.wlocl.pl
URL: https://c17n.wlocl.pl/owa/secure.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://c17n.wlocl.pl
Referer
https://c17n.wlocl.pl/owa/secure.html

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
EXPIRED
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bOLKyaJS7hubMaLjtUogKFwT5zqGUHIJu0SAQtKLi3AQWDGxntrRmDx%2BXYwVK0NmUA4lNKvzbJuTGg18hb9FgTr9%2BHroO%2F1T%2BhKUW%2B0rZRtxZ%2BiT5OnWATJGP5p%2BycjT"}],"group":"cf-nel","max_age":604800}
cf-ray
8d84e59888693bc4-WAW
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=22314&sent=47&recv=34&lost=0&retrans=0&sent_bytes=32812&recv_bytes=2561&delivery_rate=858008&cwnd=257&unsent_bytes=0&cid=40156a76c1e11a1d&ts=456&x=0"
date
Fri, 25 Oct 2024 20:18:37 GMT
content-type
text/html; charset=iso-8859-1
vary
Accept-Encoding
server
cloudflare
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: c17n.wlocl.pl
URL: https://c17n.wlocl.pl/owa/secure.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f10.1e100.net
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://c17n.wlocl.pl/

Response headers

content-encoding
gzip
age
272806
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 16:31:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 16:31:51 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
30028
x-xss-protection
0
server
sffe
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: c17n.wlocl.pl
URL: https://c17n.wlocl.pl/owa/secure.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://c17n.wlocl.pl/

Response headers

cdn-status
200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"67176c242e1bdc20603c878dee836df3"
age
186647
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Fri, 25 Oct 2024 20:18:37 GMT
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-cachedat
10/31/2023 18:52:11
cdn-requestpullcode
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
ed766c17cdf45213b1538ae406b7f7a1
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.04
cf-ray
8d84e598bfbdb614-WAW
access-control-allow-origin
*
cdn-edgestorageid
852
server
cloudflare
cdn-requestcountrycode
US
main.js
c17n.wlocl.pl/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/ Frame 6806
Redirect Chain
  • https://c17n.wlocl.pl/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://c17n.wlocl.pl/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c17n.wlocl.pl/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js?
Protocol
H3
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f11291cfd852f6a81c0c59c99393997d2a09f6dda67ccb9ca40aabf0ea579f47
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FG8sYm072bG3IDsX8sJxH9%2FXJzQPdR2Kt21AQUVuvhWhMjgP6XDwTHdfl%2FSf5dqcQUJm0dz2bjOGs7H4beOaur2n%2BnG8Fs%2B3fmLX5N%2BouLzu4dpn2NlFY7X3m4Uzs0id"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8d84e59bf9ef3bc0-WAW
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23252&sent=14&recv=11&lost=0&retrans=0&sent_bytes=4976&recv_bytes=4659&delivery_rate=22778&cwnd=12000&unsent_bytes=0&cid=266217e178a9ee9a&ts=564&x=1", cfExtPri, cfHdrFlush;dur=0
date
Fri, 25 Oct 2024 20:18:38 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nMIT4IKjqKMW0f1twspYBj16JyJyRbwbYBAIA8xtfTqOtCTaCne7H%2BS4d%2FfeonxO4FiqrIbaXbJ6dic7bnjhtM5J8t8dELtpX3KRjmd41tdlmzaMiRwi4wR8%2BKriyOsq"}],"group":"cf-nel","max_age":604800}
cf-ray
8d84e59bb9953bc0-WAW
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=QUIC&rtt=22345&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4224&recv_bytes=4371&delivery_rate=588&cwnd=12000&unsent_bytes=0&cid=266217e178a9ee9a&ts=526&x=1", cfExtPri, cfHdrFlush;dur=0
date
Fri, 25 Oct 2024 20:18:38 GMT
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
favicon.ico
webmail.bayltd.com/owa/auth/15.2.922/themes/resources/ 		0
0
8d84e5968dd43bc4
c17n.wlocl.pl/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 6806 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c17n.wlocl.pl/cdn-cgi/challenge-platform/h/b/jsd/r/8d84e5968dd43bc4
Requested by
Host: c17n.wlocl.pl
URL: https://c17n.wlocl.pl/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HvMTu2jX24XJ63HoUinPmeWJrfWluvCIPBvFB3XvvdvFBNa9A2x3BKnSqwKfKsXiY6sI7lEYhiQjGlYgGW40FX7enKbHEM%2FPPVIF9TUv0gAn7lU7VHbirGzqTCwi3Qrm"}],"group":"cf-nel","max_age":604800}
cf-ray
8d84e59cbb253bc0-WAW
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=26072&sent=22&recv=28&lost=0&retrans=0&sent_bytes=9557&recv_bytes=21837&delivery_rate=127229&cwnd=12000&unsent_bytes=0&cid=266217e178a9ee9a&ts=695&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
0
date
Fri, 25 Oct 2024 20:18:38 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
priority
u=1,i

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
webmail.bayltd.com
URL
https://webmail.bayltd.com/owa/auth/15.2.922/themes/resources/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| _0x9d0fa6 function| _0x2bd6 function| initLogon function| redir function| shw function| hd function| clkSecExp function| kdSecExp function| clkSec function| clkBsc function| checkSubmit function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| _0x1b89 function| hres function| LogoffMime function| addPerfMarker function| _0x242d function| _0x4797 number| a_fRC number| g_fFcs function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr function| _0x59d307 function| _0xf5d7 object| mainLogonDiv string| mainLogonDivClassName function| setPlaceholderText function| _0x48e0 function| showPasswordClick function| $ function| jQuery object| bootstrap function| _0x3a8a function| _0xb72400 function| _0x2aa6

1 Cookies

Domain/Path Name / Value
.c17n.wlocl.pl/ Name: cf_clearance
Value: d7Ur0ZwTsyxVg8bck3yP1ta5cL9h3Pvb4atJfmsRyzk-1729887518-1.2.1.1-EU9WBQthdw5rvhAPxPMQZrClfn761xBjsJHtcwZTpDR0RUBlhWvvMCByJGtDWSx8A1FDJKEvPbwnkRMhy4aBSvR1WkkLTXVvq4rR9WhzBkpjS6rvYzhjK9JpAFMq.XBCZGXgS5oW0fvzs7GIRTdnKFMqyR9j3OoipV.nQ54xzhZcJt8VDE0ETCr.CFmTyBOK_Rju5yWziyzX1TJq_DsJLzWb4eMJbWuMG0JSnPn6p8w2Ht5OJMIV8DOzIXqIdne3yfI6pekcGrNJNow59OyBXwR3gTBY5URtwOorRBEJ13ypnJQgG7OKpzSIT1BPucL7sULH5qEYw1Mg0Yc8DXLoMvW3lXNQl88RryrEOhAJMavgeXWt00bvNuP86S6vqKc9

2 Console Messages

Source Level URL
Text
network error URL: https://c17n.wlocl.pl/owa/auth/15.2.922/themes/resources/segoeui-regular.ttf
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://c17n.wlocl.pl/owa/secure.html#
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o