rc-ctyrlistek.cz Open in urlscan Pro
2606:4700:3036::ac43:8605 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com
Submission: On June 11 via automatic, source openphish (June 11th 2021, 1:35:02 am UTC)

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3036::ac43:8605, located in United States and belongs to CLOUDFLARENET, US. The main domain is rc-ctyrlistek.cz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 10th 2021. Valid for: a year.

This is the only time rc-ctyrlistek.cz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook (Online)

Domain & IP information

	IP Address		AS Autonomous System
10	2606:4700:303... 2606:4700:3036::ac43:8605		13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	1

10 2606:4700:3036::ac43:8605 (United States)

ASN13335 (CLOUDFLARENET, US)

rc-ctyrlistek.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	rc-ctyrlistek.cz rc-ctyrlistek.cz	620 KB
10	1

	Domain	Requested by
10	rc-ctyrlistek.cz	rc-ctyrlistek.cz
10	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-10` - `2022-05-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com
Frame ID: 1D768D5F7BFCEDB0530E45F9B21D82AD
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

620 kB
Transfer

1668 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/	2 KB 1 KB	139ms 104ms	Document text/html	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 PleskLin Resource Hash `48cc567df93eb99a542c3a4c84cc27e363d4e2da5eeaf27527f3f5a7871318ad` Request headers :method GET :authority rc-ctyrlistek.cz :scheme https :path /OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/5.6.40 PleskLin cf-cache-status DYNAMIC cf-request-id 0a9a4e200c00004e44d63c6000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pQZfKlHA0C2Jgp39tXaBW12H7%2Fu6vhd%2BL6fmOsDsglwaUuwDZ8vXb%2FnCD6H3KQsujGs2YZi52OjKi0uBA3tmAaKZ2vD2Ug4l1MUNH4wCPGKbSaaxlK6qdbjxECdnzj5Su7iFpKlDFX8QmA%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 65d719467b854e44-FRA content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET H3-29	200	bootstrap.min.css rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/bootstrap/css/	138 KB 19 KB	119ms 109ms	Stylesheet text/css	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/bootstrap/css/bootstrap.min.css Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11` Request headers :path /OWA/auth-OWA/outlook/vendor/bootstrap/css/bootstrap.min.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT content-encoding br cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0a9a4e208600002b8967228000000001 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag W/"5f1a72bd-22688" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=L5iz0Zwb54RW58mgZA32LmlOTjB4X9au%2BrWTj0%2FSlesnB7OTKEXl1M%2FLdRD07YTHIJECYi%2FyBR%2BxU%2F4o2QsdFeSETxB5aUP%2FZr6gOTap2kZwNPu%2FuJOVyxMgrQhxI6yBBmx7CaGt13X0Kg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 65d719473d2c2b89-FRA
GET H3-29	200	all.css rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/	69 KB 13 KB	126ms 115ms	Stylesheet text/css	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/all.css Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `05b29e731ac5a3e11c7b0fcde0785296c564342bcd8831c9c9206ca967224d88` Request headers :path /OWA/auth-OWA/outlook/font-awesome/css/all.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,/;q=0.1 cache-control no-cache sec-fetch-dest style :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT content-encoding br cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0a9a4e208500002b895821a000000001 last-modified Fri, 24 Jul 2020 05:33:48 GMT server cloudflare etag W/"5f1a72bc-115ea" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=b2ZFHQSs0y2P0GkuPddTXh5EliMxjFbsV6Va0ZCemZH2DkP1cYvQ%2BUrQUX83hla%2FUJUZZj6j4ttiHxMdO60S9PeAF8DQ8k1zOmCdwroQsmIwka7rC%2FWfCsa9xRdQmxUeiyWrqCidCSIBWQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 65d719473d282b89-FRA
GET H3-29	200	logo.png rc-ctyrlistek.cz/OWA/auth-OWA/outlook/	17 KB 17 KB	119ms 110ms	Image image/png	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/logo.png Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `52dc127d5e6245dd9b1f1ff1c75448817a69b5cc1bc6b64f6c0ee82b81e84cfa` Request headers :path /OWA/auth-OWA/outlook/logo.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 16949 cf-request-id 0a9a4e208500002b897bbce000000001 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag "5f1a72bd-4235" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tKrwqM7jL%2BEC33Gimxdko%2FRiqiPTTFSa%2F8O9%2FbiE5wHwhC8c9pKyfNEUHwE%2FNhEq4cjjESuF%2B4e51fOSYHDhCgdDDFvLghw%2B%2FLQ6QBmMNX30k1zr3nGfr%2FJUL3wzlUoFyEEEW0vR3vNCEQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 65d719473d2a2b89-FRA
GET H3-29	200	outlook.png rc-ctyrlistek.cz/OWA/auth-OWA/outlook/	47 KB 48 KB	112ms 103ms	Image image/png	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/outlook.png Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `ea470c3755ab03df351ecd688c7a30dd0f98be3bcdb60df5a410c8ba582fc220` Request headers :path /OWA/auth-OWA/outlook/outlook.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 cache-control* no-cache sec-fetch-dest image :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 48430 cf-request-id 0a9a4e208600002b8952a50000000001 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag "5f1a72bd-bd2e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=E3A6rt0uJ1coJjRDlxYS1q42NHgSwQd9zW14x8ePwmsu%2F7ZGMmo4BlHzg5gVUGCOHT4lq2GsnsTNwSFA1lKO69nOuAVVrhMP17%2B%2BiZUPqGZZUz2PtcC6VoqjGSg3cTonHPGGPEHjQGy%2FzQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 65d719473d2e2b89-FRA
GET H3-29	200	jquery-2.2.3.min.js Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/jquery/	84 KB 29 KB	101ms 91ms	Script application/javascript	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/jquery/jquery-2.2.3.min.js Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a` Request headers :path /OWA/auth-OWA/outlook/vendor/jquery/jquery-2.2.3.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT content-encoding br cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0a9a4e208500002b895da1b000000001 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag W/"5f1a72bd-14e9b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sPFpkOw0fPlRFQUaWVPbIlkwcpLFpsQtTSxEGt68DUBh52PXpCoYa9VTSFHIf6PrZ%2B4hxdgRfKlcKp1CHkAabvxeKiMcR7Hb%2Bzkr%2FBZSNT8ctBu5aSYf146MmN3WhjWeJsfCilic7Mcf5w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 65d719473d292b89-FRA
GET H3-29	200	bootstrap.min.js Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/bootstrap/js/	50 KB 14 KB	107ms 97ms	Script application/javascript	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/vendor/bootstrap/js/bootstrap.min.js Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4` Request headers :path /OWA/auth-OWA/outlook/vendor/bootstrap/js/bootstrap.min.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT content-encoding br cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0a9a4e208400002b8977bd8000000001 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag W/"5f1a72bd-c75f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LPF0gB8fe8%2F9%2FQiyANgcUuNgIrRSOC42YnCU%2Fv%2By%2BxD3%2Fo%2BSYQzl5juItqsth5h%2BnNQPjzfKfntpQo7u7sv9B02e8e%2BtpKOa0PSuhUf%2BEMFL7Nwi6082qRePCO91BDEs1fAsAOPRtNi03A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 65d719473d242b89-FRA
GET H3-29	200	all.js Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/js/	1 MB 403 KB	141ms 132ms	Script application/javascript	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/js/all.js Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `f3c8ccac95cb1dfdcb72f5addf1d0042ff1de141904ed5e2e2e9797e2abd2861` Request headers :path /OWA/auth-OWA/outlook/font-awesome/js/all.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT content-encoding br cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0a9a4e208500002b8953290000000001 last-modified Fri, 24 Jul 2020 05:33:48 GMT server cloudflare etag W/"5f1a72bc-1281ec" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=exwwnRiNlWwrKQieZQ6TQLM5qAumKIfdDYaf57ehUn%2BRgATgVz1JLWaQ%2F9sVyxCbkt2%2BHSezrZWsabArED6USMdKEarea80QhyrBMeKddkMOE%2FxUnQ3hlVx6DfXVV8587vylnuH2rQ1IxA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 65d719473d262b89-FRA
GET H3-29	200	data.js Show response rc-ctyrlistek.cz/OWA/auth-OWA/outlook/js/	3 KB 1 KB	118ms 108ms	Script application/javascript	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/js/data.js Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/?email=basil.darwish@wellsfargo.com Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `b2ea2c659fb68dc2e92d7dd0e659a594f0b3bcb86ec96adc72904335f0003311` Request headers :path /OWA/auth-OWA/outlook/js/data.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept / cache-control no-cache sec-fetch-dest script :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/ :scheme https sec-fetch-site same-origin :method GET Referer https://rc-ctyrlistek.cz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT content-encoding br cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0a9a4e208500002b89278be000000001 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag W/"5f1a72bd-b09" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7thYkKM8meSptLrNd0UmGhZTl9ei6Y8FXHrxK3IdNRvcyPtO401QOosBKQIZI5iuvjAmJ0rxhwEbf2GDkADNN2VzsWm5b0LUJecO33jQDiN0Bind%2BhKSyzWkFxdN%2Fn9x0JLUpf9qvcgGwg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 65d719473d2b2b89-FRA
GET H3-29	200	fa-solid-900.woff2 rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/webfonts/	74 KB 75 KB	101ms 98ms	Font font/woff2	2606:4700:3036::ac43:8605 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/webfonts/fa-solid-900.woff2 Requested by Host: rc-ctyrlistek.cz URL: https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/all.css Protocol H3-29 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8605 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c` Request headers :path /OWA/auth-OWA/outlook/font-awesome/webfonts/fa-solid-900.woff2 pragma no-cache origin https://rc-ctyrlistek.cz accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept / cache-control no-cache sec-fetch-dest font :authority rc-ctyrlistek.cz referer https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/all.css :scheme https sec-fetch-site same-origin :method GET Origin https://rc-ctyrlistek.cz Referer https://rc-ctyrlistek.cz/OWA/auth-OWA/outlook/font-awesome/css/all.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 11 Jun 2021 01:34:44 GMT cf-cache-status REVALIDATED nel {"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 content-length 76120 cf-request-id 0a9a4e210b00002b893f071000000001 last-modified Fri, 24 Jul 2020 05:33:49 GMT server cloudflare etag "5f1a72bd-12958" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=oU4hvZPIQbjbKLg%2BhdX%2BPdAmHQZfqZ2kRdG38D6JYO3P883wUvDrGOBq31NqicTljeX3uWm1m4KNsFMexkHCT7omPFvWkwYgD%2FTtR2KPFlXCx%2FDctpx5FzqKDfWkr%2B5wwMmynCX3VAEsEg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 65d719481e092b89-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rc-ctyrlistek.cz
2606:4700:3036::ac43:8605
05b29e731ac5a3e11c7b0fcde0785296c564342bcd8831c9c9206ca967224d88
2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c
48cc567df93eb99a542c3a4c84cc27e363d4e2da5eeaf27527f3f5a7871318ad
52dc127d5e6245dd9b1f1ff1c75448817a69b5cc1bc6b64f6c0ee82b81e84cfa
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
b2ea2c659fb68dc2e92d7dd0e659a594f0b3bcb86ec96adc72904335f0003311
ea470c3755ab03df351ecd688c7a30dd0f98be3bcdb60df5a410c8ba582fc220
f3c8ccac95cb1dfdcb72f5addf1d0042ff1de141904ed5e2e2e9797e2abd2861

rc-ctyrlistek.cz Open in urlscan Pro 2606:4700:3036::ac43:8605 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

620 kBTransfer

1668 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

rc-ctyrlistek.cz Open in urlscan Pro
2606:4700:3036::ac43:8605 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

620 kB
Transfer

1668 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!