historyliteracy.org Open in urlscan Pro
162.254.116.43 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Submission: On November 16 via automatic, source openphish (November 16th 2021, 1:12:40 am UTC) — Scanned from DE

Summary HTTP 23 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 23 HTTP transactions. The main IP is 162.254.116.43, located in United States and belongs to HOSTDUPLEX, US. The main domain is historyliteracy.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 12th 2021. Valid for: 3 months.

This is the only time historyliteracy.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Raiffeisen Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
8	162.254.116.43 162.254.116.43	54555 (HOSTDUPLEX) (HOSTDUPLEX)
15	82.99.166.100 82.99.166.100	25248 (BLUETONE-...) (BLUETONE-AS The Czech Republic)
23	2

8 162.254.116.43 (United States)

ASN54555 (HOSTDUPLEX, US)
PTR: hera.fortifiedserver.net

historyliteracy.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 82.99.166.100 (Hrusovany nad Jevisovkou, Czech Republic)

ASN25248 (BLUETONE-AS The Czech Republic, CZ)
PTR: 82-99-166-100.static.bluetone.cz

online.rb.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	rb.cz online.rb.cz	575 KB
8	historyliteracy.org historyliteracy.org	14 KB
23	2

	Domain	Requested by
15	online.rb.cz	historyliteracy.org online.rb.cz
8	historyliteracy.org	historyliteracy.org online.rb.cz
23	2

This site contains links to these domains. Also see Links.

Domain
www.rb.cz

Subject Issuer	Validity	Valid
historyliteracy.org cPanel, Inc. Certification Authority	`2021-10-12` - `2022-01-10`	3 months	crt.sh
online.rb.cz DigiCert SHA2 Extended Validation Server CA	`2021-09-16` - `2022-10-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Frame ID: FE98D9D70A5F3278FA90A59664547ABE
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Raiffeisenbank

Page Statistics

23
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

589 kB
Transfer

1450 kB
Size

6
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.rb.cz/

Search URL Search Domain Scan URL

URL: https://www.rb.cz/o-nas/kontakty
Title: Kontakty

Search URL Search Domain Scan URL

URL: https://www.rb.cz/informacni-servis/doplnkove-informace-k-produktum/bezpecne-bankovnictvi/bezpecnost-internetoveho-bankovnictvi
Title: Bezpečnost

Search URL Search Domain Scan URL

URL: https://www.rb.cz/osobni/ucty-a-bankovnictvi/internetove-bankovnictvi/internetove-bankovnictvi-faq-new
Title: Nápověda

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/ 13 KB
4 KB 644ms
176ms Document
text/html 162.254.116.43
HOSTDUPLEX

General

Check archive.org

Show headers Download Go to

Full URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.254.116.43 , United States, ASN54555 (HOSTDUPLEX, US),
Reverse DNS: hera.fortifiedserver.net
Software: LiteSpeed /
Resource Hash: 380df437179df2a8a90ef2bae45f24754ec2e689aca5768e594d919a000c91e8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html
last-modified: Mon, 15 Nov 2021 17:38:55 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3701
date: Tue, 16 Nov 2021 01:12:33 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET
H2 200 ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js Show response
online.rb.cz/gaas/ 228 KB
87 KB 89ms
16ms Script
text/javascript 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to

Full URL

https://online.rb.cz/gaas/ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js

Requested by

Host: historyliteracy.org
URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

RBCZ /

Resource Hash

945c79d14bb4f553651762a70a28818267b5a3ec84972396c09d7e9b7f1ed896

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
web: apa1wp1
content-length: 87797
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Wed, 03 Mar 2010 07:01:40 GMT
server: RBCZ
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 styles.909a8326a05fa9229ee5.css
online.rb.cz/gaas/authorize/login/ 453 KB
76 KB 118ms
45ms Stylesheet
text/css 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to

Full URL

https://online.rb.cz/gaas/authorize/login/styles.909a8326a05fa9229ee5.css

Requested by

Host: historyliteracy.org
URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

c5399aeef90c60e5a6492afa599821d6fcbfb38bc4eeaa85264afc3f5dfae8a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
x-correlation-id: 470447d5-467a-11ec-a8d9-6ba460e5da4b
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="701483610"
web: apa1wp1
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:05:44 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
content-encoding: gzip
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 gib-fragments.css
online.rb.cz/app/gib/ 245 KB
28 KB 110ms
38ms Stylesheet
text/css 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to

Full URL

https://online.rb.cz/app/gib/gib-fragments.css

Requested by

Host: historyliteracy.org
URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

RBCZ /

Resource Hash

3a5453932ab32efebdaa2d9d68b64740eca9ab41c99392144b88c7b55e169ee5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: dtRpid;desc="-808140803"
web: apa1wp1
vary: Accept-Encoding
content-length: 28411
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Mon, 15 Nov 2021 12:06:04 GMT
server: RBCZ
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=60
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Tue, 16 Nov 2021 01:13:33 GMT

GET
H2 404 runtime.4b3e0924272f3f1cd5b3.js
historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/ 0
0 2284ms
2283ms Script
text/html 162.254.116.43
HOSTDUPLEX

General

Check archive.org

Show headers Download Go to

Full URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/runtime.4b3e0924272f3f1cd5b3.js
Requested by: Host: historyliteracy.org
URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.254.116.43 , United States, ASN54555 (HOSTDUPLEX, US),
Reverse DNS: hera.fortifiedserver.net
Software: LiteSpeed /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
content-encoding: gzip
server: LiteSpeed
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://historyliteracy.org/wordpress/index.php/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 polyfills.a032d72b2e443c1a0dcc.js
historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/ 0
0 2280ms
2280ms Script
text/html 162.254.116.43
HOSTDUPLEX

General

Check archive.org

Show headers Download Go to

Full URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/polyfills.a032d72b2e443c1a0dcc.js
Requested by: Host: historyliteracy.org
URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.254.116.43 , United States, ASN54555 (HOSTDUPLEX, US),
Reverse DNS: hera.fortifiedserver.net
Software: LiteSpeed /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
content-encoding: gzip
server: LiteSpeed
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://historyliteracy.org/wordpress/index.php/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 scripts.541c83bb9cb6c140515c.js
historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/ 0
0 2279ms
2278ms Script
text/html 162.254.116.43
HOSTDUPLEX

General

Check archive.org

Show headers Download Go to

Full URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/scripts.541c83bb9cb6c140515c.js
Requested by: Host: historyliteracy.org
URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.254.116.43 , United States, ASN54555 (HOSTDUPLEX, US),
Reverse DNS: hera.fortifiedserver.net
Software: LiteSpeed /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
content-encoding: gzip
server: LiteSpeed
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://historyliteracy.org/wordpress/index.php/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 vendor.8befbc06ed70e2861191.js
historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/ 0
0 2444ms
2444ms Script
text/html 162.254.116.43
HOSTDUPLEX

General

Check archive.org

Show headers Download Go to

Full URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/vendor.8befbc06ed70e2861191.js
Requested by: Host: historyliteracy.org
URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.254.116.43 , United States, ASN54555 (HOSTDUPLEX, US),
Reverse DNS: hera.fortifiedserver.net
Software: LiteSpeed /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
content-encoding: gzip
server: LiteSpeed
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://historyliteracy.org/wordpress/index.php/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 main.c87dea3a4da0b73c1d09.js
historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/ 0
0 2445ms
2444ms Script
text/html 162.254.116.43
HOSTDUPLEX

General

Check archive.org

Show headers Download Go to

Full URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/main.c87dea3a4da0b73c1d09.js
Requested by: Host: historyliteracy.org
URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.254.116.43 , United States, ASN54555 (HOSTDUPLEX, US),
Reverse DNS: hera.fortifiedserver.net
Software: LiteSpeed /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
content-encoding: gzip
server: LiteSpeed
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://historyliteracy.org/wordpress/index.php/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 login-background.cf19ccff4c94cf3a2c16.png
online.rb.cz/gaas/authorize/login/ 86 KB
87 KB 23ms
23ms Image
image/png 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/login-background.cf19ccff4c94cf3a2c16.png

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/authorize/login/styles.909a8326a05fa9229ee5.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

f7c9b9e3268768128bcc27bff0af10777b1b8e2539b39d572629ee1adec71a60

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://online.rb.cz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
x-correlation-id: 471c1598-467a-11ec-a8d9-6ba460e5da4b
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="2095285464"
web: apa1wp1
content-length: 87833
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sun, 17 Oct 2021 06:15:09 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 rbi-logo.f7b286a63ab565b6d909.jpg
online.rb.cz/gaas/authorize/login/ 7 KB
7 KB 22ms
22ms Image
image/jpeg 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/rbi-logo.f7b286a63ab565b6d909.jpg

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/authorize/login/styles.909a8326a05fa9229ee5.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

7b485e6f6205b727e25e39f8ad56656c9a2cfa89d335e61e19308f844b09fa47

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://online.rb.cz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
x-correlation-id: 471c15ec-467a-11ec-bc0d-d34867151ab5
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="-2122835736"
web: apa1wp1
content-length: 7181
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:08:03 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 icon-sms-normal.a1ed23ce8a792dba46ea.png
online.rb.cz/gaas/authorize/login/ 1 KB
1 KB 19ms
19ms Image
image/png 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/icon-sms-normal.a1ed23ce8a792dba46ea.png

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/authorize/login/styles.909a8326a05fa9229ee5.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

0679c87b2cfcf6ce33093fa7ee14fa86a839f3f926a986e1b8b1d962ef3f0efa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://online.rb.cz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
x-correlation-id: 471bc829-467a-11ec-9508-8b74f0c663cc
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="-1722209928"
web: apa1wp1
content-length: 1090
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:07:29 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 icon-phone-footer.8ec7664941533cb9438d.png
online.rb.cz/gaas/authorize/login/ 4 KB
4 KB 19ms
18ms Image
image/png 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/icon-phone-footer.8ec7664941533cb9438d.png

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/authorize/login/styles.909a8326a05fa9229ee5.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

c9b82a008c17eb547ed2993d77b1ae642f4c7743f85b6b5f1fb897996182a888

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://online.rb.cz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
x-correlation-id: 471bc7f4-467a-11ec-8b6e-b347144da4d1
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="-372521274"
web: apa1wp1
content-length: 3703
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:07:43 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 icon-mail-info-footer.82d1ba035d285b0df64c.png
online.rb.cz/gaas/authorize/login/ 5 KB
5 KB 20ms
19ms Image
image/png 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/icon-mail-info-footer.82d1ba035d285b0df64c.png

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/authorize/login/styles.909a8326a05fa9229ee5.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

0ee076fb765d7807b041a3a2685e7f052697c8a98db482ad12cd2a3135a3caaa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://online.rb.cz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
x-correlation-id: 471c1628-467a-11ec-bd63-ad79b1cdecae
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="299225726"
web: apa1wp1
content-length: 5114
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:05:30 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 Amalia-Regular.8bd5843b385b2aa0df1f.otf
online.rb.cz/gaas/authorize/login/ 134 KB
87 KB 66ms
36ms Font
application/x-font-opentype 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to

Full URL

https://online.rb.cz/gaas/authorize/login/Amalia-Regular.8bd5843b385b2aa0df1f.otf

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/authorize/login/styles.909a8326a05fa9229ee5.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

c2c7e7463f437f7b4369eb3f00118844d14537b896f8bbe3d2a185cada07900e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://online.rb.cz/
Origin: https://historyliteracy.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
x-correlation-id: 47208312-467a-11ec-a77c-e9d3867e4d6f
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="-1301581352"
web: apa1wp1
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:06:06 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
etag: "1634425567:dtagent10217210531114014sf2I"
vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-font-opentype
access-control-allow-origin: *
content-encoding: gzip
access-control-expose-headers: WWW-Authenticate
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 Amalia-Bold.1e924b0eab4b18188321.otf
online.rb.cz/gaas/authorize/login/ 137 KB
89 KB 51ms
21ms Font
application/x-font-opentype 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to

Full URL

https://online.rb.cz/gaas/authorize/login/Amalia-Bold.1e924b0eab4b18188321.otf

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/authorize/login/styles.909a8326a05fa9229ee5.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

0774cb1ee16432c6be1c0f348f6e4745dc89e42d51cb52ebc33f7f94ea3361a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://online.rb.cz/
Origin: https://historyliteracy.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:33 GMT
x-correlation-id: 47205c0f-467a-11ec-8104-0d7db8f97c80
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="1471686249"
web: apa1wp1
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:05:52 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
etag: "1634425553:dtagent10217210531114014sf2I"
vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-font-opentype
access-control-allow-origin: *
content-encoding: gzip
access-control-expose-headers: WWW-Authenticate
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 login-background.cf19ccff4c94cf3a2c16.png
online.rb.cz/gaas/authorize/login/ 86 KB
87 KB 20ms
20ms Image
image/png 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/login-background.cf19ccff4c94cf3a2c16.png

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

f7c9b9e3268768128bcc27bff0af10777b1b8e2539b39d572629ee1adec71a60

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
x-correlation-id: 488e43d7-467a-11ec-beb3-5db4e987889a
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="-440772272"
web: apa1wp1
content-length: 87833
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sun, 17 Oct 2021 07:39:53 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 rbi-logo.f7b286a63ab565b6d909.jpg
online.rb.cz/gaas/authorize/login/ 7 KB
7 KB 19ms
18ms Image
image/jpeg 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/rbi-logo.f7b286a63ab565b6d909.jpg

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

7b485e6f6205b727e25e39f8ad56656c9a2cfa89d335e61e19308f844b09fa47

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
x-correlation-id: 488e43c7-467a-11ec-8b6e-b347144da4d1
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="-1741878548"
web: apa1wp1
content-length: 7181
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:06:24 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 icon-sms-normal.a1ed23ce8a792dba46ea.png
online.rb.cz/gaas/authorize/login/ 1 KB
1 KB 42ms
41ms Image
image/png 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/icon-sms-normal.a1ed23ce8a792dba46ea.png

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

0679c87b2cfcf6ce33093fa7ee14fa86a839f3f926a986e1b8b1d962ef3f0efa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
x-correlation-id: 488e6aa1-467a-11ec-9806-5d28d99f77ce
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="-382966759"
web: apa1wp1
content-length: 1090
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:06:09 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 icon-phone-footer.8ec7664941533cb9438d.png
online.rb.cz/gaas/authorize/login/ 4 KB
4 KB 42ms
42ms Image
image/png 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/icon-phone-footer.8ec7664941533cb9438d.png

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

c9b82a008c17eb547ed2993d77b1ae642f4c7743f85b6b5f1fb897996182a888

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
x-correlation-id: 488e91d3-467a-11ec-a6af-b1b1469b29a2
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="184700426"
web: apa1wp1
content-length: 3703
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:05:30 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 icon-mail-info-footer.82d1ba035d285b0df64c.png
online.rb.cz/gaas/authorize/login/ 5 KB
5 KB 42ms
42ms Image
image/png 82.99.166.100
BLUETONE-AS The C...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.rb.cz/gaas/authorize/login/icon-mail-info-footer.82d1ba035d285b0df64c.png

Requested by

Host: online.rb.cz
URL: https://online.rb.cz/gaas/ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

82.99.166.100 Hrusovany nad Jevisovkou, Czech Republic, ASN25248 (BLUETONE-AS The Czech Republic, CZ),

Reverse DNS

82-99-166-100.static.bluetone.cz

Software

rb.cz /

Resource Hash

0ee076fb765d7807b041a3a2685e7f052697c8a98db482ad12cd2a3135a3caaa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://historyliteracy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 01:12:35 GMT
x-correlation-id: 488e91ae-467a-11ec-bdf5-6f82c34d88a2
x-content-type-options: nosniff
x-oneagent-js-injection: true
server-timing: dtRpid;desc="-1759553886"
web: apa1wp1
content-length: 5114
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin
last-modified: Sat, 16 Oct 2021 23:05:30 GMT
server: rb.cz
x-frame-options: SAMEORIGIN
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, must-revalidate
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'self'; gyroscope 'none'; magnetometer 'none'; microphone 'none';fullscreen 'self'; sync-xhr 'self'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rb.cz; connect-src 'self' online.rb.cz trt.rb.cz chat.rb.cz; img-src 'self' data: * online.rb.cz; style-src 'self' chat.rb.cz 'unsafe-inline'; font-src 'self' chat.rb.cz data:
accept-ranges: bytes
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H3 404 dynaTraceMonitor Show response
historyliteracy.org/dt/ 18 KB
5 KB 202ms
201ms XHR
text/html 162.254.116.43
HOSTDUPLEX

General

Check archive.org

Show headers Download Go to

Full URL: https://historyliteracy.org/dt/dynaTraceMonitor?crc=3391212175;end=1
Requested by: Host: online.rb.cz
URL: https://online.rb.cz/gaas/ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.254.116.43 , United States, ASN54555 (HOSTDUPLEX, US),
Reverse DNS: hera.fortifiedserver.net
Software: LiteSpeed /
Resource Hash: 3a93782b3bc07094e832d4cace24c1b685b363171463d2439f56be663868e2e5

Request headers

Referer: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 01:12:37 GMT
content-encoding: gzip
server: LiteSpeed
link: <https://historyliteracy.org/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 4846
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H3 404 dynaTraceMonitor Show response
historyliteracy.org/dt/ 18 KB
5 KB 201ms
201ms XHR
text/html 162.254.116.43
HOSTDUPLEX

General

Check archive.org

Show headers Download Go to

Full URL: https://historyliteracy.org/dt/dynaTraceMonitor?crc=2855341747;end=1
Requested by: Host: online.rb.cz
URL: https://online.rb.cz/gaas/ruxitagentjs_ICA27SVfgjqrux_10217210531114014.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.254.116.43 , United States, ASN54555 (HOSTDUPLEX, US),
Reverse DNS: hera.fortifiedserver.net
Software: LiteSpeed /
Resource Hash: 3a93782b3bc07094e832d4cace24c1b685b363171463d2439f56be663868e2e5

Request headers

Referer: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 01:12:39 GMT
content-encoding: gzip
server: LiteSpeed
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://historyliteracy.org/wp-json/>; rel="https://api.w.org/"
content-length: 4846
expires: Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Raiffeisen Bank (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.historyliteracy.org/	1969-12-31 23:59:59	Name: dtCookie Value: -15$8GFV4HI1I5PHVRJ4QBL4GPR2SE02JQ6F
.historyliteracy.org/	1970-01-20 16:14:57	Name: rxVisitor Value: 1637025153413F0F2GLVIBICS6BT16O4O8ARMJTIOHQMU
.historyliteracy.org/	1969-12-31 23:59:59	Name: dtSa Value: -
.historyliteracy.org/	1969-12-31 23:59:59	Name: dtLatC Value: 234
.historyliteracy.org/	1969-12-31 23:59:59	Name: rxvt Value: 1637026955927\|1637025153415
.historyliteracy.org/	1969-12-31 23:59:59	Name: dtPC Value: -15$225153410_176h-vDRAFTNHHIRKOMQSVNKRTRCIPKDEFCPVA-0

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/scripts.541c83bb9cb6c140515c.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/polyfills.a032d72b2e443c1a0dcc.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/runtime.4b3e0924272f3f1cd5b3.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/vendor.8befbc06ed70e2861191.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://historyliteracy.org/wordpress/wp-admin/maint/raiffcz/6fbaf48dda17929b15d27a7bf1add844/main.c87dea3a4da0b73c1d09.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://historyliteracy.org/dt/dynaTraceMonitor?crc=3391212175;end=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://historyliteracy.org/dt/dynaTraceMonitor?crc=2855341747;end=1 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

historyliteracy.org
online.rb.cz
162.254.116.43
82.99.166.100
0679c87b2cfcf6ce33093fa7ee14fa86a839f3f926a986e1b8b1d962ef3f0efa
0774cb1ee16432c6be1c0f348f6e4745dc89e42d51cb52ebc33f7f94ea3361a1
0ee076fb765d7807b041a3a2685e7f052697c8a98db482ad12cd2a3135a3caaa
380df437179df2a8a90ef2bae45f24754ec2e689aca5768e594d919a000c91e8
3a5453932ab32efebdaa2d9d68b64740eca9ab41c99392144b88c7b55e169ee5
3a93782b3bc07094e832d4cace24c1b685b363171463d2439f56be663868e2e5
7b485e6f6205b727e25e39f8ad56656c9a2cfa89d335e61e19308f844b09fa47
945c79d14bb4f553651762a70a28818267b5a3ec84972396c09d7e9b7f1ed896
c2c7e7463f437f7b4369eb3f00118844d14537b896f8bbe3d2a185cada07900e
c5399aeef90c60e5a6492afa599821d6fcbfb38bc4eeaa85264afc3f5dfae8a1
c9b82a008c17eb547ed2993d77b1ae642f4c7743f85b6b5f1fb897996182a888
f7c9b9e3268768128bcc27bff0af10777b1b8e2539b39d572629ee1adec71a60

historyliteracy.org Open in urlscan Pro 162.254.116.43 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

23 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

589 kBTransfer

1450 kBSize

6 Cookies

4 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

6 Cookies

7 Console Messages

Indicators

historyliteracy.org Open in urlscan Pro
162.254.116.43 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

589 kB
Transfer

1450 kB
Size

6
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!