sailentea.cz Open in urlscan Pro
93.185.104.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://slalashprix.online/
Effective URL:
http://sailentea.cz/schi.html
Submission: On November 22 via manual (November 22nd 2019, 12:47:45 pm UTC) from US

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 5 countries across 6 domains to perform 18 HTTP transactions. The main IP is 93.185.104.30, located in Czech Republic and belongs to VSHOSTING, CZ. The main domain is sailentea.cz.

This is the only time sailentea.cz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.64.119.44 192.64.119.44	22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap)
1	93.185.104.30 93.185.104.30	43541 (VSHOSTING) (VSHOSTING)
1	212.158.161.21 212.158.161.21	197695 (AS-REG) (AS-REG)
4	104.111.236.50 104.111.236.50	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
9	104.111.250.201 104.111.250.201	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	106.247.251.66 106.247.251.66	3786 (LGDACOM L...) (LGDACOM LG DACOM Corporation)
2 4	2a01:7c8:ec:0... 2a01:7c8:ec:0:149:210:196:91	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
18	6

1 192.64.119.44 (Los Angeles, United States) 1 redirects

ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)

slalashprix.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.185.104.30 (Czech Republic)

ASN43541 (VSHOSTING, CZ)
PTR: www20.pipni.cz

sailentea.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.158.161.21 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: techmill.ru

techmill.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.236.50 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-236-50.deploy.static.akamaitechnologies.com

online.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.111.250.201 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-250-201.deploy.static.akamaitechnologies.com

www.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 106.247.251.66 (Korea, Republic Of)

ASN3786 (LGDACOM LG DACOM Corporation, KR)

106.247.251.66	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a01:7c8:ec:0:149:210:196:91 (Netherlands) 2 redirects

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)

www.s2.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	aexp-static.com www.aexp-static.com	125 KB
4	s2.be 2 redirects www.s2.be	514 B
4	americanexpress.com online.americanexpress.com	74 KB
1	techmill.net techmill.net	76 KB
1	sailentea.cz sailentea.cz	634 B
1	slalashprix.online 1 redirects slalashprix.online	235 B
18	6

	Domain	Requested by
9	www.aexp-static.com	sailentea.cz
4	www.s2.be	2 redirects sailentea.cz
4	online.americanexpress.com	techmill.net sailentea.cz
1	techmill.net	sailentea.cz
1	sailentea.cz
1	slalashprix.online	1 redirects
18	6

This site contains no links.

Subject Issuer	Validity	Valid
online.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2018-08-08` - `2020-07-23`	2 years	crt.sh
*.s2.be Let's Encrypt Authority X3	`2019-11-11` - `2020-02-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://sailentea.cz/schi.html
Frame ID: 2F856CFA8A9B002D937A641B15E46CB5
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://slalashprix.online/ HTTP 302
http://sailentea.cz/schi.html Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

18
Requests

83 %
HTTPS

14 %
IPv6

6
Domains

6
Subdomains

6
IPs

5
Countries

276 kB
Transfer

367 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://slalashprix.online/ HTTP 302
http://sailentea.cz/schi.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://www.s2.be/aexp-static/spacer.png HTTP 301
https://www.s2.be/aexp-static/spacer.png

Request Chain 8

http://www.s2.be/aexp-static/spacer.png HTTP 301
https://www.s2.be/aexp-static/spacer.png

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request schi.html Show response
sailentea.cz/
Redirect Chain

http://slalashprix.online/
http://sailentea.cz/schi.html

477 B
634 B

122ms
77ms

Document
text/html

93.185.104.30
VSHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: http://sailentea.cz/schi.html
Protocol: HTTP/1.1
Server: 93.185.104.30 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS: www20.pipni.cz
Software: Apache /
Resource Hash: f2247c91c5839640b73f4b7404c945207dae3c465fb86f83071cce669e04ecb7

Request headers

Host: sailentea.cz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Fri, 22 Nov 2019 12:47:28 GMT
Server: Apache
Last-Modified: Thu, 21 Nov 2019 07:30:14 GMT
ETag: "30e73a6-1dd-597d644a4cd80"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 336
Connection: close
Content-Type: text/html

Redirect headers

Server: nginx
Date: Fri, 22 Nov 2019 12:47:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 52
Connection: keep-alive
Location: http://sailentea.cz/schi.html
X-Served-By: Namecheap URL Forward

GET
H/1.1 200
OK pow.js Show response
techmill.net/public/ 76 KB
76 KB 173ms
126ms Script
text/javascript 212.158.161.21
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: http://techmill.net/public/pow.js
Requested by: Host: sailentea.cz
URL: http://sailentea.cz/schi.html
Protocol: HTTP/1.1
Server: 212.158.161.21 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: techmill.ru
Software: DMAS/1.1 /
Resource Hash: 08aeac2c8b8abdcb9474a675cb0982c762ac88e263e819f5af4c2a874f115318

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Fri, 22 Nov 2019 12:47:20 GMT
Last-Modified: Thu, 21 Nov 2019 21:04:21 GMT
Server: DMAS/1.1
Connection: Close
ETag: "3759258988"
Content-Length: 77820
Content-Type: text/javascript

GET
H2 200 fuidFypDefault.css
online.americanexpress.com/myca/fuidfyp/us/resources/css/ 19 KB
7 KB 265ms
40ms Stylesheet
text/css 104.111.236.50
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.americanexpress.com/myca/fuidfyp/us/resources/css/fuidFypDefault.css

Requested by

Host: techmill.net
URL: http://techmill.net/public/pow.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.236.50 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-236-50.deploy.static.akamaitechnologies.com

Software

Resource Hash

e599503c3bdee1fef6065e575091caef7a56b463e751886b298304379eab47b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Fri, 22 Nov 2019 12:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Nov 2016 09:17:19 GMT
vary: Accept-Encoding
content-type: text/css
status: 200
strict-transport-security: max-age=15768000 ; includeSubDomains
accept-ranges: bytes
content-length: 6707

GET
H2 200 inav_responsive.css
www.aexp-static.com/nav/ngn/css/ 93 KB
12 KB 95ms
35ms Stylesheet
text/css 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aexp-static.com/nav/ngn/css/inav_responsive.css

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

7f1b85f13e643de7a8dd568b6073849d777a677a7d699229b8eb2fdb787ff2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000;
content-encoding: gzip
last-modified: Wed, 11 Apr 2018 19:54:17 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
date: Fri, 22 Nov 2019 12:47:28 GMT
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=86400
accept-ranges: bytes
timing-allow-origin: *
content-length: 11740

GET
H/1.1 404
Not Found footer.php
106.247.251.66/tr/ 1 KB
1 KB 575ms
562ms Image
text/html 106.247.251.66
LGDACOM LG DACOM ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://106.247.251.66/tr/footer.php?image=att.gif
Requested by: Host: techmill.net
URL: http://techmill.net/public/pow.js
Protocol: HTTP/1.1
Server: 106.247.251.66 , Korea, Republic Of, ASN3786 (LGDACOM LG DACOM Corporation, KR),
Reverse DNS
Software: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.11 /
Resource Hash: a7abcba5b71f2afefdb2f4666d3aad8fa04497ab43606faa3c022a3dde8a33d5

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Fri, 22 Nov 2019 12:47:29 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.11
Vary: accept-language,accept-charset
Content-Language: en
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=5, max=100

GET
H/1.1

404
Not Found

spacer.png
www.s2.be/aexp-static/
Redirect Chain

http://www.s2.be/aexp-static/spacer.png
https://www.s2.be/aexp-static/spacer.png

0
0

69ms
22ms

Image
text/html

2a01:7c8:ec:0:149:210:196:91
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.s2.be/aexp-static/spacer.png
Requested by: Host: sailentea.cz
URL: http://sailentea.cz/schi.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a01:7c8:ec:0:149:210:196:91 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Redirect headers

Location: https://www.s2.be/aexp-static/spacer.png
Date: Fri, 22 Nov 2019 12:47:28 GMT
X-TransIP-Balancer: lb1
X-TransIP-Backend: web246
Server: Apache
Content-Length: 248
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 OCA_body-background.gif
online.americanexpress.com/myca/oce/us/oce/images/actreg/ 16 KB
16 KB 71ms
71ms Image
image/gif 104.111.236.50
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.americanexpress.com/myca/oce/us/oce/images/actreg/OCA_body-background.gif

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.236.50 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-236-50.deploy.static.akamaitechnologies.com

Software

Resource Hash

c05cee2eb8aacab52bba3b3dd940b68055fc11a088302418c776efa459f63884

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Fri, 22 Nov 2019 12:47:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 15 Nov 2018 20:11:11 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains
content-type: image/gif
status: 200
cache-control: private, must-revalidate, max-age=551143
accept-ranges: bytes
content-length: 16020

GET
H2 200 clear.gif
www.aexp-static.com/nav/ngn/img/ 43 B
214 B 31ms
31ms Image
image/gif 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aexp-static.com/nav/ngn/img/clear.gif

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000;
last-modified: Thu, 02 Mar 2017 09:23:00 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
date: Fri, 22 Nov 2019 12:47:28 GMT
content-type: image/gif
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
timing-allow-origin: *
content-length: 43

GET
H2 200 logo_bluebox_1x.gif
www.aexp-static.com/nav/ngn/img/ 4 KB
4 KB 72ms
72ms Image
image/gif 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aexp-static.com/nav/ngn/img/logo_bluebox_1x.gif

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000;
last-modified: Thu, 02 Mar 2017 09:26:41 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
date: Fri, 22 Nov 2019 12:47:28 GMT
content-type: image/gif
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
timing-allow-origin: *
content-length: 4424

GET
H/1.1

404
Not Found

spacer.png
www.s2.be/aexp-static/
Redirect Chain

http://www.s2.be/aexp-static/spacer.png
https://www.s2.be/aexp-static/spacer.png

0
0

33ms
33ms

Image
text/html

2a01:7c8:ec:0:149:210:196:91
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.s2.be/aexp-static/spacer.png
Requested by: Host: sailentea.cz
URL: http://sailentea.cz/schi.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a01:7c8:ec:0:149:210:196:91 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Redirect headers

Location: https://www.s2.be/aexp-static/spacer.png
Date: Fri, 22 Nov 2019 12:47:28 GMT
X-TransIP-Balancer: lb1
X-TransIP-Backend: web246
Server: Apache
Content-Length: 248
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 spacer.png
online.americanexpress.com/myca/fuidfyp/us/resources/images/ 922 B
1 KB 36ms
36ms Image
image/png 104.111.236.50
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.americanexpress.com/myca/fuidfyp/us/resources/images/spacer.png

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.236.50 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-236-50.deploy.static.akamaitechnologies.com

Software

Resource Hash

e989c2542a6af77569f5b65286bf132dd113c75810c71866dacba5d025d68bc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Fri, 22 Nov 2019 12:47:28 GMT
x-content-type-options: nosniff
last-modified: Tue, 08 Nov 2016 09:17:19 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains
content-type: image/png
status: 200
cache-control: private, must-revalidate, max-age=442477
accept-ranges: bytes
content-length: 922

GET
H2 200 iNav_ngi_sprite_new.gif
www.aexp-static.com/nav/ngn/img/ 23 KB
23 KB 52ms
52ms Image
image/gif 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aexp-static.com/nav/ngn/img/iNav_ngi_sprite_new.gif?ver=0916_01

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000;
last-modified: Thu, 02 Mar 2017 09:26:29 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
date: Fri, 22 Nov 2019 12:47:28 GMT
x-frame-options: SAMEORIGIN
content-type: image/gif
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
timing-allow-origin: *
content-length: 23367

GET
H2 200 img_shdw_mainNav.png
www.aexp-static.com/nav/ngn/img/ 143 B
338 B 71ms
71ms Image
image/png 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aexp-static.com/nav/ngn/img/img_shdw_mainNav.png

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://sailentea.cz/schi.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000;
last-modified: Thu, 02 Mar 2017 09:24:34 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
date: Fri, 22 Nov 2019 12:47:28 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
timing-allow-origin: *
content-length: 143

GET
H2 200 3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/nav/ngn/fonts/ 36 KB
37 KB 86ms
31ms Font
application/x-font-woff 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
Origin: http://sailentea.cz

Response headers

strict-transport-security: max-age=15552000;
last-modified: Thu, 02 Mar 2017 09:12:19 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
date: Fri, 22 Nov 2019 12:47:28 GMT
access-control-max-age: 15778463
access-control-allow-methods: GET
content-type: application/x-font-woff
status: 200
cache-control: max-age=29030400
accept-ranges: bytes
timing-allow-origin: *
content-length: 37153

GET
H2 200 amex-fuid-sprite.png
online.americanexpress.com/myca/fuidfyp/us/resources/images/ 49 KB
50 KB 32ms
32ms Image
image/png 104.111.236.50
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.americanexpress.com/myca/fuidfyp/us/resources/images/amex-fuid-sprite.png

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.236.50 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-236-50.deploy.static.akamaitechnologies.com

Software

Resource Hash

9a12464e4b2e913955e124313a5ab47e63b771a41bdba9390d008212a1b52052

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://online.americanexpress.com/myca/fuidfyp/us/resources/css/fuidFypDefault.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Fri, 22 Nov 2019 12:47:28 GMT
x-content-type-options: nosniff
last-modified: Tue, 08 Nov 2016 09:17:19 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains
access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE,TRACE
content-type: image/png
status: 200
access-control-expose-headers: Date
cache-control: private, must-revalidate, max-age=445543
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: account_token,account_tokens,locale,,correlation_id,security_token
content-length: 50415

GET
H2 200 iNav_sprite_footer.gif
www.aexp-static.com/nav/ngn/img/ 5 KB
5 KB 82ms
82ms Image
image/gif 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aexp-static.com/nav/ngn/img/iNav_sprite_footer.gif?ver=0916_02

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

c5728ebd8f225043ec8b85f79c9964f133136f91b9bb260eb69437ce9af4573a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000;
last-modified: Thu, 02 Mar 2017 09:26:31 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
date: Fri, 22 Nov 2019 12:47:28 GMT
x-frame-options: SAMEORIGIN
content-type: image/gif
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
timing-allow-origin: *
content-length: 5012

GET
H2 200 iNav_sprite_footer1.gif
www.aexp-static.com/nav/ngn/img/ 5 KB
6 KB 83ms
83ms Image
image/gif 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aexp-static.com/nav/ngn/img/iNav_sprite_footer1.gif?ver=0917_11

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

b3be0c1dca2d9a00d8da591e1c209fced4d3ee588efb495eed4191aa2558e658

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=15552000;
last-modified: Mon, 11 Sep 2017 19:23:42 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
date: Fri, 22 Nov 2019 12:47:28 GMT
x-frame-options: SAMEORIGIN
content-type: image/gif
status: 200
cache-control: max-age=7776000
accept-ranges: bytes
timing-allow-origin: *
content-length: 5603

GET
H2 200 0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
www.aexp-static.com/nav/ngn/fonts/ 37 KB
37 KB 103ms
50ms Font
application/x-font-woff 104.111.250.201
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.aexp-static.com/nav/ngn/fonts/0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff

Requested by

Host: sailentea.cz
URL: http://sailentea.cz/schi.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-250-201.deploy.static.akamaitechnologies.com

Software

IBM_HTTP_Server /

Resource Hash

568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000;
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
Origin: http://sailentea.cz

Response headers

strict-transport-security: max-age=15552000;
last-modified: Thu, 02 Mar 2017 09:12:14 GMT
server: IBM_HTTP_Server
access-control-allow-origin: *
date: Fri, 22 Nov 2019 12:47:28 GMT
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
status: 200
cache-control: max-age=29030400
accept-ranges: bytes
timing-allow-origin: *
content-length: 37949

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

online.americanexpress.com
sailentea.cz
slalashprix.online
techmill.net
www.aexp-static.com
www.s2.be
104.111.236.50
104.111.250.201
106.247.251.66
192.64.119.44
212.158.161.21
2a01:7c8:ec:0:149:210:196:91
93.185.104.30
08aeac2c8b8abdcb9474a675cb0982c762ac88e263e819f5af4c2a874f115318
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c
7f1b85f13e643de7a8dd568b6073849d777a677a7d699229b8eb2fdb787ff2b9
9a12464e4b2e913955e124313a5ab47e63b771a41bdba9390d008212a1b52052
a7abcba5b71f2afefdb2f4666d3aad8fa04497ab43606faa3c022a3dde8a33d5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3be0c1dca2d9a00d8da591e1c209fced4d3ee588efb495eed4191aa2558e658
b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
c05cee2eb8aacab52bba3b3dd940b68055fc11a088302418c776efa459f63884
c5728ebd8f225043ec8b85f79c9964f133136f91b9bb260eb69437ce9af4573a
d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e599503c3bdee1fef6065e575091caef7a56b463e751886b298304379eab47b8
e989c2542a6af77569f5b65286bf132dd113c75810c71866dacba5d025d68bc5
f2247c91c5839640b73f4b7404c945207dae3c465fb86f83071cce669e04ecb7

sailentea.cz Open in urlscan Pro 93.185.104.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

83 %HTTPS

14 %IPv6

6 Domains

6 Subdomains

6 IPs

5 Countries

276 kBTransfer

367 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

sailentea.cz Open in urlscan Pro
93.185.104.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

83 %
HTTPS

14 %
IPv6

6
Domains

6
Subdomains

6
IPs

5
Countries

276 kB
Transfer

367 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!