konta-ridice-ldgov-cz.eu Open in urlscan Pro
2a00:7a60:0:10aa::1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://konta-ridice-ldgov-cz.eu/
Submission: On September 23 via manual (September 23rd 2024, 1:41:32 pm UTC) from CZ — Scanned from US

Summary HTTP 8 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a00:7a60:0:10aa::1, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is konta-ridice-ldgov-cz.eu.
TLS certificate: Issued by R10 on September 23rd 2024. Valid for: 3 months.

This is the only time konta-ridice-ldgov-cz.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Czech Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
7	2a00:7a60:0:1... 2a00:7a60:0:10aa::1	200000 (UKRAINE-AS) (UKRAINE-AS)
1	185.17.215.70 185.17.215.70	48298 (GOV) (GOV)
8	2

7 2a00:7a60:0:10aa::1 (Ukraine)

ASN200000 (UKRAINE-AS, UA)

konta-ridice-ldgov-cz.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.17.215.70 (Prague, Czech Republic)

ASN48298 (GOV, CZ)
PTR: chciidentitu.gov.cz

gov.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	konta-ridice-ldgov-cz.eu konta-ridice-ldgov-cz.eu	74 KB
1	gov.cz gov.cz — Cisco Umbrella Rank: 277978	15 KB
8	2

	Domain	Requested by
7	konta-ridice-ldgov-cz.eu	konta-ridice-ldgov-cz.eu
1	gov.cz
8	2

This site contains links to these domains. Also see Links.

Domain
gov.cz
pruvodce.gov.cz
portalobcana.gov.cz
obcan.portal.gov.cz
www.facebook.com
x.com
www.youtube.com

Subject Issuer	Validity	Valid
www.konta-ridice-ldgov-cz.eu R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
gov.cz GeoTrust EV RSA CA G2	`2024-06-06` - `2025-06-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://konta-ridice-ldgov-cz.eu/
Frame ID: 7F0205B5DEB755F3DD44C9987464FA1C
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Výpis z bodového konta řidiče - gov.cz

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

89 kB
Transfer

411 kB
Size

1
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://gov.cz/
Title: Úvod

Search URL Search Domain Scan URL

URL: https://gov.cz/sluzby-verejne-spravy/
Title: Služby veřejné správy

Search URL Search Domain Scan URL

URL: https://pruvodce.gov.cz/?utm_source=pvs&utm_medium=primarymenu&utm_campaign=pvs
Title: Životní události

Search URL Search Domain Scan URL

URL: https://gov.cz/o-zivote-v-cr/
Title: O životě v ČR

Search URL Search Domain Scan URL

URL: https://gov.cz/kam-dal/
Title: Kam dál

Search URL Search Domain Scan URL

URL: https://portalobcana.gov.cz/
Title: Co je portál občana

Search URL Search Domain Scan URL

URL: https://obcan.portal.gov.cz/
Title: Přihlásit se do portálu občana

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cz.eGovernment/

Search URL Search Domain Scan URL

URL: https://x.com/gov_cz

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCCEISjcwdeqghfa4Z2mWMOg

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response konta-ridice-ldgov-cz.eu/	96 KB 13 KB	2065ms 482ms	Document text/html	2a00:7a60:0:10aa::1 UKRAINE-AS
General Check archive.org Show headers Download Go to Full URL https://konta-ridice-ldgov-cz.eu/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:7a60:0:10aa::1 , Ukraine, ASN200000 (UKRAINE-AS, UA), Reverse DNS Software nginx / Resource Hash `97eeb41f5eae52548b2cb7b0d1575a36584eda499c6642ce96445df3797df684` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-type text/html; charset=UTF-8 date Mon, 23 Sep 2024 13:41:27 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx x-ray wnp22236:0.010/wn22236:0.020/wa22236:D=12911
GET H2	200	styles.min.css konta-ridice-ldgov-cz.eu/grim/	181 KB 21 KB	487ms 486ms	Stylesheet text/css	2a00:7a60:0:10aa::1 UKRAINE-AS
General Check archive.org Show headers Download Go to Full URL https://konta-ridice-ldgov-cz.eu/grim/styles.min.css Requested by Host: konta-ridice-ldgov-cz.eu URL: https://konta-ridice-ldgov-cz.eu/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:7a60:0:10aa::1 , Ukraine, ASN200000 (UKRAINE-AS, UA), Reverse DNS Software nginx / Resource Hash `3fcb6d391961424ad955e24e1af1af28e4c8994af2b09ba116e9859ac86ffce6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://konta-ridice-ldgov-cz.eu/ Response headers content-encoding br x-ray wnp22236:0.000/wn22236:0.000/ date Mon, 23 Sep 2024 13:41:27 GMT etag W/"6695519e-2d319" content-type text/css last-modified Mon, 15 Jul 2024 16:43:10 GMT server nginx
GET H2	200	print.min.css konta-ridice-ldgov-cz.eu/grim/	6 KB 2 KB	486ms 485ms	Stylesheet text/css	2a00:7a60:0:10aa::1 UKRAINE-AS
General Check archive.org Show headers Download Go to Full URL https://konta-ridice-ldgov-cz.eu/grim/print.min.css Requested by Host: konta-ridice-ldgov-cz.eu URL: https://konta-ridice-ldgov-cz.eu/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:7a60:0:10aa::1 , Ukraine, ASN200000 (UKRAINE-AS, UA), Reverse DNS Software nginx / Resource Hash `2662dc50fa8010be3a110fa6c89ae0f9d4fbd7d47fe3c0fbc4d85d0043d99b94` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://konta-ridice-ldgov-cz.eu/ Response headers content-encoding br x-ray wnp22236:0.000/wn22236:0.000/ date Mon, 23 Sep 2024 13:41:27 GMT etag W/"6695519e-1830" content-type text/css last-modified Mon, 15 Jul 2024 16:43:10 GMT server nginx
GET H2	200	pvs.css konta-ridice-ldgov-cz.eu/grim/	8 KB 2 KB	486ms 485ms	Stylesheet text/css	2a00:7a60:0:10aa::1 UKRAINE-AS
General Check archive.org Show headers Download Go to Full URL https://konta-ridice-ldgov-cz.eu/grim/pvs.css Requested by Host: konta-ridice-ldgov-cz.eu URL: https://konta-ridice-ldgov-cz.eu/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:7a60:0:10aa::1 , Ukraine, ASN200000 (UKRAINE-AS, UA), Reverse DNS Software nginx / Resource Hash `5af90dcaa5001a5f13644a1b7e83e0712c0e0cbb29d96d59459819902b2fe034` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://konta-ridice-ldgov-cz.eu/ Response headers content-encoding br x-ray wnp22236:0.000/wn22236:0.000/ date Mon, 23 Sep 2024 13:41:27 GMT etag W/"6695519e-209a" content-type text/css last-modified Mon, 15 Jul 2024 16:43:10 GMT server nginx
GET H2	200	forms.css konta-ridice-ldgov-cz.eu/grim/	13 KB 2 KB	486ms 485ms	Stylesheet text/css	2a00:7a60:0:10aa::1 UKRAINE-AS
General Check archive.org Show headers Download Go to Full URL https://konta-ridice-ldgov-cz.eu/grim/forms.css Requested by Host: konta-ridice-ldgov-cz.eu URL: https://konta-ridice-ldgov-cz.eu/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:7a60:0:10aa::1 , Ukraine, ASN200000 (UKRAINE-AS, UA), Reverse DNS Software nginx / Resource Hash `96185ffe2652c6b0c8c608fa521d5eb29f28964ab72b18506a6d5dccde23e5ab` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://konta-ridice-ldgov-cz.eu/ Response headers content-encoding br x-ray wnp22236:0.000/wn22236:0.000/ date Mon, 23 Sep 2024 13:41:27 GMT etag W/"6695519e-333d" content-type text/css last-modified Mon, 15 Jul 2024 16:43:10 GMT server nginx
GET H2	200	jquery-3.6.0.min.js Show response konta-ridice-ldgov-cz.eu/libs/jquery/	87 KB 30 KB	485ms 484ms	Script application/javascript	2a00:7a60:0:10aa::1 UKRAINE-AS
General Check archive.org Show headers Download Go to Full URL https://konta-ridice-ldgov-cz.eu/libs/jquery/jquery-3.6.0.min.js Requested by Host: konta-ridice-ldgov-cz.eu URL: https://konta-ridice-ldgov-cz.eu/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:7a60:0:10aa::1 , Ukraine, ASN200000 (UKRAINE-AS, UA), Reverse DNS Software nginx / Resource Hash `ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://konta-ridice-ldgov-cz.eu/ Response headers content-encoding br x-ray wnp22236:0.000/wn22236:0.000/ date Mon, 23 Sep 2024 13:41:27 GMT etag W/"62e8fc66-15d9d" content-type application/javascript last-modified Tue, 02 Aug 2022 10:28:54 GMT server nginx
GET H2	200	gov-basic-icons.woff2 konta-ridice-ldgov-cz.eu/assets/fonts/icons/	5 KB 5 KB	482ms 482ms	Font font/woff2	2a00:7a60:0:10aa::1 UKRAINE-AS
General Check archive.org Show headers Download Go to Full URL https://konta-ridice-ldgov-cz.eu/assets/fonts/icons/gov-basic-icons.woff2?v=v3.4.0 Requested by Host: konta-ridice-ldgov-cz.eu URL: https://konta-ridice-ldgov-cz.eu/grim/styles.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:7a60:0:10aa::1 , Ukraine, ASN200000 (UKRAINE-AS, UA), Reverse DNS Software nginx / Resource Hash `312e240d4ac2b4f1ad9bc3301c8025fdf37ad6fe1e9f9bda2137bfcc4d8cc8f2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://konta-ridice-ldgov-cz.eu Referer https://konta-ridice-ldgov-cz.eu/grim/styles.min.css Response headers etag "6695542c-148c" accept-ranges bytes content-length 5260 x-ray wnp22236:0.000/wn22236:0.000/ date Mon, 23 Sep 2024 13:41:28 GMT content-type font/woff2 last-modified Mon, 15 Jul 2024 16:54:04 GMT server nginx
GET H2	200	favicon.ico gov.cz/static/images/meta/	15 KB 15 KB	1395ms 267ms	Other image/vnd.microsoft.icon	185.17.215.70 GOV
General Check archive.org Show headers Download Go to Full URL https://gov.cz/static/images/meta/favicon.ico?v=knceasdft Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.17.215.70 Prague, Czech Republic, ASN48298 (GOV, CZ), Reverse DNS chciidentitu.gov.cz Software / Resource Hash `8daa97f8b2726bb78c3d037c5e00427eb4821d45336707ed2c4b089294d961ae` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://konta-ridice-ldgov-cz.eu/ Response headers cache-control no-cache content-length 15086 date Mon, 23 Sep 2024 13:41:29 GMT content-type image/vnd.microsoft.icon last-modified Wed, 24 Jul 2024 10:47:57 GMT content-disposition inline; filename=favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Czech Government (Government)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			konta-ridice-ldgov-cz.eu/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8402795bf75902fa8b1ce63d2fb16a7e

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gov.cz
konta-ridice-ldgov-cz.eu
185.17.215.70
2a00:7a60:0:10aa::1
2662dc50fa8010be3a110fa6c89ae0f9d4fbd7d47fe3c0fbc4d85d0043d99b94
312e240d4ac2b4f1ad9bc3301c8025fdf37ad6fe1e9f9bda2137bfcc4d8cc8f2
3fcb6d391961424ad955e24e1af1af28e4c8994af2b09ba116e9859ac86ffce6
5af90dcaa5001a5f13644a1b7e83e0712c0e0cbb29d96d59459819902b2fe034
8daa97f8b2726bb78c3d037c5e00427eb4821d45336707ed2c4b089294d961ae
96185ffe2652c6b0c8c608fa521d5eb29f28964ab72b18506a6d5dccde23e5ab
97eeb41f5eae52548b2cb7b0d1575a36584eda499c6642ce96445df3797df684
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

konta-ridice-ldgov-cz.eu Open in urlscan Pro 2a00:7a60:0:10aa::1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

89 kBTransfer

411 kBSize

1 Cookies

10 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

konta-ridice-ldgov-cz.eu Open in urlscan Pro
2a00:7a60:0:10aa::1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

89 kB
Transfer

411 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!