strach.zenyzenam.cz - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 2a01:7e00::f03c:91ff:fe6e:12, located in United Kingdom and belongs to LINODE-AP Linode, LLC, US. The main domain is strach.zenyzenam.cz.

This is the only time strach.zenyzenam.cz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2a01:7e00::f0... 2a01:7e00::f03c:91ff:fe6e:12	63949 (LINODE-AP...) (LINODE-AP Linode)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY - Fastly)
1	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
7	3

6 2a01:7e00::f03c:91ff:fe6e:12 (United Kingdom) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)

strach.zenyzenam.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.20 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	zenyzenam.cz 1 redirects strach.zenyzenam.cz	625 B
1	nr-data.net bam.nr-data.net
1	newrelic.com js-agent.newrelic.com
7	3

	Domain	Requested by
6	strach.zenyzenam.cz	1 redirects strach.zenyzenam.cz
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	strach.zenyzenam.cz
7	3

This site contains no links.

Subject Issuer	Validity	Valid
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2017-12-12` - `2018-05-04`	5 months	crt.sh
*.nr-data.net GeoTrust SSL CA - G3	`2017-07-18` - `2018-03-17`	8 months	crt.sh

This page contains 1 frames:

Primary Page: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
Frame ID: (625D02D26B63D3899299A41F854628DF)
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://strach.zenyzenam.cz/flip/index.php?email=george.delucia@guggenheimpartners.com HTTP 302
http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

7
Requests

29 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

0 kB
Transfer

864 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://strach.zenyzenam.cz/flip/index.php?email=george.delucia@guggenheimpartners.com HTTP 302
http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request l9t2q42tmurblsh9bnyzb9b7.php Show response
strach.zenyzenam.cz/flip/
Redirect Chain

http://strach.zenyzenam.cz/flip/index.php?email=george.delucia@guggenheimpartners.com
http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce87...

6 KB
0

51ms
51ms

Document
text/html

2a01:7e00::f03c:91ff:fe6e:12
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com

Protocol

HTTP/1.1

Server

2a01:7e00::f03c:91ff:fe6e:12 , United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

Apache /

Resource Hash

4825f426ba66aec88b501b89f65b36c16deddc790099ffc662f1907bac9d51af

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW

Request headers

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
Host: strach.zenyzenam.cz
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Fri, 22 Dec 2017 18:56:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
X-FRAME-OPTIONS: ALLOW
Strict-Transport-Security: max-age=3600; preload
Content-Type: text/html
Cache-Control: max-age=86400
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 2812
Keep-Alive: timeout=5, max=299
Expires: Sat, 23 Dec 2017 18:56:01 GMT

Redirect headers

Date: Fri, 22 Dec 2017 18:56:00 GMT
Strict-Transport-Security: max-age=3600; preload
X-Content-Type-Options: nosniff
Server: Apache
X-FRAME-OPTIONS: ALLOW
Content-Type: text/html
Location: l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
Cache-Control: max-age=86400
Connection: Keep-Alive
Keep-Alive: timeout=5, max=300
Content-Length: 0
Expires: Sat, 23 Dec 2017 18:56:00 GMT

GET
H/1.1 200
OK main_css.css
strach.zenyzenam.cz/flip/img/ 2 KB
0 31ms
31ms Stylesheet
text/css 2a01:7e00::f03c:91ff:fe6e:12
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

http://strach.zenyzenam.cz/flip/img/main_css.css

Requested by

Host: strach.zenyzenam.cz
URL: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com

Protocol

HTTP/1.1

Server

2a01:7e00::f03c:91ff:fe6e:12 , United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

Apache /

Resource Hash

4dbf2e4f3fa2fd8ac6e90c25c45cd0140f4909a3949311de51cdbebea4e98ef2

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: strach.zenyzenam.cz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
Connection: keep-alive
Cache-Control: no-cache
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Fri, 22 Dec 2017 18:56:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 317
Last-Modified: Fri, 22 Dec 2017 16:58:58 GMT
Server: Apache
X-FRAME-OPTIONS: ALLOW
ETag: "7cb-560f0bb9199eb-gzip"
Strict-Transport-Security: max-age=3600; preload
Content-Type: text/css
Cache-Control: max-age=259200,public
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=298
Expires: Mon, 25 Dec 2017 18:56:01 GMT

GET
H/1.1 200
OK index.css
strach.zenyzenam.cz/flip/img/ 2 KB
0 195ms
177ms Stylesheet
text/css 2a01:7e00::f03c:91ff:fe6e:12
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

http://strach.zenyzenam.cz/flip/img/index.css

Requested by

Host: strach.zenyzenam.cz
URL: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com

Protocol

HTTP/1.1

Server

2a01:7e00::f03c:91ff:fe6e:12 , United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

Apache /

Resource Hash

432477ad5a346fe74c9e22e6b2da7f7a7c63dfe3b44359ffe47734dc29e81f5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: strach.zenyzenam.cz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
Connection: keep-alive
Cache-Control: no-cache
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Fri, 22 Dec 2017 18:56:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 403
Last-Modified: Fri, 22 Dec 2017 16:58:58 GMT
Server: Apache
X-FRAME-OPTIONS: ALLOW
ETag: "7cc-560f0bb918ce6-gzip"
Strict-Transport-Security: max-age=3600; preload
Content-Type: text/css
Cache-Control: max-age=259200,public
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=300
Expires: Mon, 25 Dec 2017 18:56:01 GMT

GET
H/1.1 200
OK 1.png
strach.zenyzenam.cz/flip/img/ 804 KB
0 24ms
24ms Image
image/png 2a01:7e00::f03c:91ff:fe6e:12
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://strach.zenyzenam.cz/flip/img/1.png

Requested by

Host: strach.zenyzenam.cz
URL: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com

Protocol

HTTP/1.1

Server

2a01:7e00::f03c:91ff:fe6e:12 , United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

Apache /

Resource Hash

ba05bef2d7327f4c6daa4bf96117d01c3cec21568a9a9769063c43cb32e97dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: strach.zenyzenam.cz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
Connection: keep-alive
Cache-Control: no-cache
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Fri, 22 Dec 2017 18:56:01 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 22 Dec 2017 16:58:58 GMT
Server: Apache
ETag: "c8e10-560f0bb918ce6"
X-FRAME-OPTIONS: ALLOW
Connection: Keep-Alive
Content-Type: image/png
Cache-Control: max-age=2592000,public
Strict-Transport-Security: max-age=3600; preload
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=297
Content-Length: 822800
Expires: Sun, 21 Jan 2018 18:56:01 GMT

GET
H/1.1 200
OK 2.jpg
strach.zenyzenam.cz/flip/img/ 27 KB
0 24ms
24ms Image
image/jpeg 2a01:7e00::f03c:91ff:fe6e:12
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://strach.zenyzenam.cz/flip/img/2.jpg

Requested by

Host: strach.zenyzenam.cz
URL: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com

Protocol

HTTP/1.1

Server

2a01:7e00::f03c:91ff:fe6e:12 , United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

Apache /

Resource Hash

9d3fb719209dc8552e293146b22b5a0e96c05d0734566bb4035fd95b580d75c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: strach.zenyzenam.cz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
Connection: keep-alive
Cache-Control: no-cache
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Fri, 22 Dec 2017 18:56:01 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 22 Dec 2017 16:58:58 GMT
Server: Apache
ETag: "6c0a-560f0bb918ce6"
X-FRAME-OPTIONS: ALLOW
Connection: Keep-Alive
Content-Type: image/jpeg
Cache-Control: max-age=2592000,public
Strict-Transport-Security: max-age=3600; preload
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=296
Content-Length: 27658
Expires: Sun, 21 Jan 2018 18:56:01 GMT

GET
H2 200 nr-1071.min.js Show response
js-agent.newrelic.com/ 23 KB
0 32ms
5ms Script
application/javascript 151.101.114.110
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1071.min.js
Requested by: Host: strach.zenyzenam.cz
URL: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280

Request headers

:path: /nr-1071.min.js
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: js-agent.newrelic.com
referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
:scheme: https
:method: GET
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Fri, 22 Dec 2017 18:56:01 GMT
content-encoding: gzip
x-amz-request-id: 5EA69B9E407DB8D1
x-cache: HIT
status: 200
content-length: 9086
x-amz-id-2: UmIzaBjWpP1dp8unLzp1UKU8AKexnFQRjzIBXsOEawuxNZTvApIKl37QGTZIrusQacKN80XwG98=
x-served-by: cache-hhn1528-HHN
last-modified: Tue, 14 Nov 2017 18:09:22 GMT
server: AmazonS3
x-timer: S1513968962.540347,VS0,VE0
etag: "a1a545c95f313a230157b47dca555c25"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 57511

GET
H/1.1 200
OK Cookie set a0000aad75 Show response
bam.nr-data.net/1/ 57 B
0 462ms
114ms Script
text/javascript 162.247.242.20
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/a0000aad75?a=5928866,4622076&v=1071.385e752&to=b1RUbUUHWEoCWhZeXFYeY0teSVBVCklNWwpMA0cNBRJbTBFbDkRbAVNYQE0ED1tUFxJfQw%3D%3D&rst=739&ref=http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php&ap=24&be=505&fe=700&dc=698&perf=%7B%22timing%22:%7B%22of%22:1513968960810,%22n%22:0,%22r%22:0,%22re%22:500,%22f%22:500,%22dn%22:500,%22dne%22:500,%22c%22:500,%22ce%22:500,%22rq%22:448,%22rp%22:499,%22rpe%22:500,%22dl%22:501,%22di%22:698,%22ds%22:698,%22de%22:698,%22dc%22:699,%22l%22:699,%22le%22:700%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=QxNXGw0dS0Q%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1071.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
Connection: keep-alive
Cache-Control: no-cache
Referer: http://strach.zenyzenam.cz/flip/l9t2q42tmurblsh9bnyzb9b7.php?6465CG1513968961ffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfbffbd3a65a85b3a91e981ce872c593cfb&email=george.delucia@guggenheimpartners.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Set-Cookie: JSESSIONID=fb39cdf14fa70bf6;Path=/;Domain=.nr-data.net;Secure
Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=3600; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
js-agent.newrelic.com
strach.zenyzenam.cz
151.101.114.110
162.247.242.20
2a01:7e00::f03c:91ff:fe6e:12
432477ad5a346fe74c9e22e6b2da7f7a7c63dfe3b44359ffe47734dc29e81f5c
4825f426ba66aec88b501b89f65b36c16deddc790099ffc662f1907bac9d51af
4dbf2e4f3fa2fd8ac6e90c25c45cd0140f4909a3949311de51cdbebea4e98ef2
56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280
9d3fb719209dc8552e293146b22b5a0e96c05d0734566bb4035fd95b580d75c6
ba05bef2d7327f4c6daa4bf96117d01c3cec21568a9a9769063c43cb32e97dc6
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

strach.zenyzenam.cz Open in urlscan Pro 2a01:7e00::f03c:91ff:fe6e:12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

29 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

0 kBTransfer

864 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

strach.zenyzenam.cz Open in urlscan Pro
2a01:7e00::f03c:91ff:fe6e:12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

29 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

0 kB
Transfer

864 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!