skuaiytasa.czechian.net Open in urlscan Pro
185.64.219.5 Malicious Activity! Public Scan

URL:
http://skuaiytasa.czechian.net/
Submission: On July 22 via api (July 22nd 2019, 3:57:52 am UTC) from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 185.64.219.5, located in Czech Republic and belongs to VSHOSTING, CZ. The main domain is skuaiytasa.czechian.net.

This is the only time skuaiytasa.czechian.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

	IP Address	AS Autonomous System
4	185.64.219.5 185.64.219.5	43541 (VSHOSTING) (VSHOSTING)
2	77.75.77.243 77.75.77.243	43037 (SEZNAM-) (SEZNAM-)
2	77.75.79.9 77.75.79.9	43037 (SEZNAM-) (SEZNAM-)
1	2a02:598:a::7... 2a02:598:a::79:53	43037 (SEZNAM-) (SEZNAM-)
9	4

4 185.64.219.5 (Czech Republic)

ASN43541 (VSHOSTING, CZ)
PTR: slunce.srv.wz.cz

skuaiytasa.czechian.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.75.77.243 (Czech Republic)

ASN43037 (SEZNAM-, CZ)
PTR: c.imedia.cz

c.imedia.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.75.79.9 (Czech Republic)

ASN43037 (SEZNAM-, CZ)
PTR: h.imedia.cz

h.imedia.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:598:a::79:53 (Czech Republic)

ASN43037 (SEZNAM-, CZ)

www.seznam.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	imedia.cz c.imedia.cz h.imedia.cz	9 KB
4	czechian.net skuaiytasa.czechian.net	17 KB
1	seznam.cz www.seznam.cz
9	3

	Domain	Requested by
4	skuaiytasa.czechian.net	skuaiytasa.czechian.net
2	h.imedia.cz	c.imedia.cz skuaiytasa.czechian.net
2	c.imedia.cz	skuaiytasa.czechian.net c.imedia.cz
1	www.seznam.cz	c.imedia.cz
9	4

This site contains no links.

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh

This page contains 4 frames:

Primary Page: http://skuaiytasa.czechian.net/
Frame ID: E763928D91F594B2F1595AA346598B74
Requests: 6 HTTP requests in this frame

Frame: http://h.imedia.cz/cookie-html?0.1924431024408284
Frame ID: F3748FBC6E7056ED32FD46063D441168
Requests: 1 HTTP requests in this frame

Frame: http://c.imedia.cz/context?url=http%3A%2F%2Fskuaiytasa.czechian.net%2F&z=60800&hash=948888962973
Frame ID: C85CCDB3ED7566025C1851355A211CA4
Requests: 1 HTTP requests in this frame

Frame: http://www.seznam.cz/sync?0.2985200192953401
Frame ID: 3AF8B1C56E04A6D2F20BCFD931CF5A76
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

0 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

25 kB
Transfer

44 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response skuaiytasa.czechian.net/	4 KB 2 KB	71ms 27ms	Document text/html	185.64.219.5 VSHOSTING
General Check archive.org Show headers Download Go to Full URL http://skuaiytasa.czechian.net/ Protocol HTTP/1.1 Server 185.64.219.5 , Czech Republic, ASN43541 (VSHOSTING, CZ), Reverse DNS slunce.srv.wz.cz Software nginx / Resource Hash `a27471bc9ccbec7e74c5779bf4418a26ef64c54ab85105f954c2e054a956a5a8` Request headers Host skuaiytasa.czechian.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx Date Mon, 22 Jul 2019 03:57:16 GMT Content-Type text/html Transfer-Encoding chunked Connection close Last-Modified Sun, 21 Jul 2019 15:22:44 GMT ETag W/"c47-58e3288021496-gzip" Vary Accept-Encoding Content-Encoding gzip
GET H/1.1	200 OK	logon.css skuaiytasa.czechian.net/	2 KB 1 KB	279ms 16ms	Stylesheet text/css	185.64.219.5 VSHOSTING
General Check archive.org Show headers Download Go to Full URL http://skuaiytasa.czechian.net/logon.css Requested by Host: skuaiytasa.czechian.net URL: http://skuaiytasa.czechian.net/ Protocol HTTP/1.1 Security , , Server 185.64.219.5 , Czech Republic, ASN43541 (VSHOSTING, CZ), Reverse DNS slunce.srv.wz.cz Software nginx / Resource Hash `da50bcb5382766a7c25162bbfd523928ccecf337ed574af0b249a59b546cb834` Request headers Referer http://skuaiytasa.czechian.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 03:57:16 GMT Content-Encoding gzip Last-Modified Sun, 21 Jul 2019 15:23:05 GMT Server nginx ETag "9d9-58e32893d8a27-gzip" Vary Accept-Encoding Content-Type text/css Connection close Accept-Ranges bytes Content-Length 891
GET H/1.1	200 OK	lgntopl.gif skuaiytasa.czechian.net/	4 KB 5 KB	1033ms 16ms	Image image/gif	185.64.219.5 VSHOSTING
General Check archive.org Show headers Download Go to Show image Full URL http://skuaiytasa.czechian.net/lgntopl.gif Requested by Host: skuaiytasa.czechian.net URL: http://skuaiytasa.czechian.net/ Protocol HTTP/1.1 Security , , Server 185.64.219.5 , Czech Republic, ASN43541 (VSHOSTING, CZ), Reverse DNS slunce.srv.wz.cz Software nginx / Resource Hash `b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97` Request headers Referer http://skuaiytasa.czechian.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 03:57:17 GMT Content-Encoding gzip Last-Modified Sun, 21 Jul 2019 15:22:57 GMT Server nginx ETag "1167-58e3288c18058-gzip" Vary Accept-Encoding Content-Type image/gif Connection close Accept-Ranges bytes Content-Length 4450
GET H/1.1	200 OK	lgnbotl.gif skuaiytasa.czechian.net/	9 KB 9 KB	7202ms 29ms	Image image/gif	185.64.219.5 VSHOSTING
General Check archive.org Show headers Download Go to Show image Full URL http://skuaiytasa.czechian.net/lgnbotl.gif Requested by Host: skuaiytasa.czechian.net URL: http://skuaiytasa.czechian.net/ Protocol HTTP/1.1 Security , , Server 185.64.219.5 , Czech Republic, ASN43541 (VSHOSTING, CZ), Reverse DNS slunce.srv.wz.cz Software nginx / Resource Hash `0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b` Request headers Referer http://skuaiytasa.czechian.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 03:57:23 GMT Content-Encoding gzip Last-Modified Sun, 21 Jul 2019 15:22:51 GMT Server nginx ETag "245f-58e32886c8299-gzip" Vary Accept-Encoding Content-Type image/gif Connection close Accept-Ranges bytes Content-Length 9303
GET H/1.1	200 OK	script.js Show response c.imedia.cz/js/	25 KB 8 KB	1033ms 16ms	Script application/javascript	77.75.77.243 SEZNAM-
General Check archive.org Show headers Download Go to Full URL http://c.imedia.cz/js/script.js Requested by Host: skuaiytasa.czechian.net URL: http://skuaiytasa.czechian.net/ Protocol HTTP/1.1 Security , , Server 77.75.77.243 , Czech Republic, ASN43037 (SEZNAM-, CZ), Reverse DNS c.imedia.cz Software nginx / Resource Hash `4587d7e9a389f8b6865080bfb11d08e9335e692deb118a492eb19e0ad9835fec` Request headers Referer http://skuaiytasa.czechian.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 03:57:31 GMT Content-Encoding gzip Last-Modified Mon, 15 Apr 2019 06:10:02 GMT Server nginx ETag W/"5cb4203a-63ea" Vary Accept-Encoding P3P CP="NON DSP COR TAI NOR UNI", policyref="/w3c/p3p.xml" access-control-allow-origin * Cache-Control no-cache, private, max-age=0, no-cache, no-store Transfer-Encoding chunked Connection keep-alive Content-Type application/javascript Expires Mon, 22 Jul 2019 03:57:30 GMT
GET H/1.1	200 OK	Cookie set cookie-html h.imedia.cz/ Frame F374	0 0	1042ms 14ms	Document text/html	77.75.79.9 SEZNAM-
General Check archive.org Show headers Download Go to Full URL http://h.imedia.cz/cookie-html?0.1924431024408284 Requested by Host: c.imedia.cz URL: http://c.imedia.cz/js/script.js Protocol HTTP/1.1 Server 77.75.79.9 , Czech Republic, ASN43037 (SEZNAM-, CZ), Reverse DNS h.imedia.cz Software nginx/1.14.2 / Resource Hash Request headers Host h.imedia.cz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://skuaiytasa.czechian.net/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://skuaiytasa.czechian.net/ Response headers Server nginx/1.14.2 Date Mon, 22 Jul 2019 03:57:32 GMT Content-Type text/html Last-Modified Thu, 09 May 2019 08:04:29 GMT Transfer-Encoding chunked Connection keep-alive Set-Cookie sid=id=8516844157396064157\|t=1563767852.365\|te=1563767852.365\|c=1092A3BC0586574B93374E63F30412BB; Domain=.imedia.cz; Path=/; Expires=Wed, 21-Aug-2019 03:57:32 GMT ETag W/"5cd3df0d-881" P3P CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI" Vary Origin Access-Control-Allow-Origin * Access-Control-Allow-Methods GET, OPTIONS Access-Control-Allow-Headers content-type Access-Control-Allow-Credentials true Content-Encoding gzip
GET H/1.1	200 OK	Cookie set context c.imedia.cz/ Frame C85C	0 0	33ms 33ms	Document text/html	77.75.77.243 SEZNAM-
General Check archive.org Show headers Download Go to Full URL http://c.imedia.cz/context?url=http%3A%2F%2Fskuaiytasa.czechian.net%2F&z=60800&hash=948888962973 Requested by Host: c.imedia.cz URL: http://c.imedia.cz/js/script.js Protocol HTTP/1.1 Server 77.75.77.243 , Czech Republic, ASN43037 (SEZNAM-, CZ), Reverse DNS c.imedia.cz Software nginx / Resource Hash Request headers Host c.imedia.cz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://skuaiytasa.czechian.net/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://skuaiytasa.czechian.net/ Response headers Server nginx Date Mon, 22 Jul 2019 03:57:31 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Set-Cookie sid=id=11656662139546299698\|t=1563767851.378\|te=1563767851.378\|c=0FC4A743FE8700BDC2C6B5278B6C2112; Domain=.imedia.cz; Path=/; Expires=Wed, 21-Aug-2019 03:57:31 GMT P3P CP="NON DSP COR TAI NOR UNI", policyref="/w3c/p3p.xml" Cache-Control private, max-age=0, no-cache, no-store Content-Encoding gzip
GET H/1.1	200 OK	/ h.imedia.cz/hit/	43 B 426 B	16ms 15ms	Image image/gif	77.75.79.9 SEZNAM-
General Check archive.org Show headers Download Go to Show image Full URL http://h.imedia.cz/hit/?q=&d=%7B%22tid%22%3A%2215637678513240.6124351097954723%22%2C%22referer%22%3A%22%22%2C%22path%22%3A%22%22%2C%22scroll%22%3A%220%2C0%22%2C%22port%22%3A%221600%2C1200%22%2C%22page%22%3A%221584%2C822%22%2C%22screen%22%3A%221600%2C1200%2C24%22%7D&a=impress&s=sklikp&lsid=&id=15637678513240.6124351097954723&v=2.11&r=0.3177964373802966&h=b0424419c8d7067e02&rus=&ri=&pvid=&spa=false&u=http%3A%2F%2Fskuaiytasa.czechian.net%2F&lses=1563767851324&ab=&serviceVariant=&ptitle=Outlook%20Web%20App%20update Requested by Host: skuaiytasa.czechian.net URL: http://skuaiytasa.czechian.net/ Protocol HTTP/1.1 Security , , Server 77.75.79.9 , Czech Republic, ASN43037 (SEZNAM-, CZ), Reverse DNS h.imedia.cz Software nginx/1.14.2 / Resource Hash `3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a` Request headers Referer http://skuaiytasa.czechian.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 22 Jul 2019 03:57:32 GMT Server nginx/1.14.2 Connection keep-alive P3P CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI" Content-Length 43 Content-Type image/gif
GET H/1.1	200 OK	sync www.seznam.cz/ Frame 3AF8	0 0	46ms 11ms	Document text/html	2a02:598:a::79:53 SEZNAM-
General Check archive.org Show headers Download Go to Full URL http://www.seznam.cz/sync?0.2985200192953401 Requested by Host: c.imedia.cz URL: http://c.imedia.cz/js/script.js Protocol HTTP/1.1 Server 2a02:598:a::79:53 , Czech Republic, ASN43037 (SEZNAM-, CZ), Reverse DNS Software nginx / Resource Hash Request headers Host www.seznam.cz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Referer http://skuaiytasa.czechian.net/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://skuaiytasa.czechian.net/ Response headers Server nginx Date Mon, 22 Jul 2019 03:57:32 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Last-Modified Thu, 09 May 2019 08:04:29 GMT ETag W/"5cd3df0d-b38" P3P CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI" Vary Origin Access-Control-Allow-Origin * Access-Control-Allow-Methods GET, OPTIONS Access-Control-Allow-Headers content-type Access-Control-Allow-Credentials true Content-Encoding gzip

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.imedia.cz
h.imedia.cz
skuaiytasa.czechian.net
www.seznam.cz
185.64.219.5
2a02:598:a::79:53
77.75.77.243
77.75.79.9
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a
4587d7e9a389f8b6865080bfb11d08e9335e692deb118a492eb19e0ad9835fec
a27471bc9ccbec7e74c5779bf4418a26ef64c54ab85105f954c2e054a956a5a8
b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97
da50bcb5382766a7c25162bbfd523928ccecf337ed574af0b249a59b546cb834

skuaiytasa.czechian.net Open in urlscan Pro 185.64.219.5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

0 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

4 IPs

1 Countries

25 kBTransfer

44 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

skuaiytasa.czechian.net Open in urlscan Pro
185.64.219.5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

25 kB
Transfer

44 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!