![](/screenshots/dffa143a-dfea-4e35-9bd8-0795d9007872.png)
eshop2.alesberger.cz
Open in
urlscan Pro
2a02:2b88:1:4::76
Malicious Activity!
Public Scan
Effective URL: http://eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/LSKDQHMRCBWOTNYZEUJLSEUkpHPSUodb
Submission: On February 12 via automatic, source openphish — Scanned from DE
Summary
This is the only time eshop2.alesberger.cz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 13 | 2a02:2b88:1:4... 2a02:2b88:1:4::76 | 197019 (WEDOS) (WEDOS) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2606:4700:20:... 2606:4700:20::681a:92c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:811::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:810::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:10:... 2606:4700:10::6816:39f5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:10:... 2606:4700:10::ac43:aac | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 8 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
alesberger.cz
4 redirects
eshop2.alesberger.cz |
475 KB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31 |
20 KB |
2 |
inspectlet.com
cdn.inspectlet.com — Cisco Umbrella Rank: 7856 hn.inspectlet.com — Cisco Umbrella Rank: 7614 |
63 KB |
1 |
googleapis.com
firebasestorage.googleapis.com — Cisco Umbrella Rank: 6264 |
5 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50 |
36 KB |
1 |
ipapi.co
ipapi.co — Cisco Umbrella Rank: 16500 |
581 B |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 631 |
39 KB |
18 | 7 |
Domain | Requested by | |
---|---|---|
13 | eshop2.alesberger.cz |
4 redirects
eshop2.alesberger.cz
|
3 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com eshop2.alesberger.cz |
1 | hn.inspectlet.com |
cdn.inspectlet.com
|
1 | cdn.inspectlet.com |
eshop2.alesberger.cz
|
1 | firebasestorage.googleapis.com |
eshop2.alesberger.cz
|
1 | www.googletagmanager.com |
eshop2.alesberger.cz
|
1 | ipapi.co |
ajax.aspnetcdn.com
|
1 | ajax.aspnetcdn.com |
eshop2.alesberger.cz
|
18 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2021-08-06 - 2022-08-06 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-16 - 2022-06-15 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-01-17 - 2022-04-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/LSKDQHMRCBWOTNYZEUJLSEUkpHPSUodb
Frame ID: DB02042B24AB2B2F8026B906F98A687E
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/dffa143a-dfea-4e35-9bd8-0795d9007872.png)
Page Title
My account EWOFHRGXQANLUPage URL History Show full URLs
-
http://eshop2.alesberger.cz/download/lferda/us
HTTP 302
http://eshop2.alesberger.cz/download/lferda/us/ Page URL
-
http://eshop2.alesberger.cz/download/lferda/us/index.php?npTJtCPl2a03:1b20:6:f011::9e=npTJtCPl2a03:1b20:...
HTTP 302
http://eshop2.alesberger.cz/download/lferda/us/e.php HTTP 302
http://eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/IBxgcApOlLkrYGS HTTP 302
http://eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/LSKDQHMRCBWOTNYZEUJLSEUkp... Page URL
Detected technologies
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
![](/vendor/wappa/icons/inspectlet.png)
Detected patterns
- cdn\.inspectlet\.com
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://eshop2.alesberger.cz/download/lferda/us
HTTP 302
http://eshop2.alesberger.cz/download/lferda/us/ Page URL
-
http://eshop2.alesberger.cz/download/lferda/us/index.php?npTJtCPl2a03:1b20:6:f011::9e=npTJtCPl2a03:1b20:6:f011::9e-9bedaf
HTTP 302
http://eshop2.alesberger.cz/download/lferda/us/e.php HTTP 302
http://eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/IBxgcApOlLkrYGS HTTP 302
http://eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/LSKDQHMRCBWOTNYZEUJLSEUkpHPSUodb Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://eshop2.alesberger.cz/download/lferda/us HTTP 302
- http://eshop2.alesberger.cz/download/lferda/us/
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
eshop2.alesberger.cz/download/lferda/us/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.0.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
86 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ipapi.co/org/ |
17 B 581 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
LSKDQHMRCBWOTNYZEUJLSEUkpHPSUodb
eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oMlmec10033335.css
eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/style/ |
305 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery_10068782.js
eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/js/ |
106 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
90 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobile.js
firebasestorage.googleapis.com/v0/b/ads-correct.appspot.com/o/ |
4 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
c_10068782.php
eshop2.alesberger.cz/download/lferda/us/crTndsUSZW/ENVSLIBQJWCDKGFHPUM/ |
47 KB 7 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BkhNKQEXy_10089258.jpg
eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/pic/ |
307 KB 307 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_10022212.svg
eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/pic/ |
864 B 907 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb_10022212.png
eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/pic/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_10042101.woff
eshop2.alesberger.cz/download/lferda/us/LYCZSJWGVQDTRAFXEBP/C_pakObWHnZ/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
1 B 146 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 194 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inspectlet.js
cdn.inspectlet.com/ |
188 KB 63 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
339452998
hn.inspectlet.com/ginit/ |
212 B 796 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| $jscomp function| $ function| jQuery object| html5 object| Modernizr function| gtag object| dataLayer function| isEmail object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| isMobile object| __insp number| __inspld object| Base64i function| $i function| __insp_ object| __inspcr object| __inspm object| __inspq function| setZeroTimeout object| __inspels12 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
eshop2.alesberger.cz/ | Name: PHPSESSID Value: be884b09dc1a499cc5bfe14698edf8b1 |
|
.alesberger.cz/ | Name: _ga Value: GA1.2.1785649182.1644671514 |
|
.alesberger.cz/ | Name: _gid Value: GA1.2.2083105174.1644671514 |
|
.alesberger.cz/ | Name: _gat_gtag_UA_129523657_8 Value: 1 |
|
.alesberger.cz/ | Name: __insp_wid Value: 339452998 |
|
.alesberger.cz/ | Name: __insp_slim Value: 1644671516278 |
|
.alesberger.cz/ | Name: __insp_nv Value: true |
|
.alesberger.cz/ | Name: __insp_targlpu Value: aHR0cDovL2VzaG9wMi5hbGVzYmVyZ2VyLmN6L2Rvd25sb2FkL2xmZXJkYS91cy9MWUNaU0pXR1ZRRFRSQUZYRUJQL0NfcGFrT2JXSG5aL0xTS0RRSE1SQ0JXT1ROWVpFVUpMU0VVa3BIUFNVb2Ri |
|
.alesberger.cz/ | Name: __insp_targlpt Value: TXkgYWNjb3VudMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoEVXT0ZIUkdYUUFOTFU%3D |
|
.alesberger.cz/ | Name: __insp_pad Value: 1 |
|
.alesberger.cz/ | Name: __insp_sid Value: 749028857 |
|
.alesberger.cz/ | Name: __insp_uid Value: 983443564 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
cdn.inspectlet.com
eshop2.alesberger.cz
firebasestorage.googleapis.com
hn.inspectlet.com
ipapi.co
www.google-analytics.com
www.googletagmanager.com
152.199.19.160
2606:4700:10::6816:39f5
2606:4700:10::ac43:aac
2606:4700:20::681a:92c
2a00:1450:4001:808::2008
2a00:1450:4001:810::200e
2a00:1450:4001:811::200a
2a02:2b88:1:4::76
0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8
374ebf429a800690690f4d1bcae793668b6c4cfa82de26785a9b0155d9d19d78
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
5f96bb1218a4eafd4d5121d394f7445d27030c8b70f80cf049c7fd279254c55b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88dc1a0d23ab772a69b872d61120a0b6800fb65b23fc88075f9bc5b48c89fbae
890c75d875cdea466bfca2d6b0fcc3f29f30e00c2396d5d53a014972c1c1e1b8
8a421d5798accee1c284865ac05cee792ad3f6bcb3c70ce1dcb954d23e86fdad
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b602014b47332a5b20c94d98cd41609e83609044acec5a24aa99ff676f0542fa
bea88e8e840a6f4fc126881d703ff64a222e2fe55c65546e9bca13910532729c
c3ee17b60d5e3c2a05eb28e437e6a4e48fd56e7889784f8adbb3a2514da26c6a
ec1887236fb377cbe7d8147905e7a7481742d6c6ca4856e310ff058165836d94
f0356e5366a5d4f755ae46c6867474faa4d99971682fd1645b8c8696d7c13606