rudolfsvatek.cz
Open in
urlscan Pro
2a02:2b88:1:4::7a
Malicious Activity!
Public Scan
Effective URL: http://rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/index.php?login&cmd=ctcj7vicWbTIC4BLbVQV
Submission: On April 29 via manual from NZ
Summary
This is the only time rudolfsvatek.cz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spark (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a02:2b88:1:4... 2a02:2b88:1:4::38 | 197019 (WEDOS) (WEDOS) | |
1 16 | 2a02:2b88:1:4... 2a02:2b88:1:4::7a | 197019 (WEDOS) (WEDOS) | |
15 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
rudolfsvatek.cz
1 redirects
rudolfsvatek.cz |
334 KB |
1 |
vyletydoostrova.cz
1 redirects
www.vyletydoostrova.cz |
328 B |
15 | 2 |
Domain | Requested by | |
---|---|---|
16 | rudolfsvatek.cz |
1 redirects
rudolfsvatek.cz
|
1 | www.vyletydoostrova.cz | 1 redirects |
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/index.php?login&cmd=ctcj7vicWbTIC4BLbVQV
Frame ID: 9D8A8E4167500726AF52CE3914C83D3A
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.vyletydoostrova.cz/re/
HTTP 301
http://rudolfsvatek.cz//ckeditor/sparkvr/ HTTP 302
http://rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/index.php?login&cmd=ctcj7vicWbTIC4BLbVQV Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.vyletydoostrova.cz/re/
HTTP 301
http://rudolfsvatek.cz//ckeditor/sparkvr/ HTTP 302
http://rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/index.php?login&cmd=ctcj7vicWbTIC4BLbVQV Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/ Redirect Chain
|
43 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-all.css
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/css/ |
617 KB 84 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clientlib-sparkv2.css
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/css/ |
109 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtramail-sign-in.css
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/css/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xtramail-delete-account.css
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/css/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shopping-disabled.svg
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/img/ |
962 B 907 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shopping.svg
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
purple.svg
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/img/ |
34 KB 11 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/css/ |
84 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f26faddb-86cc-4477-a253-1e1287684336.woff
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/fonts/ |
44 KB 44 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
91b50bbb-9aa1-4d54-9159-ec6f19d14a7c.woff
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/fonts/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1e9892c0-6927-4412-9874-1b82801ba47a.woff
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/fonts/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spark-icon-family.woff
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/fonts/ |
28 KB 28 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
63a74598-733c-4d0c-bd91-b01bffcd6e69.ttf
rudolfsvatek.cz//ckeditor/sparkvr/ctcj7vicWbTIC4BLbVQV/fonts/ |
50 KB 51 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spark (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rudolfsvatek.cz/ | Name: PHPSESSID Value: 6a2ef50dfa738257336dc43536314da2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
rudolfsvatek.cz
www.vyletydoostrova.cz
2a02:2b88:1:4::38
2a02:2b88:1:4::7a
4b91ad0b85c39f6789caf49cec4beb06b7b9f0e4d0ac8feff0de8f79fdd12d97
4c44fbd8f76feb3251c9fbce49f402621eda496675edeaca4fbb0ad888cbc7f5
597577e553630e1a1a757b9a233376cc1c0ea7e590a796b708103f8b077b0631
620660f45d9afea331852f7c4ef47e924069518bbf332b0fda09568f4f51bccf
7d255a599b3d55c47683086f1a761c89c939d396a7011b63a87e20ad03b9e89d
7e4ac7deecd0d69e0fa1329a24437009094a20998dbd04b8b65889eb84ed7649
7eecf6acabd9849b2ad9bef1221ed0b5ab36da5e3f458dc99657004da767dcd0
826838967e668f1d8ec319c67eba230e81d89e528b2dae1c944a41a9a7630823
8cd0112b63387703de5702e3604c364adad1548f16f995fcc9c75ecef36f9119
8e09aa31f396ea41d698f437dc5fc7125e931d400eb2873f5b68ef78c1e6f3a6
8faaa9dd10af06677522700a5ea9665c835f061b93fe8597f66ab4e126aef627
a10152a58983bea725942a8b96844638ec4155e60cd124112c820798256816dc
b18947f6fca59b47d4e93883683f640b773838572fb5765f229e05905389bbfa
c1255e7e4b5d811f0c02de3824b91e058417edf1734cf9d92c0267a16797a8d9
d65da0384164d3caeeee36b2e8b7b5da42e1183d4575725a3bd05213e786ec55