o2av.com Open in urlscan Pro
2606:4700:30::6812:367a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cutt.ly/Nre1PFp
Effective URL:
https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEm...
Submission: On December 23 via manual (December 23rd 2019, 4:47:23 pm UTC) from LV

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2606:4700:30::6812:367a, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is o2av.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on September 15th 2019. Valid for: 6 months.

This is the only time o2av.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banka Citadele (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	46.248.189.222 46.248.189.222	47544 (IQPL-AS) (IQPL-AS)
8	2606:4700:30:... 2606:4700:30::6812:367a	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
8	1

2 46.248.189.222 (Gdańsk, Poland) 2 redirects

ASN47544 (IQPL-AS, PL)
PTR: 46-248-189-222.rev.iq.pl

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:30::6812:367a (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

o2av.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	o2av.com o2av.com	135 KB
2	cutt.ly 2 redirects cutt.ly	429 B
8	2

	Domain	Requested by
8	o2av.com	o2av.com
2	cutt.ly	2 redirects
8	2

This site contains no links.

Subject Issuer	Validity	Valid
sni210717.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-15` - `2020-03-23`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEmFHckRaG73S4zoWOwrUgq8NtZVCE56jJdbvILhsKl2QAxmXD9TueYn1PBypfMi07702477230
Frame ID: 2C775D6D3F965AB5875226AB2BB3EEF0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://cutt.ly/Nre1PFp HTTP 302
https://cutt.ly/Nre1PFp HTTP 301
https://o2av.com/citadele-banka-auth/?id=9 Page URL
https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

135 kB
Transfer

187 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cutt.ly/Nre1PFp HTTP 302
https://cutt.ly/Nre1PFp HTTP 301
https://o2av.com/citadele-banka-auth/?id=9 Page URL
https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEmFHckRaG73S4zoWOwrUgq8NtZVCE56jJdbvILhsKl2QAxmXD9TueYn1PBypfMi07702477230 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://cutt.ly/Nre1PFp HTTP 302
https://cutt.ly/Nre1PFp HTTP 301
https://o2av.com/citadele-banka-auth/?id=9

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response o2av.com/citadele-banka-auth/ Redirect Chain http://cutt.ly/Nre1PFp https://cutt.ly/Nre1PFp https://o2av.com/citadele-banka-auth/?id=9	268 B 558 B	776ms 703ms	Document text/html	2606:4700:30::6812:367a Cloudflare
General Check archive.org Show headers Download Go to Full URL https://o2av.com/citadele-banka-auth/?id=9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:367a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/7.0.33 Resource Hash `f098da1123a106d7f9fad3cff6022a6b59b271c4541595e255dc306317fa2817` Request headers :method GET :authority o2av.com :scheme https :path /citadele-banka-auth/?id=9 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none sec-fetch-mode navigate accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Mon, 23 Dec 2019 16:47:06 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=dc960b7897235e63f7d1dc23fcc60d5ca1577119625; expires=Wed, 22-Jan-20 16:47:05 GMT; path=/; domain=.o2av.com; HttpOnly; SameSite=Lax vary Accept-Encoding x-powered-by PHP/7.0.33 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 549bd0be0a11cbac-VIE content-encoding br Redirect headers status 301 set-cookie PHPSESSID=mb0pbs5sal2dcpl1t3245820ke; path=/ expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-cache, no-store, must-revalidate pragma no-cache location https://o2av.com/citadele-banka-auth/?id=9 content-type text/html; charset=UTF-8 content-encoding gzip vary Accept-Encoding content-length 203 date Mon, 23 Dec 2019 16:47:05 GMT
GET H2	200	Primary Request index.html Show response o2av.com/citadele-banka-auth/lv/	6 KB 2 KB	241ms 241ms	Document text/html	2606:4700:30::6812:367a Cloudflare
General Check archive.org Show headers Download Go to Full URL https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEmFHckRaG73S4zoWOwrUgq8NtZVCE56jJdbvILhsKl2QAxmXD9TueYn1PBypfMi07702477230 Requested by Host: o2av.com URL: https://o2av.com/citadele-banka-auth/?id=9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:367a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `bd9874be1b169cd32e9914b5ab82ad4b5dfc31456c9acbb3a5278aafc5367a47` Request headers :method GET :authority o2av.com :scheme https :path /citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEmFHckRaG73S4zoWOwrUgq8NtZVCE56jJdbvILhsKl2QAxmXD9TueYn1PBypfMi07702477230 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site same-origin sec-fetch-mode navigate referer https://o2av.com/citadele-banka-auth/?id=9 accept-encoding gzip, deflate, br cookie __cfduid=dc960b7897235e63f7d1dc23fcc60d5ca1577119625 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://o2av.com/citadele-banka-auth/?id=9 Response headers status 200 date Mon, 23 Dec 2019 16:47:06 GMT content-type text/html vary Accept-Encoding last-modified Mon, 23 Dec 2019 06:33:38 GMT cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 549bd0c2789dcbac-VIE content-encoding br
GET H2	200	ibbf-verrel-85_0_9.css o2av.com/citadele-banka-auth/lv/	18 KB 4 KB	303ms 303ms	Stylesheet text/css	2606:4700:30::6812:367a Cloudflare
General Check archive.org Show headers Download Go to Full URL https://o2av.com/citadele-banka-auth/lv/ibbf-verrel-85_0_9.css Requested by Host: o2av.com URL: https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEmFHckRaG73S4zoWOwrUgq8NtZVCE56jJdbvILhsKl2QAxmXD9TueYn1PBypfMi07702477230 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:367a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `3ae3d62a59455b63a112008153f0c37f5ad02bbed3f42ae5c4cc8f803bd76c98` Request headers Referer https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEmFHckRaG73S4zoWOwrUgq8NtZVCE56jJdbvILhsKl2QAxmXD9TueYn1PBypfMi07702477230 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-type static date Mon, 23 Dec 2019 16:47:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Dec 2019 06:28:24 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding x-cache MISS content-type text/css status 200 cache-control max-age=14400 cf-ray 549bd0c47f4acbac-VIE
GET H2	200	lv-verrel-85_0_9.svg o2av.com/citadele-banka-auth/lv/	8 KB 3 KB	246ms 246ms	Image image/svg+xml	2606:4700:30::6812:367a Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://o2av.com/citadele-banka-auth/lv/lv-verrel-85_0_9.svg Requested by Host: o2av.com URL: https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEmFHckRaG73S4zoWOwrUgq8NtZVCE56jJdbvILhsKl2QAxmXD9TueYn1PBypfMi07702477230 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:367a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `f6ea8147a796c7dd400044088cd0f3f9802f2e59df4640ac47c90124468be062` Request headers Referer https://o2av.com/citadele-banka-auth/lv/index.html?XI9nhF2vakte51ql4bUpgcQwW7LVP8yDRs6uxKYT0H3JSrAMGZBOfjCoiNzdEmFHckRaG73S4zoWOwrUgq8NtZVCE56jJdbvILhsKl2QAxmXD9TueYn1PBypfMi07702477230 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 23 Dec 2019 16:47:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Dec 2019 06:28:28 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/svg+xml status 200 cache-control max-age=14400 cf-ray 549bd0c47f4bcbac-VIE
GET H2	200	OpenSans-Regular.otf o2av.com/citadele-banka-auth/lv/	38 KB 29 KB	382ms 382ms	Font font/otf	2606:4700:30::6812:367a Cloudflare
General Check archive.org Show headers Download Go to Full URL https://o2av.com/citadele-banka-auth/lv/OpenSans-Regular.otf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:367a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `f7a392ec9263fb7c4723cd2b3dd727ecb7abb08080d737fb51d5e2ba59a49e3d` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://o2av.com/citadele-banka-auth/lv/ibbf-verrel-85_0_9.css Origin https://o2av.com Response headers date Mon, 23 Dec 2019 16:47:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Dec 2019 06:28:28 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type font/otf status 200 cache-control max-age=14400 cf-ray 549bd0c67e27cbac-VIE
GET H2	200	Material-Design-Iconic-Font.woff2 o2av.com/citadele-banka-auth/lv/	37 KB 38 KB	386ms 385ms	Font font/woff2	2606:4700:30::6812:367a Cloudflare
General Check archive.org Show headers Download Go to Full URL https://o2av.com/citadele-banka-auth/lv/Material-Design-Iconic-Font.woff2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:367a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://o2av.com/citadele-banka-auth/lv/ibbf-verrel-85_0_9.css Origin https://o2av.com Response headers date Mon, 23 Dec 2019 16:47:07 GMT cf-cache-status MISS last-modified Mon, 23 Dec 2019 06:28:26 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type font/woff2 status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 549bd0c67e2bcbac-VIE content-length 38384
GET H2	200	OpenSans-Semibold.otf o2av.com/citadele-banka-auth/lv/	39 KB 29 KB	283ms 282ms	Font font/otf	2606:4700:30::6812:367a Cloudflare
General Check archive.org Show headers Download Go to Full URL https://o2av.com/citadele-banka-auth/lv/OpenSans-Semibold.otf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:367a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `c3ccd8bd926647c99b4bb5436ed01b330f633d1464b50d189e4a5367751d6055` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://o2av.com/citadele-banka-auth/lv/ibbf-verrel-85_0_9.css Origin https://o2av.com Response headers date Mon, 23 Dec 2019 16:47:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Dec 2019 06:28:28 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type font/otf status 200 cache-control max-age=14400 cf-ray 549bd0c67e2ccbac-VIE
GET H2	200	OpenSans-Bold.otf o2av.com/citadele-banka-auth/lv/	39 KB 29 KB	388ms 388ms	Font font/otf	2606:4700:30::6812:367a Cloudflare
General Check archive.org Show headers Download Go to Full URL https://o2av.com/citadele-banka-auth/lv/OpenSans-Bold.otf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::6812:367a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `d51609cb4e7b43c4383b62590a77afde105e6320a448d0473fb647531bd62582` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://o2av.com/citadele-banka-auth/lv/ibbf-verrel-85_0_9.css Origin https://o2av.com Response headers date Mon, 23 Dec 2019 16:47:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Dec 2019 06:28:28 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type font/otf status 200 cache-control max-age=14400 cf-ray 549bd0c67e2ecbac-VIE

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banka Citadele (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.o2av.com/	1970-01-19 06:48:31	Name: __cfduid Value: dc960b7897235e63f7d1dc23fcc60d5ca1577119625

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cutt.ly
o2av.com
2606:4700:30::6812:367a
46.248.189.222
3ae3d62a59455b63a112008153f0c37f5ad02bbed3f42ae5c4cc8f803bd76c98
bd9874be1b169cd32e9914b5ab82ad4b5dfc31456c9acbb3a5278aafc5367a47
c3ccd8bd926647c99b4bb5436ed01b330f633d1464b50d189e4a5367751d6055
d51609cb4e7b43c4383b62590a77afde105e6320a448d0473fb647531bd62582
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c
f098da1123a106d7f9fad3cff6022a6b59b271c4541595e255dc306317fa2817
f6ea8147a796c7dd400044088cd0f3f9802f2e59df4640ac47c90124468be062
f7a392ec9263fb7c4723cd2b3dd727ecb7abb08080d737fb51d5e2ba59a49e3d

o2av.com Open in urlscan Pro 2606:4700:30::6812:367a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

135 kBTransfer

187 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

o2av.com Open in urlscan Pro
2606:4700:30::6812:367a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

135 kB
Transfer

187 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!