lbliaccess.victor-marquez.com Open in urlscan Pro
92.119.231.110 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_B...
Submission: On September 12 via api (September 12th 2022, 11:55:24 pm UTC) from JP — Scanned from JP

Summary HTTP 15 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 92.119.231.110, located in Kyiv, Ukraine and belongs to ARILOT-AS, UA. The main domain is lbliaccess.victor-marquez.com.
TLS certificate: Issued by R3 on September 12th 2022. Valid for: 3 months.

This is the only time lbliaccess.victor-marquez.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Land Bank of the Philippines (Banking)

Domain & IP information

	IP Address		AS Autonomous System
15	92.119.231.110 92.119.231.110		58066 (ARILOT-AS) (ARILOT-AS)
15	1

15 92.119.231.110 (Kyiv, Ukraine)

ASN58066 (ARILOT-AS, UA)
PTR: vm22473.onevdc.net

lbliaccess.victor-marquez.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	victor-marquez.com lbliaccess.victor-marquez.com	939 KB
15	1

	Domain	Requested by
15	lbliaccess.victor-marquez.com	lbliaccess.victor-marquez.com
15	1

This site contains links to these domains. Also see Links.

Domain
www.landbank.com
www.lbpiaccess.com

Subject Issuer	Validity	Valid
lbliaccess.victor-marquez.com R3	`2022-09-12` - `2022-12-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F
Frame ID: B9428EC7C130A781FA5DFE0FC6E0CC4E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LANDBANK iAccess Retail Internet Banking - Login

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

939 kB
Transfer

1270 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.landbank.com/about
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.landbank.com/find-us
Title: Find Us

Search URL Search Domain Scan URL

URL: https://www.lbpiaccess.com/register/enroll.xhtml
Title: Sign up now!

Search URL Search Domain Scan URL

URL: https://www.lbpiaccess.com/login/infolink?i=6
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.lbpiaccess.com/login/infolink?i=7
Title: here

Search URL Search Domain Scan URL

URL: https://www.lbpiaccess.com/unlock.xhtml
Title: Unlock ID

Search URL Search Domain Scan URL

URL: https://www.lbpiaccess.com/forgotpwd.xhtml
Title: Forgot Password

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response lbliaccess.victor-marquez.com/	120 KB 61 KB	1468ms 533ms	Document text/html	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `a0aa7e22aea62a35d382a9c6d68280d96db5c1ba03d33fd780a5fa0784ae8e88` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 12 Sep 2022 23:55:18 GMT ETag W/"1de35-5e8709bab5f0f" Keep-Alive timeout=60 Last-Modified Mon, 12 Sep 2022 01:13:49 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	tag.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Show response lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/	205 KB 81 KB	514ms 514ms	Script application/javascript	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/tag.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `4325463d5c17aebbc147fb20c300203304a6d06cbe4d8bfbff402ef6a9a5c8cc` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:18 GMT Content-Encoding gzip Last-Modified Mon, 12 Sep 2022 01:02:45 GMT Server nginx ETag W/"33345-5e870741b87fb" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60
GET H/1.1	200 OK	theme.css lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/	24 KB 4 KB	513ms 260ms	Stylesheet text/css	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/theme.css Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `a53860af9d2cacd37da468d99659572f9a84c9b9992e24fdd0bb167578b61c65` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:18 GMT Content-Encoding gzip Last-Modified Mon, 12 Sep 2022 01:02:44 GMT Server nginx ETag W/"631e8534-5f7c" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=315360000 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	font-awesome.css lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/	30 KB 7 KB	743ms 250ms	Stylesheet text/css	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/font-awesome.css Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `a9475d440f8c4bd9fc0e3f933d8d7fb92e11ca511282b8ed75e37de27f09f3c8` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Content-Encoding gzip Last-Modified Mon, 12 Sep 2022 01:02:35 GMT Server nginx ETag W/"631e852b-797b" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=315360000 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	style.css lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/	10 KB 3 KB	745ms 252ms	Stylesheet text/css	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/style.css Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `feb280592747c7522788dc142668e74fc20a5a05ecb9607b797297d8bcff52ae` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Content-Encoding gzip Last-Modified Mon, 12 Sep 2022 01:02:41 GMT Server nginx ETag W/"631e8531-2659" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=315360000 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	components.css lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/	116 KB 16 KB	1000ms 507ms	Stylesheet text/css	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/components.css Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `a70771861a0f2719f783ba89428a7c82633639d454d4a7052cf675ba6bfb7847` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Content-Encoding gzip Last-Modified Mon, 12 Sep 2022 01:02:33 GMT Server nginx ETag W/"631e8529-1d048" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=315360000 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	load.svg lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/	497 B 830 B	524ms 260ms	Image image/svg+xml	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/load.svg Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `8618d58131c908ac01c007a362a6b9a270a09bfee0c93f8cfcc44fcea6d2e382` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Last-Modified Mon, 12 Sep 2022 01:02:37 GMT Server nginx ETag "631e852d-1f1" Content-Type image/svg+xml Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 497 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	lbpiaccess.jpg lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/	441 KB 442 KB	495ms 494ms	Image image/jpeg	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/lbpiaccess.jpg Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `7bedd38060b64d53ad5c2ad1e2f330970cc61069f65d3d28a32809d329bfce23` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Last-Modified Mon, 12 Sep 2022 01:02:39 GMT Server nginx ETag "631e852f-6e577" Content-Type image/jpeg Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 451959 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	login_advisory.jpg_pfdrid_c=true lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/	323 KB 324 KB	272ms 271ms	Image image/jpeg	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/login_advisory.jpg_pfdrid_c=true Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `48ddcb3978f9fb030436fa1ac7428616d67b987ddd42200d695795a3d64f9bda` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Last-Modified Mon, 12 Sep 2022 01:02:42 GMT Server nginx ETag "50d8d-5e87073e83379" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 331149
GET H/1.1	404 Not Found	siteSeal.do lbliaccess.victor-marquez.com/LANDBANK_files/	0 0	522ms 263ms	Script text/html	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK_files/siteSeal.do Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Server nginx Connection keep-alive Keep-Alive timeout=60 Content-Length 224 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	siteSealImage.do lbliaccess.victor-marquez.com/LANDBANK_files/	229 B 229 B	290ms 289ms	Image text/html	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lbliaccess.victor-marquez.com/LANDBANK_files/siteSealImage.do Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `9357b9fec8715a4394299f21ac2a1ad4f2dfc7e09c920a4c07346e48a0e826df` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Server nginx Connection keep-alive Keep-Alive timeout=60 Content-Length 229 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	gmogs_image_125-50_en_dblue.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE lbliaccess.victor-marquez.com/LANDBANK_files/	0 0	250ms 250ms	Script text/html	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK_files/gmogs_image_125-50_en_dblue.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Server nginx Connection keep-alive Keep-Alive timeout=60 Content-Length 262 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	bancnet_logo.png lbliaccess.victor-marquez.com/LANDBANK_files/	229 B 229 B	280ms 280ms	Image text/html	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Show image Full URL https://lbliaccess.victor-marquez.com/LANDBANK_files/bancnet_logo.png Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash `24fb55ca694206084b422a8de7626c40a8d882259bedde93bbd9ac7b0bb14b83` Request headers accept-language jp-JP,jp;q=0.9 Referer https://lbliaccess.victor-marquez.com/?gclid=CjwKCAjwsfuYBhAZEiwA5a6CDHh-1NSYTOur25wZMzZIyeKr8Knq4QrLe0jNNQhfXU--QqZbuMzuQhoC6w8QAvD_BwE&id=5&url=https%3A%2F%2Fwww.lbpiaccess.com%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Server nginx Connection keep-alive Keep-Alive timeout=60 Content-Length 229 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	lato-regular-webfont.woff2.xhtml%3Fln=primefaces-frontoffice lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/fonts/	0 0	250ms 249ms	Font text/html	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/fonts/lato-regular-webfont.woff2.xhtml%3Fln=primefaces-frontoffice Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/theme.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash Request headers Referer https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/theme.css Origin https://lbliaccess.victor-marquez.com accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Server nginx Connection keep-alive Keep-Alive timeout=60 Content-Length 317 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	lato-regular-webfont.woff.xhtml%3Fln=primefaces-frontoffice lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/fonts/	0 0	249ms 249ms	Font text/html	92.119.231.110 ARILOT-AS
General Check archive.org Show headers Download Go to Full URL https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/fonts/lato-regular-webfont.woff.xhtml%3Fln=primefaces-frontoffice Requested by Host: lbliaccess.victor-marquez.com URL: https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/theme.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 92.119.231.110 Kyiv, Ukraine, ASN58066 (ARILOT-AS, UA), Reverse DNS vm22473.onevdc.net Software nginx / Resource Hash Request headers Referer https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/theme.css Origin https://lbliaccess.victor-marquez.com accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Mon, 12 Sep 2022 23:55:19 GMT Server nginx Connection keep-alive Keep-Alive timeout=60 Content-Length 316 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Land Bank of the Philippines (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://lbliaccess.victor-marquez.com/LANDBANK_files/siteSeal.do Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://lbliaccess.victor-marquez.com/LANDBANK_files/gmogs_image_125-50_en_dblue.js.%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%BE Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://lbliaccess.victor-marquez.com/LANDBANK_files/bancnet_logo.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://lbliaccess.victor-marquez.com/LANDBANK_files/siteSealImage.do Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/fonts/lato-regular-webfont.woff2.xhtml%3Fln=primefaces-frontoffice Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://lbliaccess.victor-marquez.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Login_files/fonts/lato-regular-webfont.woff.xhtml%3Fln=primefaces-frontoffice Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lbliaccess.victor-marquez.com
92.119.231.110
24fb55ca694206084b422a8de7626c40a8d882259bedde93bbd9ac7b0bb14b83
4325463d5c17aebbc147fb20c300203304a6d06cbe4d8bfbff402ef6a9a5c8cc
48ddcb3978f9fb030436fa1ac7428616d67b987ddd42200d695795a3d64f9bda
7bedd38060b64d53ad5c2ad1e2f330970cc61069f65d3d28a32809d329bfce23
8618d58131c908ac01c007a362a6b9a270a09bfee0c93f8cfcc44fcea6d2e382
9357b9fec8715a4394299f21ac2a1ad4f2dfc7e09c920a4c07346e48a0e826df
a0aa7e22aea62a35d382a9c6d68280d96db5c1ba03d33fd780a5fa0784ae8e88
a53860af9d2cacd37da468d99659572f9a84c9b9992e24fdd0bb167578b61c65
a70771861a0f2719f783ba89428a7c82633639d454d4a7052cf675ba6bfb7847
a9475d440f8c4bd9fc0e3f933d8d7fb92e11ca511282b8ed75e37de27f09f3c8
feb280592747c7522788dc142668e74fc20a5a05ecb9607b797297d8bcff52ae

lbliaccess.victor-marquez.com Open in urlscan Pro 92.119.231.110 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

939 kBTransfer

1270 kBSize

0 Cookies

7 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

6 Console Messages

Indicators

lbliaccess.victor-marquez.com Open in urlscan Pro
92.119.231.110 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

939 kB
Transfer

1270 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!