a1.somotaro.com Open in urlscan Pro
193.106.175.107 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://a1.somotaro.com/
Submission: On June 14 via api (June 14th 2023, 5:20:11 am UTC) from GB — Scanned from GB

Summary HTTP 23 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 23 HTTP transactions. The main IP is 193.106.175.107, located in Russian Federation and belongs to IQHOST, RU. The main domain is a1.somotaro.com.
TLS certificate: Issued by R3 on May 19th 2023. Valid for: 3 months.

This is the only time a1.somotaro.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Barclays (Banking)

Domain & IP information

	IP Address		AS Autonomous System
22	193.106.175.107 193.106.175.107		50465 (IQHOST) (IQHOST)
23	2

22 193.106.175.107 (Russian Federation)

ASN50465 (IQHOST, RU)

a1.somotaro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	somotaro.com a1.somotaro.com	172 KB
23	1

	Domain	Requested by
22	a1.somotaro.com	a1.somotaro.com
23	1

This site contains links to these domains. Also see Links.

Domain
bank.barclays.co.uk
www.barclays.co.uk
www.lendingstandardsboard.org.uk
www.premierleague.com

Subject Issuer	Validity	Valid
a1.somotaro.com R3	`2023-05-19` - `2023-08-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://a1.somotaro.com/
Frame ID: 3C9C629BDDED47F3E3C0FC7E4EEDEFE0
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Step 1 - Who are you? - Barclays Online Banking

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

96 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

172 kB
Transfer

429 kB
Size

4
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://bank.barclays.co.uk/olb/auth/MobiLoginLink.action
Title: Mobile site

Search URL Search Domain Scan URL

URL: http://www.barclays.co.uk/Contactus/Contactus/
Title: Contact us

Search URL Search Domain Scan URL

URL: http://www.barclays.co.uk/security
Title: Security

Search URL Search Domain Scan URL

URL: http://www.barclays.co.uk/accessibility/
Title: Accessibility

Search URL Search Domain Scan URL

URL: http://www.barclays.co.uk/

Search URL Search Domain Scan URL

URL: https://bank.barclays.co.uk/olb/auth/RegistrationLink_display.action
Title: Register now

Search URL Search Domain Scan URL

URL: http://www.lendingstandardsboard.org.uk/
Title: www.lendingstandardsboard.org.uk

Search URL Search Domain Scan URL

URL: http://www.premierleague.com/
Title: Proud sponsors of the Barclays Premier League

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response a1.somotaro.com/	24 KB 6 KB	859ms 282ms	Document text/html	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `80cabafde762ce5d9635ebd86c9bc1c9a1a25eac2f1e770791cf978a291f174e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding gzip Content-Length 6176 Content-Type text/html; charset=UTF-8 Date Wed, 14 Jun 2023 05:20:05 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx/1.14.2 Vary Accept-Encoding
GET H/1.1	200 OK	barclays-ftb-login.css a1.somotaro.com/data/ftb/css/main/	203 KB 22 KB	287ms 287ms	Stylesheet text/css	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `312480b8f9cad225107dde480710455bda9c1bb4f2246fcd69c927790096b36e` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Content-Encoding gzip Last-Modified Mon, 09 May 2016 10:37:20 GMT Server nginx/1.14.2 ETag "32c1a-5326664a2d800-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 22481
GET H/1.1	200 OK	jquery.min.js Show response a1.somotaro.com/data/	84 KB 29 KB	521ms 280ms	Script application/javascript	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/data/jquery.min.js Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Content-Encoding gzip Last-Modified Wed, 16 Mar 2016 11:13:20 GMT Server nginx/1.14.2 ETag "14e55-52e2899f39400-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 29885
GET H/1.1	200 OK	visible Show response a1.somotaro.com/gcore/	4 KB 2 KB	522ms 276ms	Script application/javascript	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/gcore/visible Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `a8ca61ede2d4dd8c6b9626ccee0bd75e6d347603e2dc08e69f195fff19c09966` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Content-Encoding gzip Last-Modified Fri, 04 Mar 2022 14:31:06 GMT Server nginx/1.14.2 ETag "e8c-5d9655d6e7e80-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 1396
GET H/1.1	200 OK	jslib Show response a1.somotaro.com/gcore/	10 KB 3 KB	526ms 278ms	Script application/javascript	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/gcore/jslib Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `faca32b854ce3d67dea6b3a5558a88e4c68806c6d8eab10ac8423080cc16ba2a` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Content-Encoding gzip Last-Modified Fri, 04 Mar 2022 14:31:06 GMT Server nginx/1.14.2 ETag "26fd-5d9655d6e7e80-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 2898
GET H/1.1	200 OK	barclays-logo.png a1.somotaro.com/data/	4 KB 4 KB	175ms 175ms	Image image/png	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/barclays-logo.png Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `84c858297d140080df2011346dee575ec7c5f0a7d016a50f21f7cbfb2cd998f0` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 07:12:22 GMT Server nginx/1.14.2 ETag "ec0-53263879e4180" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 3776
GET H/1.1	200 OK	card_number_card.jpg a1.somotaro.com/data/	6 KB 7 KB	172ms 172ms	Image image/jpeg	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/card_number_card.jpg Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `6ee1441c9f75388b957221fbc58d686c840012e845ed6e43b9a1cf85ac003e6d` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 07:10:30 GMT Server nginx/1.14.2 ETag "1944-5326380f14580" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 6468
GET H/1.1	200 OK	sortcode_account_number_card.jpg a1.somotaro.com/data/	6 KB 6 KB	168ms 168ms	Image image/jpeg	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/sortcode_account_number_card.jpg Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `d0060cbe7b7e1348fd897b9c2b80fdc0c2c549d9774d3f691a7eb443bd5c6466` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 07:10:30 GMT Server nginx/1.14.2 ETag "1847-5326380f14580" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 6215
GET H/1.1	200 OK	fscs.jpg a1.somotaro.com/data/	13 KB 14 KB	173ms 173ms	Image image/jpeg	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/fscs.jpg Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `e6bbce0b0f37c070f628375ca7e831f2fa3ae60ff61636103751955a2df6fd01` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 07:12:22 GMT Server nginx/1.14.2 ETag "3560-53263879e4180" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 13664
GET H/1.1	200 OK	premier_league_masthead.jpg a1.somotaro.com/data/	4 KB 4 KB	588ms 171ms	Image image/jpeg	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/premier_league_masthead.jpg Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `af05f228e3f1106781aad44a0e8f12b500dfbb99e530a9ff91234bd0d4cdc495` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:07 GMT Last-Modified Mon, 09 May 2016 07:12:22 GMT Server nginx/1.14.2 ETag "1105-53263879e4180" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 4357
GET H/1.1	200 OK	barclays-logo.gif a1.somotaro.com/data/img/logos/	4 KB 4 KB	592ms 169ms	Image image/gif	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/img/logos/barclays-logo.gif Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `3a059a66277e8a87067c50187849c9f65817c72873f8c71785d08f4023a6b9f3` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:07 GMT Last-Modified Mon, 09 May 2016 08:09:06 GMT Server nginx/1.14.2 ETag "ef7-5326452832c80" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 3831
GET H/1.1	200 OK	login-panel-header-active-arrow.gif a1.somotaro.com/data/ftb/img/ftb/	129 B 371 B	502ms 175ms	Image image/gif	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/ftb/img/ftb/login-panel-header-active-arrow.gif Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `5aa9eb84540df9c6f43f3981b94e798bf5dacd1129558c7293be37799b7fdcff` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:07 GMT Last-Modified Mon, 09 May 2016 08:08:22 GMT Server nginx/1.14.2 ETag "81-532644fe3c980" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 129
GET H/1.1	200 OK	radio-sprite.gif a1.somotaro.com/data/ftb/img/ftb/	860 B 1 KB	560ms 173ms	Image image/gif	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/ftb/img/ftb/radio-sprite.gif Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `4710f88c657b9ce094b80cf825b3c4c981499501de33ded45929dcdcede6e6f8` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:07 GMT Last-Modified Mon, 09 May 2016 08:07:46 GMT Server nginx/1.14.2 ETag "35c-532644dbe7880" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 860
GET H/1.1	200 OK	checkbox-sprite.png a1.somotaro.com/data/ftb/img/ftb/checkbox/	642 B 885 B	550ms 175ms	Image image/png	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/ftb/img/ftb/checkbox/checkbox-sprite.png Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `57ab67ac4ba7a87aeb13ef126842854ace4a226232138fb6b7f8f13ed4925f47` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:07 GMT Last-Modified Mon, 09 May 2016 09:17:56 GMT Server nginx/1.14.2 ETag "282-5326548adf900" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 642
GET H/1.1	200 OK	login-panel-header-disabled-arrow.gif a1.somotaro.com/data/ftb/img/ftb/	183 B 425 B	408ms 175ms	Image image/gif	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/ftb/img/ftb/login-panel-header-disabled-arrow.gif Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `de1660f0952bc3a9a3cba3c5bd504f8c779578c9bc5eea310e009f270df73309` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 09:18:10 GMT Server nginx/1.14.2 ETag "b7-5326549839880" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 183
GET H/1.1	200 OK	side-bar-arrow.png a1.somotaro.com/data/ftb/img/ftb/	224 B 466 B	388ms 167ms	Image image/png	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Show image Full URL https://a1.somotaro.com/data/ftb/img/ftb/side-bar-arrow.png Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `71182ea40b9cc96fd288f8d5d2bdd0834a0bebc6d15cdabfc03170494b93a819` Request headers accept-language en-GB,en;q=0.9 Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 08:05:56 GMT Server nginx/1.14.2 ETag "e0-5326447300100" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 224
GET H/1.1	200 OK	expertsans-bold-webfont.woff a1.somotaro.com/data/ftb/fonts/	20 KB 20 KB	408ms 266ms	Font font/woff	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/data/ftb/fonts/expertsans-bold-webfont.woff Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `adeb37a325b72a5382a603c575caf390f1fe968f60a266679c18bf6ff61317cc` Request headers Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Origin https://a1.somotaro.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 08:08:46 GMT Server nginx/1.14.2 ETag "4e70-532645151ff80" Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 20080
GET H/1.1	200 OK	expertsans-light-webfont.woff a1.somotaro.com/data/ftb/fonts/	22 KB 22 KB	383ms 223ms	Font font/woff	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/data/ftb/fonts/expertsans-light-webfont.woff Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `f56f823e0bd75388778cbccca78bcf7453c2c03c889274da7b47eebbc37b86b5` Request headers Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Origin https://a1.somotaro.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 08:07:56 GMT Server nginx/1.14.2 ETag "5854-532644e570f00" Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 22612
GET H/1.1	200 OK	ftb-new-login-icons.woff a1.somotaro.com/data/ftb/fonts/	2 KB 2 KB	335ms 171ms	Font font/woff	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/data/ftb/fonts/ftb-new-login-icons.woff Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `86869093c47433c73001830f69b74bdef672acc8aa8c6b63b8fa2cf02d610b28` Request headers Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Origin https://a1.somotaro.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 08:06:38 GMT Server nginx/1.14.2 ETag "7d0-5326449b0df80" Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 2000
GET H/1.1	200 OK	expertsans-regular-webfont.woff a1.somotaro.com/data/ftb/fonts/	21 KB 22 KB	395ms 230ms	Font font/woff	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/data/ftb/fonts/expertsans-regular-webfont.woff Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f` Request headers Referer https://a1.somotaro.com/data/ftb/css/main/barclays-ftb-login.css Origin https://a1.somotaro.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Date Wed, 14 Jun 2023 05:20:06 GMT Last-Modified Mon, 09 May 2016 08:06:18 GMT Server nginx/1.14.2 ETag "55a4-53264487fb280" Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 21924
GET H/1.1	200 OK	gcgid Show response a1.somotaro.com/default/	272 B 1 KB	656ms 268ms	XHR text/html	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/default/gcgid?bid=%40ID%40&bank=18&_=1686720006583 Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `2db3e337a1c8e5991f4ac10f837c7eba5de448ae5b0030b4982ce871a54096b3` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://a1.somotaro.com/ X-Requested-With XMLHttpRequest accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Pragma no-cache Date Wed, 14 Jun 2023 05:20:07 GMT Content-Encoding gzip Server nginx/1.14.2 Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 193 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	prepare Show response a1.somotaro.com/default/gate/	0 278 B	411ms 410ms	XHR application/json	193.106.175.107 IQHOST
General Check archive.org Show headers Download Go to Full URL https://a1.somotaro.com/default/gate/prepare?bank=18&gid=50c082238b4ce4fedac1f9c3966db965cb6a74f1c7fc1fe13f2952b8a1df4ff0&bid=%40ID%40&bgroup=%40GROUP%40 Requested by Host: a1.somotaro.com URL: https://a1.somotaro.com/data/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 193.106.175.107 , Russian Federation, ASN50465 (IQHOST, RU), Reverse DNS Software nginx/1.14.2 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://a1.somotaro.com/ X-Requested-With XMLHttpRequest accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Pragma no-cache Date Wed, 14 Jun 2023 05:20:07 GMT Server nginx/1.14.2 Content-Type application/json; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 0 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET		update a1.somotaro.com/default/gate/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: a1.somotaro.com
URL: https://a1.somotaro.com/default/gate/update?userActivity=1&process=0&bid=%40ID%40&bgroup=%40GROUP%40

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Barclays (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
a1.somotaro.com/default/gcgid	1970-01-20 22:08:00	Name: gid Value: 50c082238b4ce4fedac1f9c3966db965cb6a74f1c7fc1fe13f2952b8a1df4ff0
a1.somotaro.com/gcore/gcgid	1970-01-20 22:08:00	Name: gid Value: 50c082238b4ce4fedac1f9c3966db965cb6a74f1c7fc1fe13f2952b8a1df4ff0
a1.somotaro.com/gcgid	1970-01-20 22:08:00	Name: gid Value: 50c082238b4ce4fedac1f9c3966db965cb6a74f1c7fc1fe13f2952b8a1df4ff0
a1.somotaro.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3tnd82tolkbp1pcogfspr57697

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.somotaro.com
a1.somotaro.com
193.106.175.107
2db3e337a1c8e5991f4ac10f837c7eba5de448ae5b0030b4982ce871a54096b3
312480b8f9cad225107dde480710455bda9c1bb4f2246fcd69c927790096b36e
3a059a66277e8a87067c50187849c9f65817c72873f8c71785d08f4023a6b9f3
4710f88c657b9ce094b80cf825b3c4c981499501de33ded45929dcdcede6e6f8
4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f
57ab67ac4ba7a87aeb13ef126842854ace4a226232138fb6b7f8f13ed4925f47
5aa9eb84540df9c6f43f3981b94e798bf5dacd1129558c7293be37799b7fdcff
6ee1441c9f75388b957221fbc58d686c840012e845ed6e43b9a1cf85ac003e6d
71182ea40b9cc96fd288f8d5d2bdd0834a0bebc6d15cdabfc03170494b93a819
80cabafde762ce5d9635ebd86c9bc1c9a1a25eac2f1e770791cf978a291f174e
84c858297d140080df2011346dee575ec7c5f0a7d016a50f21f7cbfb2cd998f0
86869093c47433c73001830f69b74bdef672acc8aa8c6b63b8fa2cf02d610b28
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
a8ca61ede2d4dd8c6b9626ccee0bd75e6d347603e2dc08e69f195fff19c09966
adeb37a325b72a5382a603c575caf390f1fe968f60a266679c18bf6ff61317cc
af05f228e3f1106781aad44a0e8f12b500dfbb99e530a9ff91234bd0d4cdc495
d0060cbe7b7e1348fd897b9c2b80fdc0c2c549d9774d3f691a7eb443bd5c6466
de1660f0952bc3a9a3cba3c5bd504f8c779578c9bc5eea310e009f270df73309
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6bbce0b0f37c070f628375ca7e831f2fa3ae60ff61636103751955a2df6fd01
f56f823e0bd75388778cbccca78bcf7453c2c03c889274da7b47eebbc37b86b5
faca32b854ce3d67dea6b3a5558a88e4c68806c6d8eab10ac8423080cc16ba2a

a1.somotaro.com Open in urlscan Pro 193.106.175.107 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

23 Requests

96 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

172 kBTransfer

429 kBSize

4 Cookies

8 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

4 Cookies

Indicators

a1.somotaro.com Open in urlscan Pro
193.106.175.107 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

96 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

172 kB
Transfer

429 kB
Size

4
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!