projetobarrigazero.com
Open in
urlscan Pro
45.156.24.243
Malicious Activity!
Public Scan
Submission: On December 18 via manual from LV — Scanned from DE
Summary
TLS certificate: Issued by R3 on December 18th 2022. Valid for: 3 months.
This is the only time projetobarrigazero.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banka Citadele (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 45.156.24.243 45.156.24.243 | 56971 (CLOUDBACK...) (CLOUDBACKBONE) | |
1 | 91.235.132.130 91.235.132.130 | 30286 (THM) (THM) | |
3 | 3 |
ASN56971 (CLOUDBACKBONE, HK)
PTR: dns9.parkpage.foundationapi.com
projetobarrigazero.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
projetobarrigazero.com
projetobarrigazero.com |
534 KB |
1 |
online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 3193 |
401 B |
3 | 2 |
Domain | Requested by | |
---|---|---|
2 | projetobarrigazero.com |
projetobarrigazero.com
|
1 | h.online-metrix.net |
srcdoc
|
3 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
online.citadele.lv |
www.citadele.lv |
Subject Issuer | Validity | Valid | |
---|---|---|---|
projetobarrigazero.com R3 |
2022-12-18 - 2023-03-18 |
3 months | crt.sh |
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1 |
2021-12-28 - 2023-01-23 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://projetobarrigazero.com/lol.php
Frame ID: 89B7ABE8D489BE2A8929FBD337E1AA9B
Requests: 7 HTTP requests in this frame
Frame:
data://truncated
Frame ID: AAC9E27ED735F4A8351120CCCC5094A6
Requests: 1 HTTP requests in this frame
Frame:
https://h.online-metrix.net/TOJrOBa3U5bSeum5?ba1517d3fa9cc7a8=zVxH0uY989x0IYgOli3eZu5JuRq1mS5TmUUBVy9twVCiJ5OSXelUfgPFE1Gc1knMtjcG1RAnpz7__Gn23O0jeidzrg_pzo681lt_ReJPWTqr_hPayBw8wRsPhBCtEMTGE1TAARsLGIb1Dpr2XXOAgF4wev8ydsnRKaMFwPMR1a2zAq1fdl158KtS6QYHrPTTLMKtznfduTvY4nG2vkg&jf=343336267161665f7a666635766c725d724f5a3248494465666635454556446d267b6b665f666174673533363f38353830383132267161665d767978673f776760386d63647b6324736b645f696d7b3d3b38373131383131303438353063383e363a63673166383230393234303a32613a3e36386b6d316c323b303330353831363030383236633435316c646638676339616663643134386e6d3731353c3263356730343231393c6132643534353a3635383a3339616633366d30616a6d346e3269366166616a36643b376b3136636133316c37393e323a34353936643d31333e3c3a30613f6537313b3c373064383c3533646735676a333969356463313537313b37616e6c247b6b6c5f716965353132363538303030313b3730303239673635346163373a32373030636a353c363164613a366430306c6136346632643135306b31303961626233696639306d3b6936313634323b3f323030313832646366306431623038313331326435676b60636c3f323a6469333032343e36346637316637393737636d35353b636761343032303f3365693e676b3230663261247b6b64703d39
Frame ID: F5CE0C74F391F7DA6FEC652DE1B6A3D9
Requests: 1 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: RU
Search URL Search Domain Scan URL
Title: EN
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Palīdzība
Search URL Search Domain Scan URL
Title: Informācija par Internetbanku
Search URL Search Domain Scan URL
Title: Internetbankas droša lietošana
Search URL Search Domain Scan URL
Title: www.citadele.lv
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
lol.php
projetobarrigazero.com/ |
529 KB 267 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lol.php
projetobarrigazero.com/ |
529 KB 267 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 KB 37 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
39 KB 39 KB |
Font
application/x-font-otf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
846 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame AAC9 |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TOJrOBa3U5bSeum5
h.online-metrix.net/ Frame F5CE |
0 401 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banka Citadele (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| oncontentvisibilityautostatechange function| savepage_ShadowLoader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
projetobarrigazero.com/ | Name: PHPSESSID Value: gdns1dvr2tn7ofq520u9k4smlu |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
h.online-metrix.net
projetobarrigazero.com
45.156.24.243
91.235.132.130
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
89acd447383d125aa4d6e5b693fea8237fbbfb7313d65e4ae8de5b58d81b9990
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
c3ccd8bd926647c99b4bb5436ed01b330f633d1464b50d189e4a5367751d6055
d5794ec5af63437a244a70be18d8f9c8cfe16b0bef99494f33a26d90c8b0532d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c