projetobarrigazero.com Open in urlscan Pro
45.156.24.243 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://projetobarrigazero.com/lol.php
Submission: On December 18 via manual (December 18th 2022, 1:52:26 pm UTC) from LV — Scanned from DE

Summary HTTP 3 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 45.156.24.243, located in Hong Kong and belongs to CLOUDBACKBONE, HK. The main domain is projetobarrigazero.com.
TLS certificate: Issued by R3 on December 18th 2022. Valid for: 3 months.

This is the only time projetobarrigazero.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banka Citadele (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	45.156.24.243 45.156.24.243	56971 (CLOUDBACK...) (CLOUDBACKBONE)
1	91.235.132.130 91.235.132.130	30286 (THM) (THM)
3	3

2 45.156.24.243 (Hong Kong)

ASN56971 (CLOUDBACKBONE, HK)
PTR: dns9.parkpage.foundationapi.com

projetobarrigazero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	projetobarrigazero.com projetobarrigazero.com	534 KB
1	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 3193	401 B
3	2

	Domain	Requested by
2	projetobarrigazero.com	projetobarrigazero.com
1	h.online-metrix.net	srcdoc
3	2

This site contains links to these domains. Also see Links.

Domain
online.citadele.lv
www.citadele.lv

Subject Issuer	Validity	Valid
projetobarrigazero.com R3	`2022-12-18` - `2023-03-18`	3 months	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-12-28` - `2023-01-23`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://projetobarrigazero.com/lol.php
Frame ID: 89B7ABE8D489BE2A8929FBD337E1AA9B
Requests: 7 HTTP requests in this frame

Frame: data://truncated
Frame ID: AAC9E27ED735F4A8351120CCCC5094A6
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/TOJrOBa3U5bSeum5?ba1517d3fa9cc7a8=zVxH0uY989x0IYgOli3eZu5JuRq1mS5TmUUBVy9twVCiJ5OSXelUfgPFE1Gc1knMtjcG1RAnpz7__Gn23O0jeidzrg_pzo681lt_ReJPWTqr_hPayBw8wRsPhBCtEMTGE1TAARsLGIb1Dpr2XXOAgF4wev8ydsnRKaMFwPMR1a2zAq1fdl158KtS6QYHrPTTLMKtznfduTvY4nG2vkg&jf=343336267161665f7a666635766c725d724f5a3248494465666635454556446d267b6b665f666174673533363f38353830383132267161665d767978673f776760386d63647b6324736b645f696d7b3d3b38373131383131303438353063383e363a63673166383230393234303a32613a3e36386b6d316c323b303330353831363030383236633435316c646638676339616663643134386e6d3731353c3263356730343231393c6132643534353a3635383a3339616633366d30616a6d346e3269366166616a36643b376b3136636133316c37393e323a34353936643d31333e3c3a30613f6537313b3c373064383c3533646735676a333969356463313537313b37616e6c247b6b6c5f716965353132363538303030313b3730303239673635346163373a32373030636a353c363164613a366430306c6136346632643135306b31303961626233696639306d3b6936313634323b3f323030313832646366306431623038313331326435676b60636c3f323a6469333032343e36346637316637393737636d35353b636761343032303f3365693e676b3230663261247b6b64703d39
Frame ID: F5CE0C74F391F7DA6FEC652DE1B6A3D9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Citadele internetbanka

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

611 kB
Transfer

1143 kB
Size

1
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citadele.lv/ibbf/ru_lv?loginType=codecard_calculator
Title: RU

Search URL Search Domain Scan URL

URL: https://online.citadele.lv/ibbf/en_lv?loginType=codecard_calculator
Title: EN

Search URL Search Domain Scan URL

URL: https://online.citadele.lv/ibbf/lv_lv

Search URL Search Domain Scan URL

URL: https://online.citadele.lv/ibhelp/login_lv_lv.htm
Title: Palīdzība

Search URL Search Domain Scan URL

URL: https://www.citadele.lv/lv/support/online-banking/
Title: Informācija par Internetbanku

Search URL Search Domain Scan URL

URL: https://online.citadele.lv/ibhelp/security_lv_lv.htm
Title: Internetbankas droša lietošana

Search URL Search Domain Scan URL

URL: https://www.citadele.lv/lv/
Title: www.citadele.lv

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request lol.php Show response
projetobarrigazero.com/ 529 KB
267 KB 325ms
114ms Document
text/html 45.156.24.243
CLOUDBACKBONE

General

Check archive.org

Show headers Download Go to

Full URL: https://projetobarrigazero.com/lol.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.156.24.243 , Hong Kong, ASN56971 (CLOUDBACKBONE, HK),
Reverse DNS: dns9.parkpage.foundationapi.com
Software: nginx/1.22.1 /
Resource Hash: 89acd447383d125aa4d6e5b693fea8237fbbfb7313d65e4ae8de5b58d81b9990

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 18 Dec 2022 13:52:22 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.22.1
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1 200
OK lol.php
projetobarrigazero.com/ 529 KB
267 KB 64ms
59ms Font
text/html 45.156.24.243
CLOUDBACKBONE

General

Check archive.org

Show headers Download Go to

Full URL: https://projetobarrigazero.com/lol.php
Requested by: Host: projetobarrigazero.com
URL: https://projetobarrigazero.com/lol.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.156.24.243 , Hong Kong, ASN56971 (CLOUDBACKBONE, HK),
Reverse DNS: dns9.parkpage.foundationapi.com
Software: nginx/1.22.1 /
Resource Hash: 89acd447383d125aa4d6e5b693fea8237fbbfb7313d65e4ae8de5b58d81b9990

Request headers

Referer: https://projetobarrigazero.com/lol.php
Origin: https://projetobarrigazero.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 18 Dec 2022 13:52:22 GMT
Content-Encoding: gzip
Server: nginx/1.22.1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
DATA 200
OK truncated
/ 37 KB
37 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

Request headers

Referer
Origin: https://projetobarrigazero.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5794ec5af63437a244a70be18d8f9c8cfe16b0bef99494f33a26d90c8b0532d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 39 KB
39 KB Font
application/x-font-otf

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3ccd8bd926647c99b4bb5436ed01b330f633d1464b50d189e4a5367751d6055

Request headers

Referer
Origin: https://projetobarrigazero.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/x-font-otf

GET
DATA 200
OK truncated
/ 846 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame AAC9 81 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 204
204 TOJrOBa3U5bSeum5
h.online-metrix.net/ Frame F5CE 0
401 B 66ms
13ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/TOJrOBa3U5bSeum5?ba1517d3fa9cc7a8=zVxH0uY989x0IYgOli3eZu5JuRq1mS5TmUUBVy9twVCiJ5OSXelUfgPFE1Gc1knMtjcG1RAnpz7__Gn23O0jeidzrg_pzo681lt_ReJPWTqr_hPayBw8wRsPhBCtEMTGE1TAARsLGIb1Dpr2XXOAgF4wev8ydsnRKaMFwPMR1a2zAq1fdl158KtS6QYHrPTTLMKtznfduTvY4nG2vkg&jf=343336267161665f7a666635766c725d724f5a3248494465666635454556446d267b6b665f666174673533363f38353830383132267161665d767978673f776760386d63647b6324736b645f696d7b3d3b38373131383131303438353063383e363a63673166383230393234303a32613a3e36386b6d316c323b303330353831363030383236633435316c646638676339616663643134386e6d3731353c3263356730343231393c6132643534353a3635383a3339616633366d30616a6d346e3269366166616a36643b376b3136636133316c37393e323a34353936643d31333e3c3a30613f6537313b3c373064383c3533646735676a333969356463313537313b37616e6c247b6b6c5f716965353132363538303030313b3730303239673635346163373a32373030636a353c363164613a366430306c6136346632643135306b31303961626233696639306d3b6936313634323b3f323030313832646366306431623038313331326435676b60636c3f323a6469333032343e36346637316637393737636d35353b636761343032303f3365693e676b3230663261247b6b64703d39

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 18 Dec 2022 13:52:22 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banka Citadele (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontentvisibilityautostatechange function| savepage_ShadowLoader

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			projetobarrigazero.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: gdns1dvr2tn7ofq520u9k4smlu

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://projetobarrigazero.com/lol.php Message: Failed to decode downloaded font: https://projetobarrigazero.com/lol.php
other	warning	URL: https://projetobarrigazero.com/lol.php Message: OTS parsing error: invalid sfntVersion: 168430090
other	warning	URL: https://projetobarrigazero.com/lol.php Message: Failed to decode downloaded font: https://projetobarrigazero.com/lol.php
other	warning	URL: https://projetobarrigazero.com/lol.php Message: OTS parsing error: invalid sfntVersion: 168430090
other	warning	URL: https://projetobarrigazero.com/lol.php Message: Failed to decode downloaded font: https://projetobarrigazero.com/lol.php
other	warning	URL: https://projetobarrigazero.com/lol.php Message: OTS parsing error: invalid sfntVersion: 168430090
other	warning	URL: https://projetobarrigazero.com/lol.php Message: Failed to decode downloaded font: https://projetobarrigazero.com/lol.php
other	warning	URL: https://projetobarrigazero.com/lol.php Message: OTS parsing error: invalid sfntVersion: 168430090
other	warning	URL: https://projetobarrigazero.com/lol.php Message: Failed to decode downloaded font: https://projetobarrigazero.com/lol.php
other	warning	URL: https://projetobarrigazero.com/lol.php Message: OTS parsing error: invalid sfntVersion: 168430090
other	warning	URL: https://projetobarrigazero.com/lol.php Message: Failed to decode downloaded font: https://projetobarrigazero.com/lol.php
other	warning	URL: https://projetobarrigazero.com/lol.php Message: OTS parsing error: invalid sfntVersion: 168430090

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

h.online-metrix.net
projetobarrigazero.com
45.156.24.243
91.235.132.130
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
89acd447383d125aa4d6e5b693fea8237fbbfb7313d65e4ae8de5b58d81b9990
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
c3ccd8bd926647c99b4bb5436ed01b330f633d1464b50d189e4a5367751d6055
d5794ec5af63437a244a70be18d8f9c8cfe16b0bef99494f33a26d90c8b0532d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

projetobarrigazero.com Open in urlscan Pro 45.156.24.243 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

611 kBTransfer

1143 kBSize

1 Cookies

7 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

12 Console Messages

Indicators

projetobarrigazero.com Open in urlscan Pro
45.156.24.243 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

611 kB
Transfer

1143 kB
Size

1
Cookies

3 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!