thebarterexperts.top Open in urlscan Pro
93.157.63.172  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response thebarterexperts.top/IKO/	618 KB 619 KB	26ms 13ms	Document text/html	93.157.63.172 NFORCE
General Check archive.org Show headers Download Go to Full URL http://thebarterexperts.top/IKO/ Protocol HTTP/1.1 Server 93.157.63.172 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS starrywolf.weedcheap4you.com Software Apache / Resource Hash c29f44920da6534d908b7d6c1039089df4f5c6007aac0d57c2f851958ea06d97 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Wed, 09 Mar 2022 13:27:14 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	jquery.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/	274 KB 68 KB	67ms 24ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.js Requested by Host: thebarterexperts.top URL: http://thebarterexperts.top/IKO/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer http://thebarterexperts.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 09 Mar 2022 13:27:14 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 565511 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 69049 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:48 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec4-4472c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e2VEjqvzz0qAVW%2FO3SN35AlPeuXFgjOlzIzJRKzgQpio%2Bfvzyl3oZVGqhKMmPmIgInMvfC%2FZs7eZFdxPt35J1kDte7maegAKBIMA0ECJsgSooGsoBBD3Ow%2Fs5WWqHU2kL2fnrmm1OpBy%2FCXMwb%2BHy9ME"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6e94259df82ccc42-ZRH expires Mon, 27 Feb 2023 13:27:14 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.0/	84 KB 30 KB	47ms 10ms	Script text/javascript	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js Requested by Host: thebarterexperts.top URL: http://thebarterexperts.top/IKO/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer http://thebarterexperts.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Thu, 03 Mar 2022 09:36:39 GMT content-encoding gzip x-content-type-options nosniff age 532235 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30089 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 03 Mar 2023 09:36:39 GMT
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 29ece7b2e689f637d125e4049a960fd9d5a5a71ead05cb4a89660221bd671038 Request headers Accept-Language de-DE,de;q=0.9 Referer http://thebarterexperts.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	416x416_72VTFII_208_208.png www.pkobp.pl/media_files/CiCCh/iPKO/	50 KB 50 KB	200ms 30ms	Image image/png	193.109.225.100 INTELIGO
General Check archive.org Show headers Download Go to Show image Full URL https://www.pkobp.pl/media_files/CiCCh/iPKO/416x416_72VTFII_208_208.png Requested by Host: thebarterexperts.top URL: http://thebarterexperts.top/IKO/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 193.109.225.100 , Poland, ASN21344 (INTELIGO, PL), Reverse DNS www.pkobp.pl Software / Resource Hash efe9aa5ae8e5d8418f7ba7dc090e0515b14ade0ba157ce94ddbead8e6571e8b1 Request headers Accept-Language de-DE,de;q=0.9 Referer http://thebarterexperts.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Wed, 09 Mar 2022 13:27:15 GMT Last-Modified Tue, 01 Mar 2022 11:21:37 GMT X-Cacheable YES ETag "621e01c1-c7ce" Content-Type image/png cache-control max-age=7200, public, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 51150
GET H/1.1	200 OK	PKOBankPolski-Regular.woff thebarterexperts.top/IKO/gfx/	31 KB 31 KB	15ms 14ms	Font font/woff	93.157.63.172 NFORCE
General Check archive.org Show headers Download Go to Full URL http://thebarterexperts.top/IKO/gfx/PKOBankPolski-Regular.woff Requested by Host: thebarterexperts.top URL: http://thebarterexperts.top/IKO/ Protocol HTTP/1.1 Server 93.157.63.172 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS starrywolf.weedcheap4you.com Software Apache / Resource Hash 08e8695cc1177aba498bb4f0e97d406ab707ea76594495a0835708a120cf46ea Request headers Referer http://thebarterexperts.top/IKO/ Origin http://thebarterexperts.top Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Wed, 09 Mar 2022 13:27:14 GMT Last-Modified Thu, 03 Mar 2022 07:40:54 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 31720
GET H/1.1	200 OK	PKOBankPolski-Light.woff thebarterexperts.top/IKO/gfx/	32 KB 32 KB	28ms 15ms	Font font/woff	93.157.63.172 NFORCE
General Check archive.org Show headers Download Go to Full URL http://thebarterexperts.top/IKO/gfx/PKOBankPolski-Light.woff Requested by Host: thebarterexperts.top URL: http://thebarterexperts.top/IKO/ Protocol HTTP/1.1 Server 93.157.63.172 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS starrywolf.weedcheap4you.com Software Apache / Resource Hash cc44059f1adba7ca3a61f64b0a5e3647cb5f97c5dd569d5a3b64d7e42cd8d630 Request headers Referer http://thebarterexperts.top/IKO/ Origin http://thebarterexperts.top Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Wed, 09 Mar 2022 13:27:14 GMT Last-Modified Thu, 03 Mar 2022 07:40:46 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 32316
GET H/1.1	200 OK	PKOBankPolski-Bold.woff thebarterexperts.top/IKO/gfx/	31 KB 31 KB	28ms 15ms	Font font/woff	93.157.63.172 NFORCE
General Check archive.org Show headers Download Go to Full URL http://thebarterexperts.top/IKO/gfx/PKOBankPolski-Bold.woff Requested by Host: thebarterexperts.top URL: http://thebarterexperts.top/IKO/ Protocol HTTP/1.1 Server 93.157.63.172 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS starrywolf.weedcheap4you.com Software Apache / Resource Hash 8a3c82e7f180a04686064c7f6a267a930682882f3c26b1ae9ce478d5419b546c Request headers Referer http://thebarterexperts.top/IKO/ Origin http://thebarterexperts.top Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Wed, 09 Mar 2022 13:27:14 GMT Last-Modified Thu, 03 Mar 2022 07:40:40 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 31728

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PKO Bank Polski (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery function| IsEmpty1

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
thebarterexperts.top
www.pkobp.pl
193.109.225.100
2606:4700::6810:125e
2a00:1450:4001:828::200a
93.157.63.172
08e8695cc1177aba498bb4f0e97d406ab707ea76594495a0835708a120cf46ea
29ece7b2e689f637d125e4049a960fd9d5a5a71ead05cb4a89660221bd671038
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
8a3c82e7f180a04686064c7f6a267a930682882f3c26b1ae9ce478d5419b546c
c29f44920da6534d908b7d6c1039089df4f5c6007aac0d57c2f851958ea06d97
cc44059f1adba7ca3a61f64b0a5e3647cb5f97c5dd569d5a3b64d7e42cd8d630
efe9aa5ae8e5d8418f7ba7dc090e0515b14ade0ba157ce94ddbead8e6571e8b1