onllne-cltadelle-lv.agpglss.com
Open in
urlscan Pro
193.143.1.123
Malicious Activity!
Public Scan
Effective URL: https://onllne-cltadelle-lv.agpglss.com/
Submission: On December 03 via manual from LV — Scanned from CH
Summary
TLS certificate: Issued by R10 on November 25th 2024. Valid for: 3 months.
This is the only time onllne-cltadelle-lv.agpglss.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banka Citadele (Banking)Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 193.143.1.123 193.143.1.123 | 198953 (proton66 ...) (proton66 Proton66 OOO) | |
13 | 91.235.133.182 91.235.133.182 | 30286 (THM) (THM) | |
1 3 | 91.235.132.130 91.235.132.130 | 30286 (THM) (THM) | |
1 | 2620:f3:0:14:... 2620:f3:0:14:b401:8ee8:4321:ad82 | 30286 (THM) (THM) | |
1 | 91.235.134.131 91.235.134.131 | 30286 (THM) (THM) | |
30 | 5 |
ASN198953 (proton66 Proton66 OOO, RU)
onllne-cltadelle-lv.agpglss.com |
ASN30286 (THM, US)
aom4xb8t76rl5sulx4hnxf52khfwp2aj4nqz5ijz6271290ad6092fceam1.e.aa.online-metrix.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
citadele.lv
content.citadele.lv |
86 KB |
13 |
agpglss.com
onllne-cltadelle-lv.agpglss.com |
283 KB |
5 |
online-metrix.net
1 redirects
h.online-metrix.net — Cisco Umbrella Rank: 2565 h64.online-metrix.net — Cisco Umbrella Rank: 2033 aom4xb8t76rl5sulx4hnxf52khfwp2aj4nqz5ijz6271290ad6092fceam1.e.aa.online-metrix.net |
2 KB |
30 | 3 |
Domain | Requested by | |
---|---|---|
13 | content.citadele.lv |
onllne-cltadelle-lv.agpglss.com
content.citadele.lv |
13 | onllne-cltadelle-lv.agpglss.com |
onllne-cltadelle-lv.agpglss.com
|
3 | h.online-metrix.net |
1 redirects
content.citadele.lv
|
1 | aom4xb8t76rl5sulx4hnxf52khfwp2aj4nqz5ijz6271290ad6092fceam1.e.aa.online-metrix.net | |
1 | h64.online-metrix.net |
content.citadele.lv
|
30 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
onllne-cltadelle-lv.agpglss.com R10 |
2024-11-25 - 2025-02-23 |
3 months | crt.sh |
content.citadele.lv Sectigo RSA Domain Validation Secure Server CA |
2024-03-04 - 2025-04-04 |
a year | crt.sh |
online-metrix.net Viking Cloud Organization Validation CA, Level 1 |
2024-09-19 - 2025-10-20 |
a year | crt.sh |
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1 |
2024-09-19 - 2025-10-20 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
https://onllne-cltadelle-lv.agpglss.com/
Frame ID: 5CAAB9638132E4DD45A3A24DC69DE552
Requests: 14 HTTP requests in this frame
Frame:
https://content.citadele.lv/fl4gOhP1pd-OWXcU?378bffc64708d336=NisHtJoe785TXDfPQtUuqfEMF-P_Sgk_almkvor49zLXqtRo0MGmxj_c1JZ1oyAClcuLIuNRG378NohOJSTDG5hKvmHYZDA8bXvQCso-kthaV9H6Wpi0hnpG7hCZ71uli35truYR5-CHmqCHNvYglIflyxelk07rloVB2uvehGpaN4bNcQjXOtKZgkPk_U7fdiG_4wDS8UZy4-mm&jb=35322e2668736d75354c6b6e7570266a736f354c6b6e777026687160773f4368706f6d6726687b623f436a72676d67253238313331
Frame ID: 0DDE146013FEC160F724C963A1ED84F4
Requests: 13 HTTP requests in this frame
Frame:
https://content.citadele.lv/NhzYRZIeZhx4ykLf?e97eb678929bef66=880x0mZACn5gpybkcq3jPShdJai-9dbRccqQs1WtBq006sBkvAFGdjE_nZUyf2GjBmISYxa36k0usBHJTUJ8fCPy9JDoh9e8OVh71VdwgLQ5e3B01_m_oQDFQHwu3qLvQhKEFqbetmJE96dEH8_nvnn3yZpb15DdwtbL9KLw2TXDRQvt1q9CcdkIFhKTAs7qroAPLhrnpfAFJkMw9i4
Frame ID: AC5F0A637CC791B6AC49C6BD6C5C05CC
Requests: 1 HTTP requests in this frame
Frame:
https://h.online-metrix.net/FroJffTDt1fxzUqb?1ee7421808cee9e1=sY1BoNl1uwe12aEzfDKQaqPDzJ9WFvHtirAE6TTQT-QDfIlIQ0PPFGFgM42iWWqNGjierxKq4I-ctIzVa9AVx1odlLeEkG4zphkxp2CI41m-jbQnkPr2GvzqMThshT7o4iWAlyjeK8-DYDuc4-1gKs7dS9gGSL6v2-KgO9c1ZXrMKtecn-NDoFPcTz3a9QebQAndwIVvAUzSbvD5lgxd
Frame ID: E57F9A44DA05338DCC9ECEFB0178F98F
Requests: 1 HTTP requests in this frame
Frame:
https://content.citadele.lv/6tMaBsY6TwEzr_FG?cf2d3975754a48aa=ljL6Q_svDXru9bczTniHTI89YMBi5RArJAhZuuq4AEHv4PjNCEOMAdQwA1k-d70aWEaf1NRuyDEGGCVvlpD73nurEc8tpwNzmb2f5l5vU_CnFN5Z6mlia3fDfqGqggqrHWMMwFOo8uhOXUT7Tzflsr2UJpK3DuRexBtpBll4wKuVrr1uB0K32KqPr9XIhjIjwh3FBp8AENZQRw-eKgYt
Frame ID: F1F8C9D9E42BFF42541784A106D8BB68
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Citadele Online BankingPage URL History Show full URLs
-
http://onllne-cltadelle-lv.agpglss.com/
HTTP 307
https://onllne-cltadelle-lv.agpglss.com/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://onllne-cltadelle-lv.agpglss.com/
HTTP 307
https://onllne-cltadelle-lv.agpglss.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 17- https://h.online-metrix.net/KQSLXSdfFfmnUEbU?d5c22607a785e1da=K9RKZ1SxeX-oNrQ2y32OY0qs3Z7AXPCZMD015Hrt-H1KqBR4FKMLrsi1ds9jtn1WRN6vtwNloOyH8GdyvB_IwjSwrs4d4_aiV5-MRboVS6z-8_pzeZ_O_qhm03qZQFBWSgx5vpKtnd9EElAN63NQ7oBs3JJUXoGR2bNkQCR4YgrT8JU HTTP 302
- https://h.online-metrix.net/KQSLXSdfFfmnUEbU?f54b8f335baa4d15=K9RKZ1SxeX-oNrQ2y32OY0qs3Z7AXPCZMD015Hrt-H1KqBR4FKMLrsi1ds9jtn1WRN6vtwNloOyH8GdyvB_IwjSwrs4d4_aiV5-MRboVS6z-8_pzeZ_O_qhm03qZQFBWSgx5vjnXQLQZevWFe3NWxNzs59w&k=2
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
onllne-cltadelle-lv.agpglss.com/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibbf-verrel-121_8_0.css
onllne-cltadelle-lv.agpglss.com/css/ |
160 KB 40 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inline-verrel-121_8_0.js
onllne-cltadelle-lv.agpglss.com/js/ |
419 B 403 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dependencies-verrel-121_8_0.js
onllne-cltadelle-lv.agpglss.com/js/ |
102 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibbf-verrel-121_8_0.js
onllne-cltadelle-lv.agpglss.com/js/ |
107 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-verrel-121_8_0.js
onllne-cltadelle-lv.agpglss.com/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wwQtPMzdY-verrel-121_8_0.js
onllne-cltadelle-lv.agpglss.com/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-verrel-121_8_0.svg
onllne-cltadelle-lv.agpglss.com/images/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iuff8tdmfmfh5x56.js
content.citadele.lv/ |
97 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Material-Design-Iconic-Font.woff2
onllne-cltadelle-lv.agpglss.com/fonts/ |
37 KB 38 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Regular.otf
onllne-cltadelle-lv.agpglss.com/fonts/ |
38 KB 38 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Bold.otf
onllne-cltadelle-lv.agpglss.com/fonts/ |
39 KB 40 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Semibold.otf
onllne-cltadelle-lv.agpglss.com/fonts/ |
39 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fl4gOhP1pd-OWXcU
content.citadele.lv/ Frame 0DDE |
387 KB 68 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
R-YkfB5rvVgRZA4U
content.citadele.lv/ Frame 0DDE |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
onllne-cltadelle-lv.agpglss.com/ |
376 B 522 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
he3h0haiXP-rjdrl
content.citadele.lv/ Frame 0DDE |
81 B 475 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
content.citadele.lv/fp/ Frame 0DDE |
81 B 547 B |
XHR
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KQSLXSdfFfmnUEbU
h.online-metrix.net/ Frame 0DDE Redirect Chain
|
0 398 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NhzYRZIeZhx4ykLf
content.citadele.lv/ Frame AC5F |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ZSYEJr7rAFActKeB
content.citadele.lv/ Frame 0DDE |
0 398 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HLLabgUGKrMBVY4Q
content.citadele.lv/ Frame 0DDE |
134 B 655 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FroJffTDt1fxzUqb
h.online-metrix.net/ Frame E57F |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6tMaBsY6TwEzr_FG
content.citadele.lv/ Frame F1F8 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DtOgnV92EjwhaVYz
h64.online-metrix.net/ Frame 0DDE |
0 399 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ZSYEJr7rAFActKeB
content.citadele.lv/ Frame 0DDE |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
V8nQUc_2Jhe5ufey
aom4xb8t76rl5sulx4hnxf52khfwp2aj4nqz5ijz6271290ad6092fceam1.e.aa.online-metrix.net/ Frame 0DDE |
81 B 438 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9SWHfBV0Drrgh5Pg
content.citadele.lv/ Frame 0DDE |
0 218 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_45bEjJtjDPvMDCh
content.citadele.lv/ Frame 0DDE |
0 400 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ZSYEJr7rAFActKeB
content.citadele.lv/ Frame 0DDE |
0 398 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banka Citadele (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| jQuery function| $ object| wwQtPMzdY function| removeSpaces function| validateForm object| webpackChunk function| jquery function| OnSubmitForm function| tmx_run_page_fingerprinting boolean| tmx_profiling_started function| tmx_post_session_params_fixed string| td_3j3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
content.citadele.lv/ | Name: thx_guid Value: f4cd64536e451bf57ceed093e87c541b |
|
content.citadele.lv/ | Name: tmx_guid Value: AAwvipPlsWYSj4YWv5eCY12PN69ns9KfV6kTABeiw3194IBm1zOIzfluCrbwJpjtglhVWlRcU96VWcwsXsOJe-S6xFPyBg |
|
h.online-metrix.net/ | Name: thx_global_guid Value: 6b0ad0199b7b46b3a7807a52612f9691 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aom4xb8t76rl5sulx4hnxf52khfwp2aj4nqz5ijz6271290ad6092fceam1.e.aa.online-metrix.net
content.citadele.lv
h.online-metrix.net
h64.online-metrix.net
onllne-cltadelle-lv.agpglss.com
193.143.1.123
2620:f3:0:14:b401:8ee8:4321:ad82
91.235.132.130
91.235.133.182
91.235.134.131
0fbbd9c4979663cc47b02dcb3cffe277b327104b123e654b0604248176305ebb
149f3968e8331b93c8fe7d4e29a1d9d38632104c8679b4bf07054bb97ef812b9
1c2a56d45c9424b3249e11658f4e1c820794dd2829222c9c26f8fba2124f3fca
26c0ec6a14723005c3d6731d15f3b33fbae362bfa395dd885eb58c89539d2ca9
33c1bd2bc687afb48261b92c37840991ea60a7527aa389dada9232ca559ea171
57ef0944d5801fd5bbe3521cb3d232c16d10c842ac260917eabfe6c18d5b835d
6b9163e9542dc0a5107c53d8ec318a9d68afb002d4560f9185836e2bb958392e
7335bf08729041ef0dc164cdfd7a8d2c80d23837c83d4ea7b6977f825fa56235
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
af270e5c076e89d72b84e506c5d300b47774e81c850152857a0bce59e3d906ff
c3ccd8bd926647c99b4bb5436ed01b330f633d1464b50d189e4a5367751d6055
d51609cb4e7b43c4383b62590a77afde105e6320a448d0473fb647531bd62582
d5794ec5af63437a244a70be18d8f9c8cfe16b0bef99494f33a26d90c8b0532d
e1a10920dbbb6165c6251f296594c8b27fe3f9c7096a29dcf31958f8884ad052
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c
edc0f0fa41a2c7afa09b7559fa4b6fcb0220a41bd5273249606d605e4468896c
f7a392ec9263fb7c4723cd2b3dd727ecb7abb08080d737fb51d5e2ba59a49e3d