security.barclays-partnerfinance.com Open in urlscan Pro
83.138.133.96 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://security.barclays-partnerfinance.com/
Effective URL:
https://security.barclays-partnerfinance.com/
Submission: On December 09 via manual (December 9th 2022, 2:05:14 pm UTC) from GB — Scanned from GB

Summary HTTP 6 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 83.138.133.96, located in United Kingdom and belongs to RACKSPACE-LON, GB. The main domain is security.barclays-partnerfinance.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on February 15th 2022. Valid for: a year.

This is the only time security.barclays-partnerfinance.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Barclays (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 7	83.138.133.96 83.138.133.96		15395 (RACKSPACE...) (RACKSPACE-LON)
6	2

7 83.138.133.96 (United Kingdom) 1 redirects

ASN15395 (RACKSPACE-LON, GB)

security.barclays-partnerfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	barclays-partnerfinance.com 1 redirects security.barclays-partnerfinance.com	199 KB
6	1

	Domain	Requested by
7	security.barclays-partnerfinance.com	1 redirects security.barclays-partnerfinance.com
6	1

This site contains links to these domains. Also see Links.

Domain
www.barclayspartnerfinance.com

Subject Issuer	Validity	Valid
security.barclays-partnerfinance.com Entrust Certification Authority - L1M	`2022-02-15` - `2023-02-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://security.barclays-partnerfinance.com/
Frame ID: 4CCC8D2EBE029440BB7ACF7A540F66ED
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Identity Service | Barclays Partner Finance

Page URL History Show full URLs

http://security.barclays-partnerfinance.com/ HTTP 302
https://security.barclays-partnerfinance.com/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

199 kB
Transfer

549 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.barclayspartnerfinance.com/
Title: Barclays Partner Finance Opens in a new window

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://security.barclays-partnerfinance.com/ HTTP 302
https://security.barclays-partnerfinance.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
security.barclays-partnerfinance.com/
Redirect Chain

http://security.barclays-partnerfinance.com/
https://security.barclays-partnerfinance.com/

2 KB
2 KB

711ms
59ms

Document
text/html

83.138.133.96
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://security.barclays-partnerfinance.com/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

83.138.133.96 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

03ef221ea89e9a37563df287903ec0ff6186315242130da9aefe2b704993f0a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Content-Encoding: gzip
Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;
Content-Type: text/html; charset=utf-8
Content-Type-Options: nosniff
Date: Fri, 09 Dec 2022 14:05:08 GMT
Frame-Options: DENY
Server: Kestrel
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
XSS-Protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Location: https://security.barclays-partnerfinance.com/
Server: BigIP

GET
H/1.1 200
OK bdl.css
security.barclays-partnerfinance.com/css/ 233 KB
48 KB 56ms
55ms Stylesheet
text/css 83.138.133.96
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://security.barclays-partnerfinance.com/css/bdl.css

Requested by

Host: security.barclays-partnerfinance.com
URL: https://security.barclays-partnerfinance.com/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

83.138.133.96 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

4f8a502c12f898312e9b18b51e018b1f20634d9fed9327f72b65556be5a4c9df

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://security.barclays-partnerfinance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Frame-Options: DENY
Date: Fri, 09 Dec 2022 14:05:08 GMT
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
XSS-Protection: 1; mode=block
Last-Modified: Tue, 26 Jul 2022 22:54:42 GMT
Server: Kestrel
ETag: "1d8a142b12c87d3"
Vary: Accept-Encoding
X-Frame-Options: DENY
Content-Type: text/css
Accept-Ranges: bytes
X-Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;

GET
H/1.1 200
OK app.css
security.barclays-partnerfinance.com/css/ 5 KB
3 KB 136ms
51ms Stylesheet
text/css 83.138.133.96
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://security.barclays-partnerfinance.com/css/app.css

Requested by

Host: security.barclays-partnerfinance.com
URL: https://security.barclays-partnerfinance.com/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

83.138.133.96 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

33427435820f67165bd2de27c7a74c5a02f64cd82de8818d0f7e134d3e325c1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://security.barclays-partnerfinance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Frame-Options: DENY
Date: Fri, 09 Dec 2022 14:05:08 GMT
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
XSS-Protection: 1; mode=block
Last-Modified: Tue, 26 Jul 2022 22:54:39 GMT
Server: Kestrel
ETag: "1d8a142af6573ae"
Vary: Accept-Encoding
X-Frame-Options: DENY
Content-Type: text/css
Accept-Ranges: bytes
X-Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;

GET
H/1.1 200
OK jquery.js Show response
security.barclays-partnerfinance.com/lib/jquery/dist/ 262 KB
103 KB 154ms
55ms Script
application/javascript 83.138.133.96
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://security.barclays-partnerfinance.com/lib/jquery/dist/jquery.js

Requested by

Host: security.barclays-partnerfinance.com
URL: https://security.barclays-partnerfinance.com/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

83.138.133.96 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

03903375e5192415755f63297022c723f882093152a41027d91bd9b612aae403

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://security.barclays-partnerfinance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Frame-Options: DENY
Date: Fri, 09 Dec 2022 14:05:08 GMT
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
XSS-Protection: 1; mode=block
Last-Modified: Tue, 26 Jul 2022 22:54:39 GMT
Server: Kestrel
ETag: "1d8a142af61763b"
Vary: Accept-Encoding
X-Frame-Options: DENY
Content-Type: application/javascript
Accept-Ranges: bytes
X-Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
DATA 200
OK truncated
/ 279 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 763058f8b9ad8867f5de66f96f904aa0309fb875927ae12655da55745b82831b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK expertsans-regular-webfont.woff
security.barclays-partnerfinance.com/fonts/ 21 KB
22 KB 52ms
51ms Font
application/font-woff 83.138.133.96
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://security.barclays-partnerfinance.com/fonts/expertsans-regular-webfont.woff

Requested by

Host: security.barclays-partnerfinance.com
URL: https://security.barclays-partnerfinance.com/css/bdl.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

83.138.133.96 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://security.barclays-partnerfinance.com/css/bdl.css
Origin: https://security.barclays-partnerfinance.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;
Date: Fri, 09 Dec 2022 14:05:08 GMT
X-Content-Type-Options: nosniff
Frame-Options: DENY
X-Powered-By: ASP.NET
Content-Type-Options: nosniff
Content-Length: 21924
X-XSS-Protection: 1; mode=block
XSS-Protection: 1; mode=block
Last-Modified: Tue, 26 Jul 2022 22:54:42 GMT
Server: Kestrel
ETag: "1d8a142b12f70a4"
X-Frame-Options: DENY
Content-Type: application/font-woff
Accept-Ranges: bytes
X-Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;

GET
H/1.1 200
OK expertsans-light-webfont.woff
security.barclays-partnerfinance.com/fonts/ 21 KB
22 KB 41ms
41ms Font
application/font-woff 83.138.133.96
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://security.barclays-partnerfinance.com/fonts/expertsans-light-webfont.woff

Requested by

Host: security.barclays-partnerfinance.com
URL: https://security.barclays-partnerfinance.com/css/bdl.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

83.138.133.96 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

cfd7fb9f4a18ffee0a0c870a6a43435d7cb9678f7f56f67bef0ba433f14e766e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://security.barclays-partnerfinance.com/css/bdl.css
Origin: https://security.barclays-partnerfinance.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;
Date: Fri, 09 Dec 2022 14:05:08 GMT
X-Content-Type-Options: nosniff
Frame-Options: DENY
X-Powered-By: ASP.NET
Content-Type-Options: nosniff
Content-Length: 21852
X-XSS-Protection: 1; mode=block
XSS-Protection: 1; mode=block
Last-Modified: Tue, 26 Jul 2022 22:54:39 GMT
Server: Kestrel
ETag: "1d8a142af6534dc"
X-Frame-Options: DENY
Content-Type: application/font-woff
Accept-Ranges: bytes
X-Content-Security-Policy: default-src 'self' 'unsafe-inline' data:;

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Barclays (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
security.barclays-partnerfinance.com/	1970-01-20 08:03:14	Name: ADRUM_BTa Value: R%3A0%7Cg%3A32bf6cff-1874-4248-bb90-a88c7b4bbaf3%7Cn%3APCB_27bb472a-9d31-478b-a885-38f9e05ae8ff
security.barclays-partnerfinance.com/	1970-01-20 08:03:14	Name: SameSite Value: None
security.barclays-partnerfinance.com/	1970-01-20 08:03:14	Name: ADRUM_BT1 Value: R%3A0%7Ci%3A1230377%7Ce%3A70

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Security-Policy	default-src 'self' 'unsafe-inline' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

security.barclays-partnerfinance.com
83.138.133.96
03903375e5192415755f63297022c723f882093152a41027d91bd9b612aae403
03ef221ea89e9a37563df287903ec0ff6186315242130da9aefe2b704993f0a2
33427435820f67165bd2de27c7a74c5a02f64cd82de8818d0f7e134d3e325c1e
4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f
4f8a502c12f898312e9b18b51e018b1f20634d9fed9327f72b65556be5a4c9df
763058f8b9ad8867f5de66f96f904aa0309fb875927ae12655da55745b82831b
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
cfd7fb9f4a18ffee0a0c870a6a43435d7cb9678f7f56f67bef0ba433f14e766e
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6

security.barclays-partnerfinance.com Open in urlscan Pro 83.138.133.96 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

199 kBTransfer

549 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

security.barclays-partnerfinance.com Open in urlscan Pro
83.138.133.96 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

199 kB
Transfer

549 kB
Size

3
Cookies

6 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!