![](/screenshots/75ddbb58-82ab-4797-ab2d-a32202e21ceb.png)
security.barclays-partnerfinance.com
Open in
urlscan Pro
83.138.133.96
Malicious Activity!
Public Scan
Effective URL: https://security.barclays-partnerfinance.com/
Submission: On December 09 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by Entrust Certification Authority - L1M on February 15th 2022. Valid for: a year.
This is the only time security.barclays-partnerfinance.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Barclays (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 83.138.133.96 83.138.133.96 | 15395 (RACKSPACE...) (RACKSPACE-LON) | |
6 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
barclays-partnerfinance.com
1 redirects
security.barclays-partnerfinance.com |
199 KB |
6 | 1 |
Domain | Requested by | |
---|---|---|
7 | security.barclays-partnerfinance.com |
1 redirects
security.barclays-partnerfinance.com
|
6 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.barclayspartnerfinance.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
security.barclays-partnerfinance.com Entrust Certification Authority - L1M |
2022-02-15 - 2023-02-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://security.barclays-partnerfinance.com/
Frame ID: 4CCC8D2EBE029440BB7ACF7A540F66ED
Requests: 9 HTTP requests in this frame
Screenshot
![](/screenshots/75ddbb58-82ab-4797-ab2d-a32202e21ceb.png)
Page Title
Identity Service | Barclays Partner FinancePage URL History Show full URLs
-
http://security.barclays-partnerfinance.com/
HTTP 302
https://security.barclays-partnerfinance.com/ Page URL
Detected technologies
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Barclays Partner Finance Opens in a new window
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://security.barclays-partnerfinance.com/
HTTP 302
https://security.barclays-partnerfinance.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
security.barclays-partnerfinance.com/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bdl.css
security.barclays-partnerfinance.com/css/ |
233 KB 48 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
security.barclays-partnerfinance.com/css/ |
5 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
security.barclays-partnerfinance.com/lib/jquery/dist/ |
262 KB 103 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
279 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
expertsans-regular-webfont.woff
security.barclays-partnerfinance.com/fonts/ |
21 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
expertsans-light-webfont.woff
security.barclays-partnerfinance.com/fonts/ |
21 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Barclays (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
security.barclays-partnerfinance.com/ | Name: ADRUM_BTa Value: R%3A0%7Cg%3A32bf6cff-1874-4248-bb90-a88c7b4bbaf3%7Cn%3APCB_27bb472a-9d31-478b-a885-38f9e05ae8ff |
|
security.barclays-partnerfinance.com/ | Name: SameSite Value: None |
|
security.barclays-partnerfinance.com/ | Name: ADRUM_BT1 Value: R%3A0%7Ci%3A1230377%7Ce%3A70 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' 'unsafe-inline' data:; |
X-Content-Security-Policy | default-src 'self' 'unsafe-inline' data:; |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
security.barclays-partnerfinance.com
83.138.133.96
03903375e5192415755f63297022c723f882093152a41027d91bd9b612aae403
03ef221ea89e9a37563df287903ec0ff6186315242130da9aefe2b704993f0a2
33427435820f67165bd2de27c7a74c5a02f64cd82de8818d0f7e134d3e325c1e
4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f
4f8a502c12f898312e9b18b51e018b1f20634d9fed9327f72b65556be5a4c9df
763058f8b9ad8867f5de66f96f904aa0309fb875927ae12655da55745b82831b
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
cfd7fb9f4a18ffee0a0c870a6a43435d7cb9678f7f56f67bef0ba433f14e766e
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6