n3plvcpnl361107.prod.ams3.secureserver.net
Open in
urlscan Pro
160.153.179.162
Malicious Activity!
Public Scan
URL:
https://n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/
Submission: On May 01 via manual from GB
Submission: On May 01 via manual from GB
Summary
This website contacted 4 IPs
in 2 countries
across 3 domains to perform 42 HTTP transactions.
The main IP is 160.153.179.162, located in
Scottsdale, United States and
belongs to GODADDY-AMS, DE.
The main domain is n3plvcpnl361107.prod.ams3.secureserver.net.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on January 14th 2020. Valid for: 2 years.
This is the only time n3plvcpnl361107.prod.ams3.secureserver.net was scanned on urlscan.io!
TLS certificate: Issued by Starfield Secure Certificate Authorit... on January 14th 2020. Valid for: 2 years.
This is the only time n3plvcpnl361107.prod.ams3.secureserver.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Barclays (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 37 | 160.153.179.162 160.153.179.162 | 21501 (GODADDY-AMS) (GODADDY-AMS) | |
| 3 | 104.108.68.189 104.108.68.189 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 1 | 13.80.15.62 13.80.15.62 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 42 | 4 |
37
160.153.179.162
(Scottsdale, United States)
ASN21501 (GODADDY-AMS, DE)
PTR: ip-160-153-179-162.ip.secureserver.net
ASN21501 (GODADDY-AMS, DE)
PTR: ip-160-153-179-162.ip.secureserver.net
| n3plvcpnl361107.prod.ams3.secureserver.net |
3
104.108.68.189
(Netherlands)
ASN16625 (AKAMAI-AS, US)
PTR: a104-108-68-189.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-108-68-189.deploy.static.akamaitechnologies.com
| bank.barclays.co.uk |
1
13.80.15.62
(Amsterdam, Netherlands)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| cfr.eu.v2.we-stats.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 37 |
secureserver.net
n3plvcpnl361107.prod.ams3.secureserver.net |
467 KB |
| 3 |
barclays.co.uk
bank.barclays.co.uk |
15 KB |
| 1 |
we-stats.com
cfr.eu.v2.we-stats.com |
538 B |
| 42 | 3 |
| Domain | Requested by | |
|---|---|---|
| 37 | n3plvcpnl361107.prod.ams3.secureserver.net |
n3plvcpnl361107.prod.ams3.secureserver.net
|
| 3 | bank.barclays.co.uk |
n3plvcpnl361107.prod.ams3.secureserver.net
|
| 1 | cfr.eu.v2.we-stats.com |
n3plvcpnl361107.prod.ams3.secureserver.net
|
| 42 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| status.uk.barclays |
| www.barclays.co.uk |
| bank.barclays.co.uk |
| www.lendingstandardsboard.org.uk |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.prod.ams3.secureserver.net Starfield Secure Certificate Authority - G2 |
2020-01-14 - 2022-01-14 |
2 years | crt.sh |
| bank.barclays.co.uk Entrust Certification Authority - L1M |
2020-01-30 - 2021-01-30 |
a year | crt.sh |
| *.eu.v2.we-stats.com COMODO RSA Domain Validation Secure Server CA |
2018-10-25 - 2020-10-24 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/
Frame ID: 0461C1349D902E022563D2E7023C8D8E
Requests: 42 HTTP requests in this frame
17 Outgoing links
These are links going to different origins than the main page.
URL: https://status.uk.barclays/
Title: Service status
Title: Service status
Search URL Search Domain Scan URL
URL: http://www.barclays.co.uk/Contactus/Contactus/P1242561757335
Title: Contact us
Title: Contact us
Search URL Search Domain Scan URL
URL: http://www.barclays.co.uk/security
Title: Security
Title: Security
Search URL Search Domain Scan URL
URL: http://www.barclays.co.uk/accessibility/
Title: Accessibility
Title: Accessibility
Search URL Search Domain Scan URL
URL: http://www.barclays.co.uk/
Search URL Search Domain Scan URL
URL: https://bank.barclays.co.uk/olb/registration/registerAppContainer.do
Title: Register now
Title: Register now
Search URL Search Domain Scan URL
URL: https://bank.barclays.co.uk/olb/authlogin/loginAppContainer.do#/cookiePref
Title: cookies policy
Title: cookies policy
Search URL Search Domain Scan URL
URL: https://bank.barclays.co.uk/olb/authlogin/loginAppContainer.do
Title: Less
Title: Less
Search URL Search Domain Scan URL
URL: https://www.barclays.co.uk/help/online-banking/login/setup-passcode-word/
Title: find out how
Title: find out how
Search URL Search Domain Scan URL
URL: https://www.barclays.co.uk/help/mobile-banking/pinsentry/info/
Title: www.barclays.co.uk/help/mobile-banking/pinsentry/info/
Title: www.barclays.co.uk/help/mobile-banking/pinsentry/info/
Search URL Search Domain Scan URL
URL: https://www.barclays.co.uk/help/contact-us/
Title: contact us
Title: contact us
Search URL Search Domain Scan URL
URL: http://www.barclays.co.uk/Protection/FinancialServicesCompensationSchemeFSCS/P1242618503681
Title:
Title:
Search URL Search Domain Scan URL
URL: http://www.barclays.co.uk/P1242680796797
Title: Cookies - updated
Title: Cookies - updated
Search URL Search Domain Scan URL
URL: https://www.barclays.co.uk/ways-to-bank/mobile-banking-app/
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.lendingstandardsboard.org.uk/
Title: www.lendingstandardsboard.org.uk
Title: www.lendingstandardsboard.org.uk
Search URL Search Domain Scan URL
URL: http://www.barclays.co.uk/Security/ISO27001certification/P1242561780370
Search URL Search Domain Scan URL
URL: https://www.barclays.co.uk/wealth-management/important-information-uk-international/
Title: Important Information
Title: Important Information
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
42 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/ |
47 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
detector-beacon.min.js.download
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
126 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rolb_1_0.css
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
54 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rolb_grid_1_0.css
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
40 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
authlogin_1_0.css
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
authlogin_2_0.css
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
18 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
idap.modal.css
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
448 B 347 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.bootstrap.min.js.download
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
11 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
barclays-logo.png
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1321077818816-card_number_card.jpg
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1438591882481-fscs_228.jpg
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
16 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1321077896363-AppleStore.jpg
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1321077920163-GooglePlay.jpg
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1321217916907-bsikitemarklogo.png
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1321217916492-iso27001footer.JPG
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
24 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1321217918424-cyberfooter.jpg
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login-rolb.min.js.download
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
368 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mbox.js.download
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
29 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s_codecookies.js.download
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
51 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular-rolb.min.js.download
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
129 KB 48 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
6bb5a42d.min.js.download
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
340 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ajax
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
990 B 554 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ajax(1)
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
680 B 403 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ajax(2)
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
696 B 408 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rolb_1_0.css
n3plvcpnl361107.prod.ams3.secureserver.net/authlogin/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rolb_grid_1_0.css
n3plvcpnl361107.prod.ams3.secureserver.net/authlogin/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
authlogin_1_0.css
n3plvcpnl361107.prod.ams3.secureserver.net/authlogin/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
authlogin_2_0.css
n3plvcpnl361107.prod.ams3.secureserver.net/authlogin/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
idap.modal.css
n3plvcpnl361107.prod.ams3.secureserver.net/authlogin/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
barclays-logo.gif
bank.barclays.co.uk/authlogin/img/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
radio.png
bank.barclays.co.uk/authlogin/img/rolb/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
expertsans-bold-webfont.woff
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
20 KB 20 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
expertsans-regular-webfont.woff
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
21 KB 21 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ftb-new-login-icons.woff
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
2 KB 2 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
expertsans-light-webfont.woff
n3plvcpnl361107.prod.ams3.secureserver.net/~rmr7nwp35z3v/1/Step%201%20-%20Who%20are%20you_%20-%20Barclays%20Online%20Banking_files/ |
22 KB 22 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s_codecookies.js
n3plvcpnl361107.prod.ams3.secureserver.net/js/sitecatalyst/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular-rolb.min.js
n3plvcpnl361107.prod.ams3.secureserver.net/authlogin/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
6bb5a42d.min.js
n3plvcpnl361107.prod.ams3.secureserver.net/js/bc/2.8.1/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
checkbox.png
bank.barclays.co.uk/authlogin/img/rolb/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
5f80b7b5-bcb5-4e86-b917-5551ed2ddcb5
https://n3plvcpnl361107.prod.ams3.secureserver.net/ |
139 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cr.png
cfr.eu.v2.we-stats.com/api/v1/ |
0 538 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cls_rpt.gif
n3plvcpnl361107.prod.ams3.secureserver.net/ftb/img/clarisite/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Barclays (Banking)182 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| s_account string| pathref object| eventEncodingUtils object| beaconEncodingManager object| _detector boolean| ie8 object| login boolean| wealthValue boolean| wealthSwitch boolean| privateBankValue boolean| privateBankSwitch boolean| contactUsSwitch boolean| ppiSwitch boolean| ppiCheckerSwitch boolean| ppiCommissionComplaintSwitch boolean| ppiUrlSwitch boolean| cp1620Day2Switch boolean| barclaysDirectInvesting boolean| multiaddress boolean| multipreviousname boolean| addressLookUpSwitch string| serverDate string| dLink string| adobeDtmSwitch string| wealthType boolean| bcEnabled string| bcSlothInc boolean| bioCatch2 string| bcSlothVer string| bcSlothcdAPI string| bcSlothEngineI boolean| clarisiteSwitch boolean| digitalDataSwitch boolean| tntSwitch boolean| isSolusSwitch boolean| siCredentialResetSwitch boolean| mortgageMasterSwitch boolean| mortgageFLDSwitch boolean| mortgageLockedOutSwitchValue boolean| mortgagePasscodeSwitch boolean| serviceStatusSwitch boolean| registrationRedirectSwitch boolean| speedyRegistrationRedirectSwitch boolean| ppiSc655Switch boolean| complexPPICheckSwitch boolean| checkMarxHighVulnerabilitySwitch boolean| lowVulnerabilitySwitch boolean| psd2ScaLoginSwitch object| browser_detect function| mboxDefine function| mboxUpdate object| card_inputs function| isNumberKey function| getElementsByClassName function| getTextContent function| scFixed function| scFixed1Tag function| scAppendWholeTag function| scLowRankTag function| scProductsTag function| scSetLinkNameTag function| scCombinedP123 function| scRemap function| tagPageView function| tagAjaxContent function| tagQueryContents function| setFromClickTagsFTB function| scLinkTrack function| scLinkTrackError function| dcsMultiTrack function| scMeta function| scSetInitial function| scSetDerived function| isLoginPage function| isHomePage function| scSetHelpCardButtons function| scCleanUpEvents function| scLoginPagesTracking function| scCleanUp function| scSetValidationErrorMessage function| fireLoadEvent function| scSetErrorMessage function| scSetErrorServiceMessage function| scSetImpressions function| scSetLOGIN_METHOD function| scSetLOGIN_MECHANISM function| scSetLoginEvents function| scSetDeepLink function| scSetdcsuri function| scSetProducts function| scSetView function| getProp34 function| scSetPurchaseTracking function| scSetActivityTracking function| scSetLoginReg function| scSetPageName function| isMultipleSavedUsers function| scSetEvents function| scSetDcsvid function| scBarclaysCookieConsent function| scMapTag function| scSetTag function| scAddTag function| scUpdateLinkTrack function| scSaveBasePageName function| scRestoreBasePageName function| scSaveTakeoverPageName function| scRestoreTakeoverPageName undefined| authloginDigitalData undefined| dcs2sc undefined| scBasePageName undefined| scTakeoverPageName undefined| _self undefined| Prism string| mboxCopyright object| TNT number| mboxVersion object| mboxFactories object| mboxFactoryDefault function| mboxLoadSCPlugin function| mboxTrack function| mboxTrackLink function| tt_Log function| tt_Redirect object| cmid function| mboxUrlBuilder function| mboxStandardFetcher function| mboxAjaxFetcher function| mboxMap function| mboxFactory function| mboxSignaler function| mboxList function| mboxLocatorDefault function| mboxLocatorNode function| mboxCreate function| mbox function| mboxOfferContent function| mboxOfferAjax function| mboxOfferDefault function| mboxCookieManager function| mboxSession function| mboxPC function| mboxGetPageParameter function| mboxSetCookie function| mboxGetCookie function| mboxCookiePageDomain function| mboxShiftArray function| mboxGenerateId function| mboxScreenHeight function| mboxScreenWidth function| mboxBrowserWidth function| mboxBrowserHeight function| mboxBrowserTimeOffset function| mboxScreenColorDepth function| mboxBarclaysCookieConsent object| reason function| mboxScPluginFetcher function| mboxVizTargetUrl string| s_code object| dataLayer object| s function| s_doPlugins undefined| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| angular number| ng339 object| cdApi undefined| mboxCurrent5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .secureserver.net/ | Name: bmuid Value: 1588339700244-AED4E41D-8B95-497C-A947-42899CBF9EFB |
|
| .secureserver.net/ | Name: cdContextId Value: 1 |
|
| .secureserver.net/ | Name: mbox Value: check#true#1588339761|session#1588339700125-161029#1588341561 |
|
| n3plvcpnl361107.prod.ams3.secureserver.net/ | Name: _cls_s Value: fae7f817-81b4-437a-922f-2c6d3f738e12:0 |
|
| n3plvcpnl361107.prod.ams3.secureserver.net/ | Name: _cls_v Value: 7347e24b-49a2-4de8-b727-6de73a547743 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bank.barclays.co.uk
cfr.eu.v2.we-stats.com
n3plvcpnl361107.prod.ams3.secureserver.net
104.108.68.189
13.80.15.62
160.153.179.162
03c2526a71f8b178491bca3226f69d72a28aa606133527c00b28adab490f940d
0f7f7e8651924c5fdd69e59e71a4b63f3151f4a1245a4006efa044cb13cc5e81
1623b90c49364beea0bb2070ea49ecf535e458f0638df3179592424149ec4e8e
2355be5ecf46790b451d5fa78bf5f7ffee99d07783236e5882c7379ccafd1164
2dc489891283091c53d8dd7cc4e1394264a643e6ff56156dac9bfee5180e284d
339d0cbe080a10572baa3eee9716ae9a40a82ed4875fb8f71ec4ca7ab01035e9
34017ba01d2d2d24d61764d03384014d3e23239dad55bafde38b4f7c60d77aa6
3a059a66277e8a87067c50187849c9f65817c72873f8c71785d08f4023a6b9f3
43e8d28010d5185e1ed218db5b7c537251f019713b02464fd3b6be08b65751e1
4443260f173a9227f2afb899b9e4337b364bcf78df56c322d6c19e4a6edf01d6
4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f
4fc2add0faa827df0206c77041030aa53f2419f2ceb5178757f3bcfc157eeb2c
52aa6e020c0bb612dd9221d801a3ebda86836e047dbd30e21069248669061cbb
5979b1ba1c7fc526ff0279f8a3ecd43eafb75541574ab1077c8887730376f8a0
5dc9a0b5fea13c3dd69f601e55e00d8736dbe904fd1b05d325688bbb264d433e
7a18e1208bc37062e903d7ff94cd3d69a8c642590e42d55a2b5504417093deee
84c858297d140080df2011346dee575ec7c5f0a7d016a50f21f7cbfb2cd998f0
90326fd2ae35b37049ca9b624acb2b698be96a509f3619cf647d686433eaaa15
92825077634dd66a5257fc1b2a872f0228fdc6b16cd0696c9b6b77b330dd901c
a16e2391b52925f1fff9ca218d1dea533eccffd4e55d81294fc73f784b908bfa
adeb37a325b72a5382a603c575caf390f1fe968f60a266679c18bf6ff61317cc
b8e1ee5c329e767aa64923d017914e3499037896708919ade5304b46982d6ce6
c3b576a4b5b225f0e9585f87e6ed87dace407c3d0b02a6042a6d6f44256ff017
cdc8b52c9402b72ef9c698027c0d2ea63058ed98b832a31d3ac57c9e7f8b35ed
d6d325486e2e9e48d5b5b3401827b76f3d02113249d436e8efb9b878219cb3d0
d9389dd01f846211d963719de058e6d3133a0fb74d228a83e342b2f7ad885e9a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4917d5cbb0cc145accf3813e7aa4a3c68cb837a04310a9278e5fefabce495ff
ed6604f7293bcfe87ee03795e418c40cb40a96444a320d45bb97dfdcf40a14b8
effa2f551ae3f572384002e36028aa1e85544462f42c28065731284e8f81bfcd
f56f823e0bd75388778cbccca78bcf7453c2c03c889274da7b47eebbc37b86b5
f64396f7ed14747c7ba07bb0a52f3bb69b6dba4b3c5f7abb15cf594142d708cd
f7095bce686f681097b7736f3fdda5bef94dda62adf60cb05cc357cdf57d8042
fa4a7f12f0e14cc6a4d1c78536fb2d3eb1b456c9e81a04ec74adf1bfac314252