helpdesk-online-review.web.app
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Effective URL: https://helpdesk-online-review.web.app/
Submission: On November 23 via api from GB — Scanned from GB
Summary
TLS certificate: Issued by GTS CA 1D4 on November 13th 2023. Valid for: 3 months.
This is the only time helpdesk-online-review.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Barclays (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
5 | 184.30.221.102 184.30.221.102 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
4 | 2a00:1450:400... 2a00:1450:4001:808::2003 | 15169 (GOOGLE) (GOOGLE) | |
6 | 2a00:1450:400... 2a00:1450:4001:810::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::2003 | 15169 (GOOGLE) (GOOGLE) | |
28 | 6 |
ASN16625 (AKAMAI-AS, US)
PTR: a184-30-221-102.deploy.static.akamaitechnologies.com
bank.barclays.co.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
web.app
helpdesk-online-review.web.app |
120 KB |
7 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
625 KB |
5 |
barclays.co.uk
bank.barclays.co.uk — Cisco Umbrella Rank: 172730 |
263 KB |
4 |
recaptcha.net
www.recaptcha.net — Cisco Umbrella Rank: 1361 |
38 KB |
28 | 4 |
Domain | Requested by | |
---|---|---|
10 | helpdesk-online-review.web.app |
helpdesk-online-review.web.app
|
6 | www.gstatic.com |
www.recaptcha.net
www.gstatic.com |
5 | bank.barclays.co.uk | |
4 | www.recaptcha.net |
helpdesk-online-review.web.app
www.gstatic.com www.recaptcha.net |
1 | fonts.gstatic.com |
www.recaptcha.net
|
28 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
status.uk.barclays |
www.barclays.co.uk |
www.bsigroup.com |
www.iso.org |
www.fscs.org.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2023-11-13 - 2024-02-11 |
3 months | crt.sh |
bank.barclays.co.uk DigiCert SHA2 Extended Validation Server CA |
2023-07-13 - 2024-08-08 |
a year | crt.sh |
misc.google.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://helpdesk-online-review.web.app/
Frame ID: 6B7B34B00B17D1DA4BB632656D6D287F
Requests: 21 HTTP requests in this frame
Frame:
https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LewA0whAAAAADjcAgI_4aWI167ZFEgAEXP3yGE_&co=aHR0cHM6Ly9oZWxwZGVzay1vbmxpbmUtcmV2aWV3LndlYi5hcHA6NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&theme=light&size=normal&badge=bottomright&cb=wyocpff3dlo0
Frame ID: 13AB91078FCEBD4D6DA7314CAD64B11D
Requests: 8 HTTP requests in this frame
Frame:
https://www.recaptcha.net/recaptcha/api2/bframe?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LewA0whAAAAADjcAgI_4aWI167ZFEgAEXP3yGE_
Frame ID: 2FCEC5111C12914A887DAEAA88655658
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Account SecurityPage URL History Show full URLs
-
http://helpdesk-online-review.web.app/
HTTP 307
https://helpdesk-online-review.web.app/ Page URL
Detected technologies
Nuxt.js (JavaScript Frameworks) ExpandDetected patterns
- /_nuxt/
reCAPTCHA (Captchas) Expand
Detected patterns
- /recaptcha/api\.js
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Service status
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: See our cookies policy
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://helpdesk-online-review.web.app/
HTTP 307
https://helpdesk-online-review.web.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
helpdesk-online-review.web.app/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6.fa74c84fb2ae86a5913e4.081255204107097.js
helpdesk-online-review.web.app/_nuxt/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.8af87b42cbe6a80fdac24.640530379685622.js
helpdesk-online-review.web.app/_nuxt/ |
199 KB 61 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.e490724aabad5857c3a74.640530379685622.js
helpdesk-online-review.web.app/_nuxt/ |
94 KB 23 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.8013dc456cbd7e7e8b984.640530379685622.js
helpdesk-online-review.web.app/_nuxt/ |
119 B 205 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.f363a7ced2244df4c74d4.640530379685622.js
helpdesk-online-review.web.app/_nuxt/ |
30 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8.72709b7cdef6071337884.640530379685622.js
helpdesk-online-review.web.app/_nuxt/ |
22 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.150ac32a49ed030e7ead4.640530379685622.js
helpdesk-online-review.web.app/_nuxt/ |
99 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ownerInfo.json
helpdesk-online-review.web.app/files/ |
32 B 348 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
9.93613e8432b45add57f34.640530379685622.js
helpdesk-online-review.web.app/_nuxt/ |
1 KB 873 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mark-of-trust-kitemark-logo.png
bank.barclays.co.uk/OLB/A/Content/Images/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mark-of-trust-certified-logo.png
bank.barclays.co.uk/OLB/A/Content/Images/ |
46 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Cyber-Essentials-Plus-logo.png
bank.barclays.co.uk/OLB/A/Content/Images/ |
166 KB 166 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-fscs.png
bank.barclays.co.uk/OLB/A/Content/Images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Padlock_icon.svg
bank.barclays.co.uk/authlogin/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
expert-sans-regular.woff
bank.barclays.co.uk/authlogin/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
expert-sans-light.woff
bank.barclays.co.uk/authlogin/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.recaptcha.net/recaptcha/ |
1 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ |
465 KB 187 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.recaptcha.net/recaptcha/api2/ Frame 13AB |
62 KB 36 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 13AB |
55 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 13AB |
465 KB 186 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 13AB |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 13AB |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 13AB |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 13AB |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webworker.js
www.recaptcha.net/recaptcha/api2/ Frame 13AB |
102 B 133 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bframe
www.recaptcha.net/recaptcha/api2/ Frame 2FCE |
7 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 2FCE |
55 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 2FCE |
465 KB 186 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- bank.barclays.co.uk
- URL
- https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-regular.woff
- Domain
- bank.barclays.co.uk
- URL
- https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-light.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Barclays (Banking)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| documentPictureInPicture object| __NUXT__ object| webpackJsonp function| installComponents object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| $nuxt function| recaptchaSuccessCallback function| recaptchaExpiredCallback function| recaptchaErrorCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_4873630 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bank.barclays.co.uk
fonts.gstatic.com
helpdesk-online-review.web.app
www.gstatic.com
www.recaptcha.net
bank.barclays.co.uk
184.30.221.102
2620:0:890::100
2a00:1450:4001:808::2003
2a00:1450:4001:810::2003
2a00:1450:4001:812::2003
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0fb870e121e81de8d5d3b58af6d40937d832fdf7fd877365b3934d39da3977fb
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e
374eeb6322e889ad01c36c6258cde813b4cd77079e50bd86c12167f7a14f166c
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
53658b0d2d395aad315abf3906b9e9a95f9601727b9df0630b9cd87e6c90a0f2
6599f490bd223c95b72fa02f831a18742f39bfad43863ec035d4cb78256d8918
6a5a85e9a92c295239ca87b5de403b111609ecb03984b50720e89e308db8ad49
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
883b3a3ffd23e36fff630d67295247a0b1e1c5cd2b119f41c16c1d9e04502f49
890910ea7ff6e5484f37a80f492f03b7c6a49ce73089d732de137ec4f968bacc
89f8d0915e2983c5690e711d23db81c7f93f0592bff8e1b4a67e354a77d6c16a
8dff8dbc40136bccc276a19930313b495d3a1b1658385bbecab0d934a6855b57
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
9526a25b90b67dad9f246dd043b416968c556231330de5cc7ba232cdb9ac2f54
99fe52487828b385970404686383622536432c7480a768a4010f893c8c607761
ae8a67d15a26788cd72dc997f1726ff5e6c9449df37329a9b6ba5c20da09b18e
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
b59f71d2008f96b770c291ae5c015b7a185e5e2550f1e2659f22b62ac413f0a5
b62f36160407c81030404ab242125afd42fa0da6626ef11e5f406dda12acf144
b735a699010f8461e2c3655523e2a789d3c711f7e9c99f85ae6d8ba126b718b8
cfb4f173773e27492a29df5d845616dc8e277f27a3f7c844f1ae456f95393c49
defd5a8d9767384c686e16eb51f453c712ad2706eab6caa43cf718536e3750cb
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6