online-reviewpayee11.com
Open in
urlscan Pro
185.156.72.17
Malicious Activity!
Public Scan
Submission: On July 11 via automatic, source openphish — Scanned from DE
Summary
This is the only time online-reviewpayee11.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Barclays (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 185.156.72.17 185.156.72.17 | 61432 (VAIZ-AS I...) (VAIZ-AS ITBks892) | |
3 | 2600:9000:211... 2600:9000:2117:e00:7:2bfb:7c00:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 104.79.34.107 104.79.34.107 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
2 2 | 2600:9000:211... 2600:9000:2117:2e00:7:2bfb:7c00:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 3.126.145.180 3.126.145.180 | 16509 (AMAZON-02) (AMAZON-02) | |
29 | 6 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-79-34-107.deploy.static.akamaitechnologies.com
bank.barclays.co.uk |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-145-180.eu-central-1.compute.amazonaws.com
collect.tealiumiq.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
barclays.co.uk
bank.barclays.co.uk — Cisco Umbrella Rank: 158359 |
596 KB |
5 |
tiqcdn.com
2 redirects
tags.tiqcdn.com — Cisco Umbrella Rank: 1029 |
54 KB |
4 |
online-reviewpayee11.com
online-reviewpayee11.com |
17 KB |
1 |
tealiumiq.com
collect.tealiumiq.com — Cisco Umbrella Rank: 2908 |
526 B |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 749 |
83 KB |
29 | 5 |
Domain | Requested by | |
---|---|---|
17 | bank.barclays.co.uk |
online-reviewpayee11.com
bank.barclays.co.uk |
5 | tags.tiqcdn.com |
2 redirects
online-reviewpayee11.com
|
4 | online-reviewpayee11.com |
online-reviewpayee11.com
code.jquery.com |
1 | collect.tealiumiq.com |
tags.tiqcdn.com
|
1 | code.jquery.com |
online-reviewpayee11.com
|
29 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.barclays.co.uk |
status.uk.barclays |
www.bsigroup.com |
www.iso.org |
www.fscs.org.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
tags.tiqcdn.com Amazon RSA 2048 M01 |
2023-04-18 - 2024-05-17 |
a year | crt.sh |
bank.barclays.co.uk DigiCert SHA2 Extended Validation Server CA |
2022-08-09 - 2023-08-09 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
*.tealiumiq.com Amazon RSA 2048 M02 |
2023-02-10 - 2023-09-23 |
7 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://online-reviewpayee11.com/
Frame ID: 63F76CEF4F264EB663F18A04C116ECCA
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
Step 1 - Who are you? - Barclays Online BankingTickDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- \bangular.{0,32}\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: Secure
Search URL Search Domain Scan URL
Title: status.uk.barclays
Search URL Search Domain Scan URL
Title: find out how
Search URL Search Domain Scan URL
Title: www.barclays.co.uk/help/mobile-banking/pinsentry/info/
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: See our cookies policy
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 25- http://tags.tiqcdn.com/utag/barclaysuk/barclays-olb/prod/utag.34.js?utv=ut4.46.202110221035 HTTP 301
- https://tags.tiqcdn.com/utag/barclaysuk/barclays-olb/prod/utag.34.js?utv=ut4.46.202110221035
- http://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=barclaysuk/barclays-olb/202110221035&cb=1689103490680 HTTP 301
- https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=barclaysuk/barclays-olb/202110221035&cb=1689103490680
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
online-reviewpayee11.com/ |
69 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
tags.tiqcdn.com/utag/barclaysuk/barclays-olb/prod/ |
220 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bdlLogin-dss-jquery-libraries.min.js
online-reviewpayee11.com/authlogin/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.wp.js
bank.barclays.co.uk//authlogin/lib/ |
98 KB 98 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/ |
105 KB 39 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular-route.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular-sanitize.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/ |
4 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdlLogin-rolb-dss.min.js
bank.barclays.co.uk//authlogin/ |
256 KB 66 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdlLogin-libraries.min.js
bank.barclays.co.uk//authlogin/ |
71 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdlLogin-rolb-app.min.js
bank.barclays.co.uk//authlogin/ |
301 KB 82 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s_codecookies.js
bank.barclays.co.uk//js/sitecatalyst/ |
52 KB 20 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6bb5a42d.min.js
bank.barclays.co.uk//js/bc/2.8.1/ |
340 KB 88 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.js
code.jquery.com/ |
281 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rolb-theme-2-0.css
bank.barclays.co.uk/authlogin/css/ |
333 KB 68 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authlogin-bdl.min.css
bank.barclays.co.uk/authlogin/css/ |
45 KB 45 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1321217916907-bsikitemarklogo.png
bank.barclays.co.uk/OLB/A/Content/Images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1321217916492-iso27001footer.JPG
bank.barclays.co.uk/OLB/A/Content/Images/ |
24 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1321217918424-cyberfooter.jpg
bank.barclays.co.uk/OLB/A/Content/Images/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-fscs.png
bank.barclays.co.uk/OLB/A/Content/Images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bdlLogin.bootstrap.min.js
bank.barclays.co.uk/authlogin/ |
19 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
7a6c8c6b-d031-42b3-a1d1-554d41d7272b
http://online-reviewpayee11.com/ |
139 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Padlock_icon.svg
bank.barclays.co.uk/authlogin/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
expert-sans-regular.woff
bank.barclays.co.uk/authlogin/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
expert-sans-light.woff
bank.barclays.co.uk/authlogin/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.34.js
tags.tiqcdn.com/utag/barclaysuk/barclays-olb/prod/ Redirect Chain
|
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
event
collect.tealiumiq.com/ |
0 526 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ Redirect Chain
|
2 B 431 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
activity.php
online-reviewpayee11.com/files/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
activity.php
online-reviewpayee11.com/files/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- bank.barclays.co.uk
- URL
- https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-regular.woff
- Domain
- bank.barclays.co.uk
- URL
- https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-light.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Barclays (Banking)106 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend boolean| utag_condload object| utag function| e boolean| __tealium_twc_switch object| utag_cfg_ovrd object| adobe function| Visitor object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| angular number| ng339 function| _ function| getElementsByClassName function| getTextContent function| scFixed function| scFixed1Tag function| scAppendWholeTag function| scLowRankTag function| scProductsTag function| scSetLinkNameTag function| scCombinedP123 function| scRemap function| tagPageView function| tagAjaxContent function| tagQueryContents function| setFromClickTagsFTB function| scLinkTrack function| scLinkTrackError function| dcsMultiTrack function| scMeta function| scSetInitial function| scSetDerived function| isLoginPage function| isHomePage function| scSetHelpCardButtons function| scCleanUpEvents function| scLoginPagesTracking function| scCleanUp function| scSetValidationErrorMessage function| fireLoadEvent function| scSetErrorMessage function| scSetErrorServiceMessage function| scSetImpressions function| scSetLOGIN_METHOD function| scSetLOGIN_MECHANISM function| scSetLoginEvents function| scSetDeepLink function| scSetdcsuri function| scSetProducts function| scSetView function| getProp34 function| scSetPurchaseTracking function| scSetActivityTracking function| scSetLoginReg function| scSetPageName function| isMultipleSavedUsers function| scSetEvents function| scSetDcsvid function| scBarclaysCookieConsent function| scMapTag function| scSetTag function| scAddTag function| scUpdateLinkTrack function| scSaveBasePageName function| scRestoreBasePageName function| scSaveTakeoverPageName function| scRestoreTakeoverPageName object| AppName object| authloginDigitalData string| s_account object| dcs2sc string| scBasePageName string| scTakeoverPageName object| _self object| Prism string| digitalDataDeviceBuildId undefined| WebAnalytics function| cookieCat2Status object| s undefined| s_code undefined| s_objectID undefined| s_doPlugins undefined| s_gi undefined| s_giqf object| cdApi function| $ function| jQuery boolean| ie8 object| browser_detect function| mboxDefine function| mboxUpdate string| pathref object| dataLayer number| interval function| heartbeat5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
online-reviewpayee11.com/ | Name: PHPSESSID Value: c8d74fcf6476f6e12bd246176eafd82d |
|
.online-reviewpayee11.com/ | Name: bmuid Value: 1689103489991-0D07EF9B-B9CF-4271-8244-A33C5C3A850B |
|
.online-reviewpayee11.com/ | Name: cdContextId Value: 2 |
|
.online-reviewpayee11.com/ | Name: cdSNum Value: 1689103490169-sjt0000412-1b1ab714-74f6-4576-97de-5a8f07ae7cc4 |
|
.online-reviewpayee11.com/ | Name: utag_main Value: v_id:01894669da910021652c464af10c03074002006c00b08$_sn:1$_se:1$_ss:1$_st:1689105289682$ses_id:1689103489682%3Bexp-session$_pn:1%3Bexp-session$dc_visit:1$dc_event:1%3Bexp-session |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bank.barclays.co.uk
code.jquery.com
collect.tealiumiq.com
online-reviewpayee11.com
tags.tiqcdn.com
bank.barclays.co.uk
104.79.34.107
185.156.72.17
2001:4de0:ac18::1:a:1b
2600:9000:2117:2e00:7:2bfb:7c00:93a1
2600:9000:2117:e00:7:2bfb:7c00:93a1
3.126.145.180
02e9e14e36ad05a2a528e81898868b7c9fb738980d111599f4460dc7926aa1b0
03c2526a71f8b178491bca3226f69d72a28aa606133527c00b28adab490f940d
15453990b0077c212926dd887590149408d70ad1ce838d816c5280e9ce075162
20318e023853ac4d3e1f231b0532de4c39d83c629a4155756c021e57825dc884
225667650d0be401e4cb148aa2dea5ad695c19563d2f94cfa20aa7082c5c966a
23258114961c94563c3e7df66f059d487995e01f4ce666f2e5b84f1c499e63cc
2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e
32f5891b648500c4f534390e1c348060685ba728e64394d964e778eedabd7249
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
52aa6e020c0bb612dd9221d801a3ebda86836e047dbd30e21069248669061cbb
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
6c8476ca18e6e6acf89b1409d488dd0d95ea02b80b0c3b089e131c161ed7561b
90326fd2ae35b37049ca9b624acb2b698be96a509f3619cf647d686433eaaa15
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
9ade0326f7dc6af27f034b989c0e250569608abfd9ee01ce7210ea65a02ce836
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a546728e7a41fa06ad91c73ead1e750b17ded92f4640060be48ca3b66655b4aa
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
c7588e66ab3dfc34b4beda8e07aa630e5a764a001d7568244ef963c3620f3365
d98f81145048ee836f40a1eb9a22f6e6ef8fb704ef1aaa7170fecb1be0bb5caf
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e403ca417508832cedb771593ce705d180825d7d4e3b2643e295c0c6f83ce3fb
ed6604f7293bcfe87ee03795e418c40cb40a96444a320d45bb97dfdcf40a14b8
effa2f551ae3f572384002e36028aa1e85544462f42c28065731284e8f81bfcd
f6e78aa13caa13213f7169129ce9fcb7e381c35ab6cb84defa0526871b64228e
f8ea0e980b8bdca260f9f81d0e98360c3080fdc7fd3992cf611e05701e2e8a36