customer.barclays-partnerfinance.com
Open in
urlscan Pro
162.13.22.56
Malicious Activity!
Public Scan
Submission: On January 04 via manual from US — Scanned from GB
Summary
TLS certificate: Issued by Entrust Certification Authority - L1M on February 15th 2022. Valid for: a year.
This is the only time customer.barclays-partnerfinance.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Barclays (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 162.13.22.56 162.13.22.56 | 15395 (RACKSPACE...) (RACKSPACE-LON) | |
2 | 2a02:26f0:f70... 2a02:26f0:f700:481::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 52.208.172.164 52.208.172.164 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 34.249.28.111 34.249.28.111 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.36.218.177 13.36.218.177 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 54.171.1.252 54.171.1.252 | 16509 (AMAZON-02) (AMAZON-02) | |
2 2 | 142.251.39.66 142.251.39.66 | 15169 (GOOGLE) (GOOGLE) | |
16 | 6 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-172-164.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-28-111.eu-west-1.compute.amazonaws.com
barclaysbankplc.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
barclaysuk.sc.omtrdc.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-1-252.eu-west-1.compute.amazonaws.com
cm.everesttech.net |
ASN15169 (GOOGLE, US)
PTR: bud02s39-in-f2.1e100.net
cm.g.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
barclays-partnerfinance.com
customer.barclays-partnerfinance.com |
434 KB |
5 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 301 barclaysbankplc.demdex.net — Cisco Umbrella Rank: 385174 |
8 KB |
2 |
doubleclick.net
2 redirects
cm.g.doubleclick.net — Cisco Umbrella Rank: 321 |
1 KB |
2 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 500 |
49 KB |
1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 1416 |
517 B |
1 |
omtrdc.net
barclaysuk.sc.omtrdc.net — Cisco Umbrella Rank: 87378 |
446 B |
16 | 6 |
Domain | Requested by | |
---|---|---|
8 | customer.barclays-partnerfinance.com |
customer.barclays-partnerfinance.com
|
4 | dpm.demdex.net |
assets.adobedtm.com
|
2 | cm.g.doubleclick.net | 2 redirects |
2 | assets.adobedtm.com |
customer.barclays-partnerfinance.com
assets.adobedtm.com |
1 | cm.everesttech.net | 1 redirects |
1 | barclaysuk.sc.omtrdc.net |
assets.adobedtm.com
|
1 | barclaysbankplc.demdex.net |
assets.adobedtm.com
|
16 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.barclayspartnerfinance.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
customer.barclays-partnerfinance.com Entrust Certification Authority - L1M |
2022-02-15 - 2023-02-15 |
a year | crt.sh |
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-19 - 2023-08-19 |
a year | crt.sh |
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-26 - 2023-10-27 |
a year | crt.sh |
*.sc.omtrdc.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-02-17 - 2023-03-07 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://customer.barclays-partnerfinance.com/
Frame ID: 93CF7B02976FB22E66CF8D4EA726879A
Requests: 17 HTTP requests in this frame
Frame:
https://barclaysbankplc.demdex.net/dest5.html?d_nsid=0
Frame ID: 8E4547A204286D7E46B3BFE0B0E7B343
Requests: 2 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: cookies policyOpens in a new window
Search URL Search Domain Scan URL
Title: Barclays Partner FinanceOpens in a new window
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://cm.everesttech.net/cm/dd?d_uuid=04791069792163786424285722296736888541 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y7XtxwAAAG429AOJ
- https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDQ3OTEwNjk3OTIxNjM3ODY0MjQyODU3MjIyOTY3MzY4ODg1NDE= HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDQ3OTEwNjk3OTIxNjM3ODY0MjQyODU3MjIyOTY3MzY4ODg1NDE=&google_tc= HTTP 302
- https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESED7gTOk78EfE0-lNQho-pz4&google_cver=1?gdpr=0&gdpr_consent=
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
customer.barclays-partnerfinance.com/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.11499f.css
customer.barclays-partnerfinance.com/ |
244 KB 45 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.913556.css
customer.barclays-partnerfinance.com/ |
264 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.cce641.js
customer.barclays-partnerfinance.com/ |
853 KB 258 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-989b42b41a54.min.js
assets.adobedtm.com/230591edb41d/941e2f83c519/ |
111 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
602 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EX96f0fc54deb741c692d5e0c0d91a6e0f-libraryCode_source.min.js
assets.adobedtm.com/230591edb41d/941e2f83c519/b9ca964ffa6c/ |
34 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
279 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
expertsans-regular-webfont.woff
customer.barclays-partnerfinance.com/fonts/ |
21 KB 22 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
expertsans-light-webfont.woff
customer.barclays-partnerfinance.com/fonts/ |
21 KB 22 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
expertsans-b14-light-webfont.woff
customer.barclays-partnerfinance.com/fonts/ |
21 KB 22 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
logs
customer.barclays-partnerfinance.com/api/logs/ |
46 B 580 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
barclaysbankplc.demdex.net/ Frame 8E45 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
barclaysuk.sc.omtrdc.net/ |
42 B 446 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=411&dpuuid=Y7XtxwAAAG429AOJ
dpm.demdex.net/ Redirect Chain
|
42 B 948 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
602 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=771&dpuuid=CAESED7gTOk78EfE0-lNQho-pz4&google_cver=1
dpm.demdex.net/ Frame 8E45 Redirect Chain
|
42 B 942 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Barclays (Banking)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontentvisibilityautostatechange object| head string| dev string| staging string| production string| src object| script object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| webpackJsonp object| __core-js_shared__ object| core function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq string| siteUrl object| s string| s_account number| s_objectID number| s_giq11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
customer.barclays-partnerfinance.com/ | Name: acceptedCookie Value: true |
|
customer.barclays-partnerfinance.com/ | Name: XSRF-TOKEN Value: 68b98d57-b059-44ad-8829-35b412187a37 |
|
customer.barclays-partnerfinance.com/ | Name: pcid Value: 167286727117160687347233655133 |
|
.demdex.net/ | Name: demdex Value: 04791069792163786424285722296736888541 |
|
.barclays-partnerfinance.com/ | Name: AMCVS_14CF22CE52782FEA0A490D4D%40AdobeOrg Value: 1 |
|
.omtrdc.net/ | Name: s_vi Value: [CS]v1|31DAF6E3996D2BCB-600000855A3E530D[CE] |
|
.everesttech.net/ | Name: everest_g_v2 Value: g_surferid~Y7XtxwAAAG429AOJ |
|
.dpm.demdex.net/ | Name: dpm Value: 04791069792163786424285722296736888541 |
|
.barclays-partnerfinance.com/ | Name: AMCV_14CF22CE52782FEA0A490D4D%40AdobeOrg Value: 870038026%7CMCIDTS%7C19362%7CMCMID%7C07334995949908765694031347307221977686%7CMCAAMLH-1673472072%7C6%7CMCAAMB-1673472072%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1672874472s%7CNONE%7CMCAID%7C31DAF6E3996D2BCB-600000855A3E530D%7CMCSYNCSOP%7C411-19369%7CvVersion%7C5.0.0 |
|
.demdex.net/ | Name: dextp Value: 771-1-1672867272172 |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUkIrCTnzgcDtFsiqitGwgjK_R-eTx5KxDE_lENzbjeFu00fCvwA1T8Qyy6B5Ns |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
barclaysbankplc.demdex.net
barclaysuk.sc.omtrdc.net
cm.everesttech.net
cm.g.doubleclick.net
customer.barclays-partnerfinance.com
dpm.demdex.net
13.36.218.177
142.251.39.66
162.13.22.56
2a02:26f0:f700:481::1e80
34.249.28.111
52.208.172.164
54.171.1.252
042f7f9732c327c5e7966f150cb871447812e10c825947ffa22c4b1940d5405f
121779e7a32a19b591224b8eb1b264d2c0688ea6c275098ae2304a8c215d0e0e
4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f
4d6a847b81f61094de5a07dfbb1e2e8885bf1d46925efa332398ed88404c73a3
6105ed779494f42b8a05fe8b8b209a2dc179ab2c2457fd0b1930dc09743ff982
705e1a3cd2d918014214c40a19f2a5d5e79a0299a3f183a64484f18e695e7ef4
7531bcf88a7a7637a29bd87b4eb7208279e529ab4a1b6f37fa4164b28e31ceb0
763058f8b9ad8867f5de66f96f904aa0309fb875927ae12655da55745b82831b
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
b994761694e3c9f132600657811797bbc94ad165a4ba0fa7f09ecf2701908697
c4039aa2e82ba007f66cc9e4cbd4ea7f0ee8d999686524ea788d850fc7ee91af
cfd7fb9f4a18ffee0a0c870a6a43435d7cb9678f7f56f67bef0ba433f14e766e
dfff8ee6d6963a6cc193d0b42fb83815a9eee0a0685154be37919872ea16ca1f
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0207d845ffe48a70fbf656dcd65fdc641ef7dac025584036bc4665102f0f03d
fac8779798b7f7bc2ad2916438348f8fb5ae6f56b09d8e9f5d1eaa73184b7fbd