80.85.242.50 Open in urlscan Pro
80.85.242.50 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://80.85.242.50/p/ss.html
Effective URL:
https://80.85.242.50/p/ss.html
Submission: On October 24 via api (October 24th 2023, 9:21:11 pm UTC) from GB — Scanned from GB

Summary HTTP 11 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 80.85.242.50, located in Frankfurt am Main, Germany and belongs to SPACECORE, GB. The main domain is 80.85.242.50.
TLS certificate: Issued by R3 on October 24th 2023. Valid for: 3 months.

This is the only time 80.85.242.50 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Barclays (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 5	80.85.242.50 80.85.242.50	198037 (SPACECORE) (SPACECORE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
6	23.36.238.127 23.36.238.127	16625 (AKAMAI-AS) (AKAMAI-AS)
11	4

5 80.85.242.50 (Frankfurt am Main, Germany) 1 redirects

ASN198037 (SPACECORE, GB)
PTR: 139779.vm.spacecore.network

80.85.242.50	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.36.238.127 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-36-238-127.deploy.static.akamaitechnologies.com

bank.barclays.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	barclays.co.uk bank.barclays.co.uk — Cisco Umbrella Rank: 164456	275 KB
1	gstatic.com www.gstatic.com	5 KB
11	2

	Domain	Requested by
6	bank.barclays.co.uk	80.85.242.50 bank.barclays.co.uk
1	www.gstatic.com	80.85.242.50
11	2

This site contains links to these domains. Also see Links.

Domain
www.barclays.co.uk
status.uk.barclays
www.bsigroup.com
www.iso.org
www.fscs.org.uk

Subject Issuer	Validity	Valid
barclay.ketoluke.com R3	`2023-10-24` - `2024-01-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
bank.barclays.co.uk DigiCert SHA2 Extended Validation Server CA	`2023-07-13` - `2024-08-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://80.85.242.50/p/ss.html
Frame ID: 565AB4F70CA40EAFB0859FB43A9F8200
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Step 1 - Login details - Barclays Online Banking

Page URL History Show full URLs

http://80.85.242.50/p/ss.html HTTP 301
https://80.85.242.50/p/ss.html Page URL

Page Statistics

11
Requests

64 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

4
IPs

1
Countries

389 kB
Transfer

811 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.barclays.co.uk/

Search URL Search Domain Scan URL

URL: http://www.barclays.co.uk/security
Title: Secure

Search URL Search Domain Scan URL

URL: https://status.uk.barclays/
Title: status.uk.barclays

Search URL Search Domain Scan URL

URL: https://www.barclays.co.uk/help/online-banking/login/setup-passcode-word/
Title: find out how

Search URL Search Domain Scan URL

URL: https://www.barclays.co.uk/help/mobile-banking/pinsentry/info/
Title: www.barclays.co.uk/help/mobile-banking/pinsentry/info/

Search URL Search Domain Scan URL

URL: http://www.barclays.co.uk/Contactus/Contactus/P1242561757335
Title: Contact us

Search URL Search Domain Scan URL

URL: http://www.barclays.co.uk/accessibility/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.barclays.co.uk/important-information/cookies-policy/
Title: See our cookies policy

Search URL Search Domain Scan URL

URL: http://www.bsigroup.com/

Search URL Search Domain Scan URL

URL: https://www.iso.org/isoiec-27001-information-security.html

Search URL Search Domain Scan URL

URL: https://www.barclays.co.uk/digisafe/

Search URL Search Domain Scan URL

URL: https://www.fscs.org.uk/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://80.85.242.50/p/ss.html HTTP 301
https://80.85.242.50/p/ss.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request ss.html Show response
80.85.242.50/p/
Redirect Chain

http://80.85.242.50/p/ss.html
https://80.85.242.50/p/ss.html

53 KB
7 KB

410ms
79ms

Document
text/html

80.85.242.50
SPACECORE

General

Check archive.org

Show headers Download Go to

Full URL: https://80.85.242.50/p/ss.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 80.85.242.50 Frankfurt am Main, Germany, ASN198037 (SPACECORE, GB),
Reverse DNS: 139779.vm.spacecore.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 69b1fb62c886b9b26f1769c913889b20fa2b27a0d53d8ffeb547ebce7969fd59

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 24 Oct 2023 21:21:04 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Type: text/html
Date: Tue, 24 Oct 2023 21:21:04 GMT
Location: https://80.85.242.50:443/p/ss.html
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H2 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/ 22 KB
5 KB 207ms
46ms Stylesheet
text/css 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css

Requested by

Host: 80.85.242.50
URL: https://80.85.242.50/p/ss.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://80.85.242.50/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 06:14:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 486382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4144
x-xss-protection: 0
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Oct 2024 06:14:44 GMT

GET
H/1.1 200
OK rolb-theme.css
80.85.242.50/assets/css/ 377 KB
59 KB 75ms
74ms Stylesheet
text/css 80.85.242.50
SPACECORE

General

Check archive.org

Show headers Download Go to

Full URL: https://80.85.242.50/assets/css/rolb-theme.css
Requested by: Host: 80.85.242.50
URL: https://80.85.242.50/p/ss.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 80.85.242.50 Frankfurt am Main, Germany, ASN198037 (SPACECORE, GB),
Reverse DNS: 139779.vm.spacecore.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c2bba8ccaeef2f48b6f93b890c83a1a17148152e9404bbc9fa8f1235cb5ddfca

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://80.85.242.50/p/ss.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 24 Oct 2023 21:21:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Oct 2023 00:33:32 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: W/"6535bf5c-5e3f9"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Wed, 25 Oct 2023 21:21:05 GMT

GET
H2 200 authlogin-bdl.css
bank.barclays.co.uk/authlogin/css/ 50 KB
12 KB 577ms
412ms Stylesheet
text/css 23.36.238.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.css?v=1695979909401

Requested by

Host: 80.85.242.50
URL: https://80.85.242.50/p/ss.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-36-238-127.deploy.static.akamaitechnologies.com

Software

Resource Hash

79d70600073cbe885ea0f39e0bf0864acea02b4e9e5780e9cf32a83744c70a48

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://80.85.242.50/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 24 Oct 2023 21:21:06 GMT
last-modified: Thu, 05 Oct 2023 08:15:07 GMT
etag: "2f67-651e708b"
vary: accept-encoding
content-type: text/css
accept-ranges: bytes
content-length: 12135
x-ua-compatible: chrome=IE6

GET
H2 200 mark-of-trust-kitemark-logo.png
bank.barclays.co.uk/OLB/A/Content/Images/ 44 KB
44 KB 712ms
548ms Image
image/png 23.36.238.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.barclays.co.uk/OLB/A/Content/Images/mark-of-trust-kitemark-logo.png

Requested by

Host: 80.85.242.50
URL: https://80.85.242.50/p/ss.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-36-238-127.deploy.static.akamaitechnologies.com

Software

Resource Hash

cfb4f173773e27492a29df5d845616dc8e277f27a3f7c844f1ae456f95393c49

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://80.85.242.50/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Tue, 24 Oct 2023 21:21:07 GMT
last-modified: Thu, 15 Dec 2022 12:46:59 GMT
etag: "ae82-639b1743"
content-type: image/png
accept-ranges: bytes
content-length: 44674
x-ua-compatible: chrome=IE6

GET
H2 200 mark-of-trust-certified-logo.png
bank.barclays.co.uk/OLB/A/Content/Images/ 46 KB
47 KB 576ms
412ms Image
image/png 23.36.238.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.barclays.co.uk/OLB/A/Content/Images/mark-of-trust-certified-logo.png

Requested by

Host: 80.85.242.50
URL: https://80.85.242.50/p/ss.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-36-238-127.deploy.static.akamaitechnologies.com

Software

Resource Hash

890910ea7ff6e5484f37a80f492f03b7c6a49ce73089d732de137ec4f968bacc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://80.85.242.50/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Tue, 24 Oct 2023 21:21:06 GMT
last-modified: Thu, 15 Dec 2022 12:46:59 GMT
etag: "b8f4-639b1743"
content-type: image/png
accept-ranges: bytes
content-length: 47348
x-ua-compatible: chrome=IE6

GET
H2 200 Cyber-Essentials-Plus-logo.png
bank.barclays.co.uk/OLB/A/Content/Images/ 166 KB
166 KB 576ms
413ms Image
image/png 23.36.238.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.barclays.co.uk/OLB/A/Content/Images/Cyber-Essentials-Plus-logo.png

Requested by

Host: 80.85.242.50
URL: https://80.85.242.50/p/ss.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-36-238-127.deploy.static.akamaitechnologies.com

Software

Resource Hash

53658b0d2d395aad315abf3906b9e9a95f9601727b9df0630b9cd87e6c90a0f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://80.85.242.50/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Tue, 24 Oct 2023 21:21:06 GMT
last-modified: Thu, 15 Dec 2022 12:46:59 GMT
etag: "296d8-639b1743"
content-type: image/png
accept-ranges: bytes
content-length: 169688
x-ua-compatible: chrome=IE6

GET
H2 200 login-fscs.png
bank.barclays.co.uk/OLB/A/Content/Images/ 5 KB
6 KB 576ms
413ms Image
image/png 23.36.238.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.barclays.co.uk/OLB/A/Content/Images/login-fscs.png

Requested by

Host: 80.85.242.50
URL: https://80.85.242.50/p/ss.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-36-238-127.deploy.static.akamaitechnologies.com

Software

Resource Hash

2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://80.85.242.50/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Tue, 24 Oct 2023 21:21:06 GMT
last-modified: Wed, 09 Sep 2020 09:55:15 GMT
etag: "152b-5f58a683"
content-type: image/png
accept-ranges: bytes
content-length: 5419
x-ua-compatible: chrome=IE6

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H2 200 Padlock_icon.svg
bank.barclays.co.uk/authlogin/img/ 2 KB
1 KB 300ms
300ms Image
image/svg+xml 23.36.238.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.barclays.co.uk/authlogin/img/Padlock_icon.svg

Requested by

Host: bank.barclays.co.uk
URL: https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.css?v=1695979909401

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-36-238-127.deploy.static.akamaitechnologies.com

Software

Resource Hash

b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.css?v=1695979909401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 24 Oct 2023 21:21:07 GMT
last-modified: Thu, 05 Oct 2023 08:15:07 GMT
etag: "2f3-651e708b"
vary: accept-encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 755
x-ua-compatible: chrome=IE6

GET
H/1.1 200
OK expert-sans-regular.woff
80.85.242.50/assets/fonts/ 21 KB
22 KB 73ms
72ms Font
application/font-woff 80.85.242.50
SPACECORE

General

Check archive.org

Show headers Download Go to

Full URL: https://80.85.242.50/assets/fonts/expert-sans-regular.woff
Requested by: Host: 80.85.242.50
URL: https://80.85.242.50/assets/css/rolb-theme.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 80.85.242.50 Frankfurt am Main, Germany, ASN198037 (SPACECORE, GB),
Reverse DNS: 139779.vm.spacecore.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f

Request headers

Referer: https://80.85.242.50/assets/css/rolb-theme.css
Origin: https://80.85.242.50
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 24 Oct 2023 21:21:05 GMT
Last-Modified: Mon, 23 Oct 2023 00:33:10 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6535bf46-55a4"
Content-Type: application/font-woff
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21924
Expires: Wed, 25 Oct 2023 21:21:05 GMT

GET
H/1.1 200
OK expert-sans-light.woff
80.85.242.50/assets/fonts/ 21 KB
22 KB 173ms
68ms Font
application/font-woff 80.85.242.50
SPACECORE

General

Check archive.org

Show headers Download Go to

Full URL: https://80.85.242.50/assets/fonts/expert-sans-light.woff
Requested by: Host: 80.85.242.50
URL: https://80.85.242.50/assets/css/rolb-theme.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 80.85.242.50 Frankfurt am Main, Germany, ASN198037 (SPACECORE, GB),
Reverse DNS: 139779.vm.spacecore.network
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: cfd7fb9f4a18ffee0a0c870a6a43435d7cb9678f7f56f67bef0ba433f14e766e

Request headers

Referer: https://80.85.242.50/assets/css/rolb-theme.css
Origin: https://80.85.242.50
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 24 Oct 2023 21:21:05 GMT
Last-Modified: Mon, 23 Oct 2023 00:33:04 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6535bf40-555c"
Content-Type: application/font-woff
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21852
Expires: Wed, 25 Oct 2023 21:21:05 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Barclays (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank.barclays.co.uk
www.gstatic.com
23.36.238.127
2a00:1450:4001:813::2003
80.85.242.50
2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e
4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f
53658b0d2d395aad315abf3906b9e9a95f9601727b9df0630b9cd87e6c90a0f2
69b1fb62c886b9b26f1769c913889b20fa2b27a0d53d8ffeb547ebce7969fd59
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
79d70600073cbe885ea0f39e0bf0864acea02b4e9e5780e9cf32a83744c70a48
890910ea7ff6e5484f37a80f492f03b7c6a49ce73089d732de137ec4f968bacc
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
c2bba8ccaeef2f48b6f93b890c83a1a17148152e9404bbc9fa8f1235cb5ddfca
cfb4f173773e27492a29df5d845616dc8e277f27a3f7c844f1ae456f95393c49
cfd7fb9f4a18ffee0a0c870a6a43435d7cb9678f7f56f67bef0ba433f14e766e
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6

80.85.242.50 Open in urlscan Pro 80.85.242.50 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

64 %HTTPS

33 %IPv6

2 Domains

2 Subdomains

4 IPs

1 Countries

389 kBTransfer

811 kBSize

0 Cookies

12 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

80.85.242.50 Open in urlscan Pro
80.85.242.50 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

64 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

4
IPs

1
Countries

389 kB
Transfer

811 kB
Size

0
Cookies

11 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!