urlscan.io logo urlscan.io
SecurityTrails logo

dwppp.info Open in urlscan Pro
109.206.241.213  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://dwppp.info/update/login/login.php
Submission: On October 15 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 22 HTTP transactions. The main IP is 109.206.241.213, located in Ashburn, United States and belongs to AS_DELIS, US. The main domain is dwppp.info.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on October 13th 2022. Valid for: 3 months.
This is the only time dwppp.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Barclays (Banking)

Domain & IP information

IP Address AS Autonomous System
12 109.206.241.213 211252 (AS_DELIS)
1 2607:f8b0:400... 15169 (GOOGLE)
3 173.223.57.45 16625 (AKAMAI-AS)
3 104.110.153.2 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
22 6
12    109.206.241.213 (Ashburn, United States)

ASN211252 (AS_DELIS, US)
dwppp.info
1    2607:f8b0:4006:823::200a (United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
3    173.223.57.45 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a173-223-57-45.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
3    104.110.153.2 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-110-153-2.deploy.static.akamaitechnologies.com
bank.barclays.co.uk
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
12 dwppp.info
dwppp.info
172 KB
3 barclays.co.uk
bank.barclays.co.uk — Cisco Umbrella Rank: 138907
82 KB
3 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 968
14 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 216
3 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306
31 KB
22 5
Domain Requested by
12 dwppp.info dwppp.info
3 bank.barclays.co.uk dwppp.info
bank.barclays.co.uk
3 tags.tiqcdn.com dwppp.info
1 cdnjs.cloudflare.com dwppp.info
1 ajax.googleapis.com dwppp.info
22 5

This site contains links to these domains. Also see Links.

Domain
status.uk.barclays
www.barclays.co.uk
www.bsigroup.com
www.iso.org
www.fscs.org.uk
Subject Issuer Validity Valid
dwppp.info
ZeroSSL RSA Domain Secure Site CA		 2022-10-13 -
2023-01-11		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2022-02-27 -
2023-02-28		 a year crt.sh
bank.barclays.co.uk
DigiCert SHA2 Extended Validation Server CA		 2022-08-09 -
2023-08-09		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://dwppp.info/update/login/login.php
Frame ID: 92CE11FBCC8E32610E551934B8425B7E
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Step 1 - Who are you? - Barclays Online Banking

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

91 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

6
IPs

1
Countries

303 kB
Transfer

700 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
dwppp.info/update/login/ 		142 KB
142 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
5da17177b39d32ca8f949bde4f0041e5dbc126b9802db5e729cf8e2f3872555f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 15 Oct 2022 15:12:51 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 12:18:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10479
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 15 Oct 2023 12:18:12 GMT
utag.40.js
tags.tiqcdn.com/utag/barclaysuk/barclays-olb/PROD-G/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/barclaysuk/barclays-olb/PROD-G/utag.40.js?utv=ut4.46.202207191031
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.223.57.45 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-57-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
74e887257dcae8b8e8fb655bb4f6a08e427f69739260dc0330ced314ed44d23c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 15:12:51 GMT
content-encoding
gzip
last-modified
Tue, 19 Jul 2022 10:31:57 GMT
server
AkamaiNetStorage
etag
"8485eb0b9edca7616526bb702b852b9a:1658226717.947908"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
6323
expires
Sun, 30 Oct 2022 15:12:51 GMT
utag.34.js
tags.tiqcdn.com/utag/barclaysuk/barclays-olb/PROD-G/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/barclaysuk/barclays-olb/PROD-G/utag.34.js?utv=ut4.46.202207191031
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.223.57.45 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-57-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cb39877f6704a5d478e5e15635f08db07e4268050a2a0deaa4d4f7ec8a537a4c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 15:12:51 GMT
content-encoding
gzip
last-modified
Tue, 19 Jul 2022 10:32:01 GMT
server
AkamaiNetStorage
etag
"7c5d3e5d5a2e95a0939297dd7c09c4cf:1658226721.624489"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
6487
expires
Sun, 30 Oct 2022 15:12:51 GMT
utag.35.js
tags.tiqcdn.com/utag/barclaysuk/barclays-olb/PROD-G/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/barclaysuk/barclays-olb/PROD-G/utag.35.js?utv=ut4.46.202110270851
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.223.57.45 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-57-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
0c10ba07b680382fa1597a34d12f1a7c510fd84c84ad1e7a560c9cd9cf57f626

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 15:12:51 GMT
content-encoding
gzip
last-modified
Tue, 19 Jul 2022 10:32:00 GMT
server
AkamaiNetStorage
etag
"9a0633da8b216da1f6202952c0d93547:1658226720.555992"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1139
expires
Sun, 30 Oct 2022 15:12:51 GMT
rolb-theme-2-0.css
bank.barclays.co.uk//authlogin/css/ 		333 KB
69 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bank.barclays.co.uk//authlogin/css/rolb-theme-2-0.css?v=1652782834434
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.110.153.2 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-110-153-2.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
32f5891b648500c4f534390e1c348060685ba728e64394d964e778eedabd7249
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 15 Oct 2022 15:12:51 GMT
last-modified
Thu, 22 Sep 2022 06:55:35 GMT
etag
"11083-632c06e7"
vary
accept-encoding
content-type
text/css
accept-ranges
bytes
content-length
69763
x-ua-compatible
chrome=IE6
authlogin-bdl.css
bank.barclays.co.uk//authlogin/css/ 		50 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bank.barclays.co.uk//authlogin/css/authlogin-bdl.css?v=1652782834434
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.110.153.2 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-110-153-2.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
79d70600073cbe885ea0f39e0bf0864acea02b4e9e5780e9cf32a83744c70a48
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 15 Oct 2022 15:12:51 GMT
last-modified
Thu, 22 Sep 2022 06:55:35 GMT
etag
"2f67-632c06e7"
vary
accept-encoding
content-type
text/css
accept-ranges
bytes
content-length
12135
x-ua-compatible
chrome=IE6
jquery.payment.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 15:12:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3189681
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2420
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-210b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XsGBtN9zA8rWRLAoGkmvaX08gAEBW7ar%2FX%2BK2zN0VpRsalpvS7prNWv9GIH9iSbGYMAd2JeZ6yQcOB8JSBjOLGVbuaeAbFShurnTpIr33irvLZgfWtn%2BmmbV4bILjxw9Gcwpp7ZsgZXV984rCHOzbukt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
75a97ed30fc62994-ORD
expires
Thu, 05 Oct 2023 15:12:51 GMT
1321077850040-pin_step_1.jpg
dwppp.info/update/login/files/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321077850040-pin_step_1.jpg
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:51 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
1321077850061-pin_step_2.jpg
dwppp.info/update/login/files/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321077850061-pin_step_2.jpg
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:51 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
1321077850082-pin_step_3.jpg
dwppp.info/update/login/files/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321077850082-pin_step_3.jpg
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:51 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
1321077861212-mobile_step_1.jpg
dwppp.info/update/login/files/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321077861212-mobile_step_1.jpg
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:52 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
1321077856766-mobile_step_2.jpg
dwppp.info/update/login/files/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321077856766-mobile_step_2.jpg
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:52 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
1321077861233-mobile_step_4.jpg
dwppp.info/update/login/files/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321077861233-mobile_step_4.jpg
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:52 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
1321217916907-bsikitemarklogo.png
dwppp.info/update/login/files/images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321217916907-bsikitemarklogo.png
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
90326fd2ae35b37049ca9b624acb2b698be96a509f3619cf647d686433eaaa15

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:52 GMT
Last-Modified
Tue, 26 Jul 2022 19:39:22 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
13516
1321217916492-iso27001footer.JPG
dwppp.info/update/login/files/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321217916492-iso27001footer.JPG
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:52 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
1321217918424-cyberfooter.jpg
dwppp.info/update/login/files/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/1321217918424-cyberfooter.jpg
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
effa2f551ae3f572384002e36028aa1e85544462f42c28065731284e8f81bfcd

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:52 GMT
Last-Modified
Tue, 26 Jul 2022 19:39:50 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
9222
login-fscs.png
dwppp.info/update/login/files/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwppp.info/update/login/files/images/login-fscs.png
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash
2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:52 GMT
Last-Modified
Tue, 26 Jul 2022 19:40:04 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
5419
bdlLogin.bootstrap.min.js
dwppp.info/authlogin/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://dwppp.info/authlogin/bdlLogin.bootstrap.min.js?v=1652782834434
Requested by
Host: dwppp.info
URL: https://dwppp.info/update/login/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
109.206.241.213 Ashburn, United States, ASN211252 (AS_DELIS, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dwppp.info/update/login/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Sat, 15 Oct 2022 15:12:51 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
Padlock_icon.svg
bank.barclays.co.uk//authlogin/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bank.barclays.co.uk//authlogin/img/Padlock_icon.svg
Requested by
Host: bank.barclays.co.uk
URL: https://bank.barclays.co.uk//authlogin/css/authlogin-bdl.css?v=1652782834434
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.110.153.2 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-110-153-2.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://bank.barclays.co.uk//authlogin/css/authlogin-bdl.css?v=1652782834434
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 15 Oct 2022 15:12:51 GMT
last-modified
Thu, 22 Sep 2022 06:55:35 GMT
etag
"2f3-632c06e7"
vary
accept-encoding
content-type
image/svg+xml
accept-ranges
bytes
content-length
755
x-ua-compatible
chrome=IE6
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
03af6526f05c31ff2464c437502213ef4afee275fdc13aa2bfdea24e73ec33a9

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
expert-sans-regular.woff
bank.barclays.co.uk//authlogin/css/fonts/ 		0
0
expert-sans-light.woff
bank.barclays.co.uk//authlogin/css/fonts/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bank.barclays.co.uk
URL
https://bank.barclays.co.uk//authlogin/css/fonts/expert-sans-regular.woff
Domain
bank.barclays.co.uk
URL
https://bank.barclays.co.uk//authlogin/css/fonts/expert-sans-light.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Barclays (Banking)

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery string| s_account string| pathref boolean| ie8 object| bdlLogin boolean| asyncChatSwitch boolean| webChatSwitch boolean| wealthValue boolean| wealthSwitch boolean| privateBankValue boolean| privateBankSwitch boolean| contactUsSwitch boolean| cp1620Day2Switch boolean| barclaysDirectInvesting boolean| multiaddress boolean| multipreviousname boolean| addressLookUpSwitch string| serverDate string| dLink string| adobeDtmSwitch string| wealthType boolean| bcEnabled string| bcSlothInc boolean| bioCatch2 string| bcSlothVer string| bcSlothcdAPI string| bcSlothEngineI boolean| clarisiteSwitch boolean| digitalDataSwitch boolean| flatDigitalDataEnable boolean| tntSwitch boolean| isSolusSwitch boolean| siCredentialResetSwitch boolean| mortgageMasterSwitch boolean| mortgageFLDSwitch boolean| mortgageLockedOutSwitchValue boolean| mortgagePasscodeSwitch boolean| serviceStatusSwitch boolean| registrationRedirectSwitch boolean| speedyRegistrationRedirectSwitch boolean| checkMarxHighVulnerabilitySwitch boolean| lowVulnerabilitySwitch boolean| cookieBannerSwitch boolean| cookieConsentSwitch boolean| merchantSolusLiteSwitch boolean| threatMetrixExpansionSwitch boolean| otpServiceApiMigrationSwitch function| triggerRainID function| loadKrux function| myFunction function| myFunction1 function| myFunction2 object| dataLayer function| validate

1 Cookies

Domain/Path Name / Value
dwppp.info/ Name: PHPSESSID
Value: 99ca9af2471ee6c9ff5d3cbe1bc9edd0

12 Console Messages

Source Level URL
Text
network error URL: https://dwppp.info/update/login/files/images/1321077850040-pin_step_1.jpg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://dwppp.info/update/login/files/images/1321077850061-pin_step_2.jpg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://dwppp.info/update/login/files/images/1321077850082-pin_step_3.jpg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://dwppp.info/authlogin/bdlLogin.bootstrap.min.js?v=1652782834434
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://dwppp.info/update/login/files/images/1321077861212-mobile_step_1.jpg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://dwppp.info/update/login/files/images/1321077856766-mobile_step_2.jpg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://dwppp.info/update/login/files/images/1321077861233-mobile_step_4.jpg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://dwppp.info/update/login/files/images/1321217916492-iso27001footer.JPG
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript error URL: https://dwppp.info/update/login/login.php
Message:
Access to font at 'https://bank.barclays.co.uk//authlogin/css/fonts/expert-sans-regular.woff' from origin 'https://dwppp.info' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://bank.barclays.co.uk//authlogin/css/fonts/expert-sans-regular.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://dwppp.info/update/login/login.php
Message:
Access to font at 'https://bank.barclays.co.uk//authlogin/css/fonts/expert-sans-light.woff' from origin 'https://dwppp.info' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://bank.barclays.co.uk//authlogin/css/fonts/expert-sans-light.woff
Message:
Failed to load resource: net::ERR_FAILED