payee.cancellation43.com
Open in
urlscan Pro
69.30.224.162
Malicious Activity!
Public Scan
URL:
https://payee.cancellation43.com/loading.php
Submission: On June 20 via api from GB — Scanned from GB
Submission: On June 20 via api from GB — Scanned from GB
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 17 HTTP transactions.
The main IP is 69.30.224.162, located in
United States and
belongs to WII, US.
The main domain is payee.cancellation43.com.
TLS certificate: Issued by R3 on June 20th 2022. Valid for: 3 months.
This is the only time payee.cancellation43.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on June 20th 2022. Valid for: 3 months.
This is the only time payee.cancellation43.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Barclays (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 4 | 69.30.224.162 69.30.224.162 | 32097 (WII) (WII) | |
| 11 | 104.92.107.46 104.92.107.46 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
| 17 | 4 |
11
104.92.107.46
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a104-92-107-46.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-92-107-46.deploy.static.akamaitechnologies.com
| bank.barclays.co.uk |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
barclays.co.uk
bank.barclays.co.uk — Cisco Umbrella Rank: 163474 |
427 KB |
| 4 |
cancellation43.com
payee.cancellation43.com |
27 KB |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 686 |
83 KB |
| 17 | 3 |
| Domain | Requested by | |
|---|---|---|
| 11 | bank.barclays.co.uk |
payee.cancellation43.com
bank.barclays.co.uk |
| 4 | payee.cancellation43.com |
payee.cancellation43.com
code.jquery.com |
| 1 | code.jquery.com |
payee.cancellation43.com
|
| 17 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.barclays.co.uk |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.payee.cancellation43.com R3 |
2022-06-20 - 2022-09-18 |
3 months | crt.sh |
| bank.barclays.co.uk Entrust Certification Authority - L1M |
2021-08-19 - 2022-08-19 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://payee.cancellation43.com/loading.php
Frame ID: 2EFBF5776602AD8C0A75CDEB50934F33
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Step 2 - Confirm your ID - Barclays Online BankingDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
AngularJS
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \bangular.{0,32}\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: http://www.barclays.co.uk/security
Title: Secure
Title: Secure
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
loading.php
payee.cancellation43.com/ |
25 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
polyfill.wp.js
bank.barclays.co.uk//authlogin/lib/ |
98 KB 98 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/ |
105 KB 39 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular-route.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular-cookies.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/ |
833 B 812 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular-sanitize.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/ |
4 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bdlLogin-rolb-dss.min.js
bank.barclays.co.uk//authlogin/ |
254 KB 66 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bdlLogin-libraries.min.js
bank.barclays.co.uk//authlogin/ |
71 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bdlLogin-rolb-app.min.js
bank.barclays.co.uk//authlogin/ |
276 KB 77 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.5.1.js
code.jquery.com/ |
281 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
rolb-theme-2-0.css
bank.barclays.co.uk//authlogin/css/ |
333 KB 69 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
authlogin-bdl.min.css
bank.barclays.co.uk//authlogin/css/ |
45 KB 45 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1321077850566-sortcode_account_number_card.jpg
payee.cancellation43.com/OLB/A/Content/Images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Padlock_icon.svg
bank.barclays.co.uk//authlogin/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
expert-sans-regular.woff
bank.barclays.co.uk//authlogin/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
activity.php
payee.cancellation43.com/files/ |
315 B 515 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
activity.php
payee.cancellation43.com/files/ |
315 B 515 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- bank.barclays.co.uk
- URL
- https://bank.barclays.co.uk//authlogin/css/fonts/expert-sans-regular.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Barclays (Banking)92 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| angular number| ng339 function| _ function| getElementsByClassName function| getTextContent function| scFixed function| scFixed1Tag function| scAppendWholeTag function| scLowRankTag function| scProductsTag function| scSetLinkNameTag function| scCombinedP123 function| scRemap function| tagPageView function| tagAjaxContent function| tagQueryContents function| setFromClickTagsFTB function| scLinkTrack function| scLinkTrackError function| dcsMultiTrack function| scMeta function| scSetInitial function| scSetDerived function| isLoginPage function| isHomePage function| scSetHelpCardButtons function| scCleanUpEvents function| scLoginPagesTracking function| scCleanUp function| scSetValidationErrorMessage function| fireLoadEvent function| scSetErrorMessage function| scSetErrorServiceMessage function| scSetImpressions function| scSetLOGIN_METHOD function| scSetLOGIN_MECHANISM function| scSetLoginEvents function| scSetDeepLink function| scSetdcsuri function| scSetProducts function| scSetView function| getProp34 function| scSetPurchaseTracking function| scSetActivityTracking function| scSetLoginReg function| scSetPageName function| isMultipleSavedUsers function| scSetEvents function| scSetDcsvid function| scBarclaysCookieConsent function| scMapTag function| scSetTag function| scAddTag function| scUpdateLinkTrack function| scSaveBasePageName function| scRestoreBasePageName function| scSaveTakeoverPageName function| scRestoreTakeoverPageName object| AppName object| authloginDigitalData string| s_account object| dcs2sc string| scBasePageName string| scTakeoverPageName object| _self object| Prism string| digitalDataDeviceBuildId undefined| WebAnalytics function| $ function| jQuery boolean| ie8 object| dataLayer number| interval function| heartbeat1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| payee.cancellation43.com/ | Name: PHPSESSID Value: 490cfe3f7692af795b5d247fbc1b7368 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bank.barclays.co.uk
code.jquery.com
payee.cancellation43.com
bank.barclays.co.uk
104.92.107.46
2001:4de0:ac18::1:a:3b
69.30.224.162
02e9e14e36ad05a2a528e81898868b7c9fb738980d111599f4460dc7926aa1b0
073f5b7ffebc61098e2b649f2067252032ff1865167948af2a8847f5d8f760f6
1d3fef663505e5ce8eccf28b01bb423260210ff6e57c33853adf372194c3f593
20318e023853ac4d3e1f231b0532de4c39d83c629a4155756c021e57825dc884
225667650d0be401e4cb148aa2dea5ad695c19563d2f94cfa20aa7082c5c966a
23258114961c94563c3e7df66f059d487995e01f4ce666f2e5b84f1c499e63cc
3d189cf625d46ea41cff74ba7c2729c548f9a443552ac8c5888f2b8b0dc75c60
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
5e831e894d2344740008f0f5371ce0f837554ea42d5f7724706889b0bb725829
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
9d8eff3e6cbc74da3134113cd49580223a42abf734118ab2d9fc8826179b99ed
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
c7588e66ab3dfc34b4beda8e07aa630e5a764a001d7568244ef963c3620f3365
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6
f8ea0e980b8bdca260f9f81d0e98360c3080fdc7fd3992cf611e05701e2e8a36