barclaysdownloads.com
Open in
urlscan Pro
104.25.153.27
Malicious Activity!
Public Scan
Effective URL: https://barclaysdownloads.com/
Submission: On May 10 via manual from US
Summary
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on May 10th 2018. Valid for: 6 months.
This is the only time barclaysdownloads.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Barclays (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.25.152.27 104.25.152.27 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 104.25.153.27 104.25.153.27 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
4 | 52.71.63.227 52.71.63.227 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
3 | 23.38.53.224 23.38.53.224 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
9 | 4 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
barclaysdownloads.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
barclaysdownloads.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-71-63-227.compute-1.amazonaws.com
secure.na1.echocdn.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-53-224.deploy.static.akamaitechnologies.com
use.typekit.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
echocdn.com
secure.na1.echocdn.com |
81 KB |
3 |
typekit.net
use.typekit.net |
228 KB |
3 |
barclaysdownloads.com
1 redirects
barclaysdownloads.com |
10 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
4 | secure.na1.echocdn.com |
barclaysdownloads.com
|
3 | use.typekit.net |
barclaysdownloads.com
|
3 | barclaysdownloads.com |
1 redirects
barclaysdownloads.com
|
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssl390319.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-05-10 - 2018-11-16 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://barclaysdownloads.com/
Frame ID: 53D83661F1666A6FAA292487586234D5
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://barclaysdownloads.com/
HTTP 301
https://barclaysdownloads.com/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://barclaysdownloads.com/
HTTP 301
https://barclaysdownloads.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
barclaysdownloads.com/ Redirect Chain
|
22 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
grayskin.css
secure.na1.echocdn.com/resource/1978084650/style/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
echosign.css
secure.na1.echocdn.com/resource/N31624280/bundles/ |
337 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
esign.css
secure.na1.echocdn.com/resource/N2142260370/bundles/ |
124 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
barclaysdownloads.com/cdn-cgi/scripts/f2bf09f8/cloudflare-static/ |
1 KB 802 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
protected_document.png
secure.na1.echocdn.com/images/esign/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
l
use.typekit.net/af/24c826/000000000000000000017701/27/ |
76 KB 76 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
l
use.typekit.net/af/c2b3ac/0000000000000000000176ff/27/ |
74 KB 75 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
l
use.typekit.net/af/8f05ef/000000000000000000017703/27/ |
77 KB 77 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Barclays (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| downloadDoc1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.barclaysdownloads.com/ | Name: __cfduid Value: d189a0b864212db547c2edb27a912cab81525961440 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
barclaysdownloads.com
secure.na1.echocdn.com
use.typekit.net
104.25.152.27
104.25.153.27
23.38.53.224
52.71.63.227
00233bdd01ed66436f4c95b0ea703489acdc8c269ac029e99c7047aa2c857a3f
2c7b124a9eb927b63ad215e7bef2a271256ea915e0c413238f444f6564d7f194
55d738a3a1280c90a20ae17260ee5a5a9509fd008a3b49fb92da922e62de8697
62c883e8220b4cf973821263509a82d6ff23d72090ce87868d976eeba210b8f0
7461899568dfc517b24071e8bc7b9a5bb0bcdd41a541bf9e239443a43c18d382
81999b137c804094867ada93df5d9f060c539be9ab07bcf2135edd8e502b32a8
84c858297d140080df2011346dee575ec7c5f0a7d016a50f21f7cbfb2cd998f0
8962cbf4e5012199494b43aad03f77d1dbb68015844c87a941bed6a2aec132d2
d86535603bd79537d32a08e173e8b56877377941756eb8550b1c69b1d10c4dfe
fbb461ad083a6933d65d1558861be443d69a13a3a331466f9822c4e6faacffd8