80.85.242.50 Open in urlscan Pro
80.85.242.50  Malicious Activity! Public Scan

13 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request lgc-fake.html Show response 80.85.242.50/p/	67 KB 9 KB	199ms 70ms	Document text/html	80.85.242.50 SPACECORE
General Check archive.org Show headers Download Go to Full URL https://80.85.242.50/p/lgc-fake.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 80.85.242.50 Frankfurt am Main, Germany, ASN198037 (SPACECORE, GB), Reverse DNS 139779.vm.spacecore.network Software nginx/1.18.0 (Ubuntu) / Resource Hash 82fdc126999276b580379057089dec3d18a34dd8b0295b978a144debfe4d2b6b Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Tue, 24 Oct 2023 21:01:07 GMT Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Vary Accept-Encoding
GET H2	200	m=el_main_css www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/	22 KB 5 KB	282ms 55ms	Stylesheet text/css	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css Requested by Host: 80.85.242.50 URL: https://80.85.242.50/p/lgc-fake.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://80.85.242.50/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers date Thu, 19 Oct 2023 06:14:44 GMT content-encoding gzip x-content-type-options nosniff age 485185 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4144 x-xss-protection 0 last-modified Sat, 15 Jul 2023 01:09:03 GMT server sffe cross-origin-opener-policy same-origin; report-to="rosetta" vary Accept-Encoding report-to {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]} content-type text/css; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Fri, 18 Oct 2024 06:14:44 GMT
GET H/1.1	200 OK	rolb-theme.css 80.85.242.50/assets/css/	377 KB 59 KB	61ms 60ms	Stylesheet text/css	80.85.242.50 SPACECORE
General Check archive.org Show headers Download Go to Full URL https://80.85.242.50/assets/css/rolb-theme.css Requested by Host: 80.85.242.50 URL: https://80.85.242.50/p/lgc-fake.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 80.85.242.50 Frankfurt am Main, Germany, ASN198037 (SPACECORE, GB), Reverse DNS 139779.vm.spacecore.network Software nginx/1.18.0 (Ubuntu) / Resource Hash c2bba8ccaeef2f48b6f93b890c83a1a17148152e9404bbc9fa8f1235cb5ddfca Request headers accept-language en-GB,en;q=0.9 Referer https://80.85.242.50/p/lgc-fake.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Date Tue, 24 Oct 2023 21:01:07 GMT Content-Encoding gzip Last-Modified Mon, 23 Oct 2023 00:33:32 GMT Server nginx/1.18.0 (Ubuntu) ETag W/"6535bf5c-5e3f9" Transfer-Encoding chunked Content-Type text/css Cache-Control max-age=86400 Connection keep-alive Expires Wed, 25 Oct 2023 21:01:07 GMT
GET H2	200	authlogin-bdl.css bank.barclays.co.uk/authlogin/css/	50 KB 12 KB	721ms 495ms	Stylesheet text/css	23.36.238.127 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.css?v=1695979909401 Requested by Host: 80.85.242.50 URL: https://80.85.242.50/p/lgc-fake.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-36-238-127.deploy.static.akamaitechnologies.com Software / Resource Hash 79d70600073cbe885ea0f39e0bf0864acea02b4e9e5780e9cf32a83744c70a48 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://80.85.242.50/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 24 Oct 2023 21:01:09 GMT last-modified Thu, 05 Oct 2023 08:15:07 GMT etag "2f67-651e708b" vary accept-encoding content-type text/css accept-ranges bytes content-length 12135 x-ua-compatible chrome=IE6
GET H2	200	mark-of-trust-kitemark-logo.png bank.barclays.co.uk/OLB/A/Content/Images/	44 KB 44 KB	756ms 531ms	Image image/png	23.36.238.127 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/OLB/A/Content/Images/mark-of-trust-kitemark-logo.png Requested by Host: 80.85.242.50 URL: https://80.85.242.50/p/lgc-fake.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-36-238-127.deploy.static.akamaitechnologies.com Software / Resource Hash cfb4f173773e27492a29df5d845616dc8e277f27a3f7c844f1ae456f95393c49 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://80.85.242.50/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Tue, 24 Oct 2023 21:01:09 GMT last-modified Thu, 15 Dec 2022 12:46:59 GMT etag "ae82-639b1743" content-type image/png accept-ranges bytes content-length 44674 x-ua-compatible chrome=IE6
GET H2	200	mark-of-trust-certified-logo.png bank.barclays.co.uk/OLB/A/Content/Images/	46 KB 47 KB	635ms 409ms	Image image/png	23.36.238.127 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/OLB/A/Content/Images/mark-of-trust-certified-logo.png Requested by Host: 80.85.242.50 URL: https://80.85.242.50/p/lgc-fake.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-36-238-127.deploy.static.akamaitechnologies.com Software / Resource Hash 890910ea7ff6e5484f37a80f492f03b7c6a49ce73089d732de137ec4f968bacc Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://80.85.242.50/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Tue, 24 Oct 2023 21:01:09 GMT last-modified Thu, 15 Dec 2022 12:46:59 GMT etag "b8f4-639b1743" content-type image/png accept-ranges bytes content-length 47348 x-ua-compatible chrome=IE6
GET H2	200	Cyber-Essentials-Plus-logo.png bank.barclays.co.uk/OLB/A/Content/Images/	166 KB 166 KB	635ms 410ms	Image image/png	23.36.238.127 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/OLB/A/Content/Images/Cyber-Essentials-Plus-logo.png Requested by Host: 80.85.242.50 URL: https://80.85.242.50/p/lgc-fake.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-36-238-127.deploy.static.akamaitechnologies.com Software / Resource Hash 53658b0d2d395aad315abf3906b9e9a95f9601727b9df0630b9cd87e6c90a0f2 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://80.85.242.50/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Tue, 24 Oct 2023 21:01:09 GMT last-modified Thu, 15 Dec 2022 12:46:59 GMT etag "296d8-639b1743" content-type image/png accept-ranges bytes content-length 169688 x-ua-compatible chrome=IE6
GET H2	200	login-fscs.png bank.barclays.co.uk/OLB/A/Content/Images/	5 KB 6 KB	756ms 531ms	Image image/png	23.36.238.127 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/OLB/A/Content/Images/login-fscs.png Requested by Host: 80.85.242.50 URL: https://80.85.242.50/p/lgc-fake.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-36-238-127.deploy.static.akamaitechnologies.com Software / Resource Hash 2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://80.85.242.50/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Tue, 24 Oct 2023 21:01:09 GMT last-modified Wed, 09 Sep 2020 09:55:15 GMT etag "152b-5f58a683" content-type image/png accept-ranges bytes content-length 5419 x-ua-compatible chrome=IE6
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91 Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6 Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET H2	200	Padlock_icon.svg bank.barclays.co.uk/authlogin/img/	2 KB 1 KB	84ms 83ms	Image image/svg+xml	23.36.238.127 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/authlogin/img/Padlock_icon.svg Requested by Host: bank.barclays.co.uk URL: https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.css?v=1695979909401 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-36-238-127.deploy.static.akamaitechnologies.com Software / Resource Hash b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.css?v=1695979909401 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 24 Oct 2023 21:01:09 GMT last-modified Thu, 05 Oct 2023 08:15:07 GMT etag "2f3-651e708b" vary accept-encoding content-type image/svg+xml accept-ranges bytes content-length 755 x-ua-compatible chrome=IE6
GET H/1.1	200 OK	expert-sans-regular.woff 80.85.242.50/assets/fonts/	21 KB 22 KB	73ms 73ms	Font application/font-woff	80.85.242.50 SPACECORE
General Check archive.org Show headers Download Go to Full URL https://80.85.242.50/assets/fonts/expert-sans-regular.woff Requested by Host: 80.85.242.50 URL: https://80.85.242.50/assets/css/rolb-theme.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 80.85.242.50 Frankfurt am Main, Germany, ASN198037 (SPACECORE, GB), Reverse DNS 139779.vm.spacecore.network Software nginx/1.18.0 (Ubuntu) / Resource Hash 4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f Request headers Referer https://80.85.242.50/assets/css/rolb-theme.css Origin https://80.85.242.50 accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Date Tue, 24 Oct 2023 21:01:08 GMT Last-Modified Mon, 23 Oct 2023 00:33:10 GMT Server nginx/1.18.0 (Ubuntu) ETag "6535bf46-55a4" Content-Type application/font-woff Cache-Control max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 21924 Expires Wed, 25 Oct 2023 21:01:08 GMT
GET H/1.1	200 OK	expert-sans-light.woff 80.85.242.50/assets/fonts/	21 KB 22 KB	255ms 120ms	Font application/font-woff	80.85.242.50 SPACECORE
General Check archive.org Show headers Download Go to Full URL https://80.85.242.50/assets/fonts/expert-sans-light.woff Requested by Host: 80.85.242.50 URL: https://80.85.242.50/assets/css/rolb-theme.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 80.85.242.50 Frankfurt am Main, Germany, ASN198037 (SPACECORE, GB), Reverse DNS 139779.vm.spacecore.network Software nginx/1.18.0 (Ubuntu) / Resource Hash cfd7fb9f4a18ffee0a0c870a6a43435d7cb9678f7f56f67bef0ba433f14e766e Request headers Referer https://80.85.242.50/assets/css/rolb-theme.css Origin https://80.85.242.50 accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Date Tue, 24 Oct 2023 21:01:08 GMT Last-Modified Mon, 23 Oct 2023 00:33:04 GMT Server nginx/1.18.0 (Ubuntu) ETag "6535bf40-555c" Content-Type application/font-woff Cache-Control max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 21852 Expires Wed, 25 Oct 2023 21:01:08 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Barclays (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank.barclays.co.uk
www.gstatic.com
23.36.238.127
2a00:1450:4001:811::2003
80.85.242.50
2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e
4abdda6a86149bc656dd315b0443fea8f11f22a6552e48e843a0f4b3e828ce8f
53658b0d2d395aad315abf3906b9e9a95f9601727b9df0630b9cd87e6c90a0f2
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
79d70600073cbe885ea0f39e0bf0864acea02b4e9e5780e9cf32a83744c70a48
82fdc126999276b580379057089dec3d18a34dd8b0295b978a144debfe4d2b6b
890910ea7ff6e5484f37a80f492f03b7c6a49ce73089d732de137ec4f968bacc
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
c2bba8ccaeef2f48b6f93b890c83a1a17148152e9404bbc9fa8f1235cb5ddfca
cfb4f173773e27492a29df5d845616dc8e277f27a3f7c844f1ae456f95393c49
cfd7fb9f4a18ffee0a0c870a6a43435d7cb9678f7f56f67bef0ba433f14e766e
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6