urlscan.io logo urlscan.io
SecurityTrails logo

personaliziraj.me Open in urlscan Pro
185.203.18.215  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://personaliziraj.me/barclay-auth/
Submission: On February 28 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 185.203.18.215, located in Croatia and belongs to HEMA, HR. The main domain is personaliziraj.me.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 8th 2020. Valid for: 3 months.
This is the only time personaliziraj.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Barclays (Banking)

Domain & IP information

IP Address AS Autonomous System
11 185.203.18.215 205895 (HEMA)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
14 3
Apex Domain
Subdomains		 Transfer
11 personaliziraj.me
personaliziraj.me
239 KB
2 gstatic.com
fonts.gstatic.com
22 KB
1 googleapis.com
fonts.googleapis.com
894 B
14 3
Domain Requested by
11 personaliziraj.me personaliziraj.me
2 fonts.gstatic.com
1 fonts.googleapis.com personaliziraj.me
14 3

This site contains no links.

Subject Issuer Validity Valid
personaliziraj.me
Let's Encrypt Authority X3		 2020-01-08 -
2020-04-07		 3 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://personaliziraj.me/barclay-auth/
Frame ID: 24D134CE9F48E3FC62A80BE939EBA01F
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

261 kB
Transfer

281 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
personaliziraj.me/barclay-auth/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://personaliziraj.me/barclay-auth/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx / WP Rocket/3.4.4
Resource Hash
5cf1439f4df91f2f41a296702b7923f04fbbb7cc9a91d0a75868bdfe6a3c3e88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
personaliziraj.me
:scheme
https
:path
/barclay-auth/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
server
nginx
date
Fri, 28 Feb 2020 09:00:28 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
cache-control
max-age=0, public
expires
Fri, 28 Feb 2020 09:00:28 GMT
x-powered-by
WP Rocket/3.4.4
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-nginx-cache-status
MISS
x-server-powered-by
Engintron
content-encoding
gzip
main.css
personaliziraj.me/barclay-auth/css/ 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://personaliziraj.me/barclay-auth/css/main.css
Requested by
Host: personaliziraj.me
URL: https://personaliziraj.me/barclay-auth/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
a10e732448c22e6876873c9d336953b8908acf6c3d393ca7308d42122d0ce1f4

Request headers

Referer
https://personaliziraj.me/barclay-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
content-encoding
gzip
last-modified
Tue, 17 Sep 2019 15:31:24 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css; charset=utf-8
status
200
cache-control
max-age=2592000
expires
Sun, 29 Mar 2020 09:00:28 GMT
barclays-logo.gif
personaliziraj.me/barclay-auth/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/barclays-logo.gif
Requested by
Host: personaliziraj.me
URL: https://personaliziraj.me/barclay-auth/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
3a059a66277e8a87067c50187849c9f65817c72873f8c71785d08f4023a6b9f3

Request headers

Referer
https://personaliziraj.me/barclay-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 16:31:12 GMT
server
nginx
content-type
image/gif
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
3831
expires
Tue, 28 Apr 2020 09:00:28 GMT
sidebar.jpg
personaliziraj.me/barclay-auth/images/ 		110 KB
111 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/sidebar.jpg
Requested by
Host: personaliziraj.me
URL: https://personaliziraj.me/barclay-auth/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
008636d7a37c0f5650187cc8a5a2f504ce5a2dd67ab312cd11a6cfcfeda3ca63

Request headers

Referer
https://personaliziraj.me/barclay-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 18:43:18 GMT
server
nginx
content-type
image/jpeg
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
112866
expires
Tue, 28 Apr 2020 09:00:28 GMT
css
fonts.googleapis.com/ 		9 KB
894 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Requested by
Host: personaliziraj.me
URL: https://personaliziraj.me/barclay-auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6f1dc81498da5df5cc4a4b2730c86480122e1b4a6808621b7d941aaa6e29d824
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://personaliziraj.me/barclay-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 09:00:28 GMT
server
ESF
date
Fri, 28 Feb 2020 09:00:28 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 28 Feb 2020 09:00:28 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Origin
https://personaliziraj.me
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 18 Jan 2020 01:07:50 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
3570758
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11020
x-xss-protection
0
expires
Sun, 17 Jan 2021 01:07:50 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Origin
https://personaliziraj.me
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Jan 2020 19:10:31 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
3073797
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 22 Jan 2021 19:10:31 GMT
downarrow.jpg
personaliziraj.me/barclay-auth/images/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/downarrow.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
3276f377cff27e70bc44dbeaae24696673d52fc86796b87deab9f3887a8decdd

Request headers

Referer
https://personaliziraj.me/barclay-auth/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 17:01:42 GMT
server
nginx
content-type
image/jpeg
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
12137
expires
Tue, 28 Apr 2020 09:00:28 GMT
help_icon.png
personaliziraj.me/barclay-auth/images/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/help_icon.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
d70c9423e3d4138050d72dc35604fde72b9bc21cf224d1384f28b57a5c03c5c5

Request headers

Referer
https://personaliziraj.me/barclay-auth/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 17:25:44 GMT
server
nginx
content-type
image/png
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
18337
expires
Tue, 28 Apr 2020 09:00:28 GMT
radio_btn.png
personaliziraj.me/barclay-auth/images/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/radio_btn.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
001483f62ce08ccc861a902a8b3c49d9ab46cc5f878f0eb5f6c8d284d202dc9c

Request headers

Referer
https://personaliziraj.me/barclay-auth/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 17:38:28 GMT
server
nginx
content-type
image/png
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
18580
expires
Tue, 28 Apr 2020 09:00:28 GMT
radio_normal.png
personaliziraj.me/barclay-auth/images/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/radio_normal.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
76309a629ff07d3bff53c18911ed90c28c36dd309e9fd02406cde4168c61429e

Request headers

Referer
https://personaliziraj.me/barclay-auth/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 17:55:58 GMT
server
nginx
content-type
image/png
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
18257
expires
Tue, 28 Apr 2020 09:00:28 GMT
checkobx.png
personaliziraj.me/barclay-auth/images/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/checkobx.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
13bae440c7b99834db74e65b8413aeda118ae6954178cd6ce6e99962ec22c00b

Request headers

Referer
https://personaliziraj.me/barclay-auth/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 18:09:58 GMT
server
nginx
content-type
image/png
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
17762
expires
Tue, 28 Apr 2020 09:00:28 GMT
yellow_help_icon.png
personaliziraj.me/barclay-auth/images/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/yellow_help_icon.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
438f665a2867b3b80dca365eaa49ff7f321c2f10dbece4b96dfefb5711f54ef4

Request headers

Referer
https://personaliziraj.me/barclay-auth/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 18:16:24 GMT
server
nginx
content-type
image/png
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
18151
expires
Tue, 28 Apr 2020 09:00:28 GMT
down_arrow_grey.png
personaliziraj.me/barclay-auth/images/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://personaliziraj.me/barclay-auth/images/down_arrow_grey.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.203.18.215 , Croatia, ASN205895 (HEMA, HR),
Reverse DNS
vps.poklonstudio.hr
Software
nginx /
Resource Hash
8310e2dc1ed8df54b2126c1c9c3e8cbf3b0ce48e6174e528402d1a223da27d3a

Request headers

Referer
https://personaliziraj.me/barclay-auth/css/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
public
date
Fri, 28 Feb 2020 09:00:28 GMT
last-modified
Fri, 28 Sep 2018 18:33:34 GMT
server
nginx
content-type
image/png
status
200
cache-control
max-age=5184000
accept-ranges
bytes
content-length
17842
expires
Tue, 28 Apr 2020 09:00:28 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Barclays (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block