urlscan.io logo urlscan.io
SecurityTrails logo

aibtermsconditionupdate.com Open in urlscan Pro
34.140.169.146  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://aibtermsconditionupdate.com/
Effective URL: http://aibtermsconditionupdate.com/Alert.php
Submission: On March 28 via api from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 34.140.169.146, located in Brussels, Belgium and belongs to GOOGLE, US. The main domain is aibtermsconditionupdate.com.
This is the only time aibtermsconditionupdate.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Allied Irish Banks (Banking)

Domain & IP information

IP Address AS Autonomous System
1 6 34.140.169.146 15169 (GOOGLE)
5 1
Apex Domain
Subdomains		 Transfer
6 aibtermsconditionupdate.com
aibtermsconditionupdate.com
579 KB
5 1
Domain Requested by
6 aibtermsconditionupdate.com 1 redirects aibtermsconditionupdate.com
5 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://aibtermsconditionupdate.com/Alert.php
Frame ID: 76D24C0204B618208EDF427A6D7A798E
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in

Page URL History Show full URLs

  1. http://aibtermsconditionupdate.com/ HTTP 302
    http://aibtermsconditionupdate.com/Alert.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

579 kB
Transfer

578 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://aibtermsconditionupdate.com/ HTTP 302
    http://aibtermsconditionupdate.com/Alert.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Alert.php
aibtermsconditionupdate.com/
Redirect Chain
  • http://aibtermsconditionupdate.com/
  • http://aibtermsconditionupdate.com/Alert.php
19 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://aibtermsconditionupdate.com/Alert.php
Protocol
HTTP/1.1
Server
34.140.169.146 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
146.169.140.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
3349fa8f79243198b68def9a105b5178a39aec37bb856d8add79f19d62f22744

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept-Language
en-GB,en;q=0.9

Response headers

Date
Mon, 28 Mar 2022 08:35:12 GMT
Server
Apache
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 28 Mar 2022 08:35:12 GMT
Server
Apache
location
Alert.php
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
main.css
aibtermsconditionupdate.com/files/css/ 		169 KB
169 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://aibtermsconditionupdate.com/files/css/main.css
Requested by
Host: aibtermsconditionupdate.com
URL: http://aibtermsconditionupdate.com/Alert.php
Protocol
HTTP/1.1
Server
34.140.169.146 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
146.169.140.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
e96ad1c8612579ebf12b144a058c1133ebf00882ceaf68ae6fbf85d017bf92d2

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
http://aibtermsconditionupdate.com/Alert.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 28 Mar 2022 08:35:12 GMT
Last-Modified
Sun, 28 Feb 2021 22:30:22 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
173183
jquery.js
aibtermsconditionupdate.com/files/js/ 		266 KB
266 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://aibtermsconditionupdate.com/files/js/jquery.js
Requested by
Host: aibtermsconditionupdate.com
URL: http://aibtermsconditionupdate.com/Alert.php
Protocol
HTTP/1.1
Server
34.140.169.146 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
146.169.140.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
http://aibtermsconditionupdate.com/Alert.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 28 Mar 2022 08:35:12 GMT
Last-Modified
Sat, 24 Aug 2019 08:25:18 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
272153
ProximaNova-Bold.otf
aibtermsconditionupdate.com/files/fonts/ 		62 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://aibtermsconditionupdate.com/files/fonts/ProximaNova-Bold.otf
Requested by
Host: aibtermsconditionupdate.com
URL: http://aibtermsconditionupdate.com/files/css/main.css
Protocol
HTTP/1.1
Server
34.140.169.146 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
146.169.140.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
b9e81a47aecd3d05445ae775f48d08b3de46b2039f1d229a58a87be194e327ec

Request headers

Referer
http://aibtermsconditionupdate.com/files/css/main.css
Origin
http://aibtermsconditionupdate.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 28 Mar 2022 08:35:13 GMT
Last-Modified
Sun, 28 Feb 2021 22:26:50 GMT
Server
Apache
Content-Type
font/otf
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
63808
ProximaNova-Regular.otf
aibtermsconditionupdate.com/files/fonts/ 		61 KB
62 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://aibtermsconditionupdate.com/files/fonts/ProximaNova-Regular.otf
Requested by
Host: aibtermsconditionupdate.com
URL: http://aibtermsconditionupdate.com/files/css/main.css
Protocol
HTTP/1.1
Server
34.140.169.146 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
146.169.140.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
2b80fbe521e07e4e84eb52e707b364c3e6c05c57e483276dc4b3be93a9794ba9

Request headers

Referer
http://aibtermsconditionupdate.com/files/css/main.css
Origin
http://aibtermsconditionupdate.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 28 Mar 2022 08:35:13 GMT
Last-Modified
Sun, 28 Feb 2021 22:26:58 GMT
Server
Apache
Content-Type
font/otf
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
62892

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Allied Irish Banks (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery

0 Cookies