urlscan.io logo urlscan.io
SecurityTrails logo

auth-myuser.com Open in urlscan Pro
95.213.216.216  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://auth-myuser.com/aib
Effective URL: http://auth-myuser.com/aib/Alert.php
Submission: On April 08 via manual from PH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 95.213.216.216, located in Russian Federation and belongs to SELECTEL, RU. The main domain is auth-myuser.com.
This is the only time auth-myuser.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Allied Irish Banks (Banking)

Domain & IP information

IP Address AS Autonomous System
2 18 95.213.216.216 49505 (SELECTEL)
16 1
Apex Domain
Subdomains		 Transfer
18 auth-myuser.com
auth-myuser.com
759 KB
16 1
Domain Requested by
18 auth-myuser.com 2 redirects auth-myuser.com
16 1
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://auth-myuser.com/aib/Alert.php
Frame ID: 6576B4604A66EB13E77BE3B81E12DCB2
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

AIB Internet Banking

Page URL History Show full URLs

  1. http://auth-myuser.com/aib HTTP 301
    http://auth-myuser.com/aib/ HTTP 302
    http://auth-myuser.com/aib/Alert.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

758 kB
Transfer

755 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://auth-myuser.com/aib HTTP 301
    http://auth-myuser.com/aib/ HTTP 302
    http://auth-myuser.com/aib/Alert.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Alert.php
auth-myuser.com/aib/
Redirect Chain
  • http://auth-myuser.com/aib
  • http://auth-myuser.com/aib/
  • http://auth-myuser.com/aib/Alert.php
12 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
bfec0e9b2373489bf40f239ebd0cbe715b8b6eac332d19d151849e312fe01690

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Type
text/html; charset=UTF-8
Date
Fri, 08 Apr 2022 08:18:21 GMT
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 08 Apr 2022 08:18:20 GMT
Server
Apache
location
Alert.php
normalise-css.css
auth-myuser.com/aib/files/css/ 		7 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/css/normalise-css.css
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
ee3dfc8e6be94ec93464d20b0dc0945ff7a710402b53e6d13b1591a460f15983

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
7409
Content-Type
text/css
jquery-ui-1.css
auth-myuser.com/aib/files/css/ 		27 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/css/jquery-ui-1.css
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
23d708a436260df70d72b3a9efce214de4e419ac6bea9338417a5e051885ced4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
27864
Content-Type
text/css
fonts.css
auth-myuser.com/aib/files/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/css/fonts.css
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
a7184a2b5c9c66bd3a356246ae2f40c6490ea31f7190b1f26b81b58379dcc730

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:34:34 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
2200
Content-Type
text/css
font-awesome.css
auth-myuser.com/aib/files/css/ 		37 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/css/font-awesome.css
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
6f85856009f90313f731ee0265f431598a4f18a6df77fd2090a2748332543184

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
37421
Content-Type
text/css
aib-icons.css
auth-myuser.com/aib/files/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/css/aib-icons.css
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
fc4884d673182b9fe1acf05d836991cb1cafc3a60cad0136f5cb03fafe9d3ca0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
1025
Content-Type
text/css
global.css
auth-myuser.com/aib/files/css/ 		116 KB
116 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/css/global.css
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
6b7323e16933cc6fde7eba81988475a43ce07948be0afa0025e76ed90939611b

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Wed, 13 May 2020 19:35:22 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
119084
Content-Type
text/css
core.css
auth-myuser.com/aib/files/css/ 		40 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/css/core.css
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
2b00736326f0e416fbc33a1a97c539078bd3e9224eb670c9814efbeec330d498

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Wed, 13 May 2020 19:35:48 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
41427
Content-Type
text/css
aib-logo.png
auth-myuser.com/aib/files/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://auth-myuser.com/aib/files/img/aib-logo.png
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
c28b6d77d79a2c0ba40e4a7eb7779303521f1b7bb4ae186b137cc6a6eeff4019

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
4268
Content-Type
image/png
loophead.jpg
auth-myuser.com/aib/files/img/ 		127 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://auth-myuser.com/aib/files/img/loophead.jpg
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
1130bd64640e418032221eb0857a72f24b914c9bd71d403dbb66c435990c7aa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
129600
Content-Type
image/jpeg
temp_hours.png
auth-myuser.com/aib/files/img/ 		154 KB
155 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://auth-myuser.com/aib/files/img/temp_hours.png
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
b7973b6999c508191c8084e38d6f27c3a2163040242161f38659414aca5f6a80

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
158181
Content-Type
image/png
banking_holiday.png
auth-myuser.com/aib/files/img/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://auth-myuser.com/aib/files/img/banking_holiday.png
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
d18ebe439d60302013febafd916ec30955ee06434fc0a6375201f03d13ea2b40

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
20826
Content-Type
image/png
security-centre.png
auth-myuser.com/aib/files/img/ 		570 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://auth-myuser.com/aib/files/img/security-centre.png
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/Alert.php
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
bfb26be0e19ae60d7b992d1eaab949ead98e13b96635d2fddf8386ff8c4f351c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://auth-myuser.com/aib/Alert.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:24:52 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
570
Content-Type
image/png
aspira-demi.woff
auth-myuser.com/aib/files/fonts/ 		65 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/fonts/aspira-demi.woff
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/files/css/fonts.css
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
23985424b33241adbfd35be7fad03585031c2d5db1a8f20b066b3a01e1a25a49

Request headers

Referer
http://auth-myuser.com/aib/files/css/fonts.css
Origin
http://auth-myuser.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:25:54 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
66544
Content-Type
font/woff
aspira-regular.woff
auth-myuser.com/aib/files/fonts/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/fonts/aspira-regular.woff
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/files/css/fonts.css
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
2f7b24c4fa780673548ae013181dfdc56d0e492cef147fa4ea3598989c697f72

Request headers

Referer
http://auth-myuser.com/aib/files/css/fonts.css
Origin
http://auth-myuser.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:26:02 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
46824
Content-Type
font/woff
font-awesome.woff
auth-myuser.com/aib/files/fonts/ 		96 KB
96 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://auth-myuser.com/aib/files/fonts/font-awesome.woff
Requested by
Host: auth-myuser.com
URL: http://auth-myuser.com/aib/files/css/fonts.css
Protocol
HTTP/1.1
Server
95.213.216.216 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
gl.topfresh.eu
Software
Apache /
Resource Hash
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer
http://auth-myuser.com/aib/files/css/fonts.css
Origin
http://auth-myuser.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 08:18:21 GMT
Last-Modified
Fri, 08 May 2020 03:26:10 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
98024
Content-Type
font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Allied Irish Banks (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

0 Cookies