auth-online-security.com Open in urlscan Pro
91.215.85.79  Malicious Activity! Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request activation.php Show response auth-online-security.com/	51 KB 9 KB	474ms 112ms	Document text/html	91.215.85.79 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://auth-online-security.com/activation.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.79 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash 9cb4a700802e89396b0609a99192433cf7f6438c3f5713a4a2a8132df0ccfab1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding br content-type text/html; charset=UTF-8 date Wed, 13 Mar 2024 13:40:05 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache vary Accept-Encoding
GET H2	200	jquery-3.5.1.js Show response code.jquery.com/	281 KB 83 KB	128ms 42ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.js Requested by Host: auth-online-security.com URL: https://auth-online-security.com/activation.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37 Request headers Referer https://auth-online-security.com/ Origin https://auth-online-security.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 13:40:05 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 294048 x-cache HIT, HIT content-length 84374 x-served-by cache-lga21971-LGA, cache-lcy-eglc8600060-LCY last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1710337206.794395,VS0,VE0 etag W/"28feccc0-4638e" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 12, 5079
GET H2	200	rolb-theme-2-0.css bank.barclays.co.uk/authlogin/css/	333 KB 68 KB	412ms 237ms	Stylesheet text/css	23.201.243.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://bank.barclays.co.uk/authlogin/css/rolb-theme-2-0.css?v=1606745934868 Requested by Host: auth-online-security.com URL: https://auth-online-security.com/activation.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.201.243.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-201-243-222.deploy.static.akamaitechnologies.com Software / Resource Hash 32f5891b648500c4f534390e1c348060685ba728e64394d964e778eedabd7249 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://auth-online-security.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Wed, 13 Mar 2024 13:40:06 GMT last-modified Sun, 28 Jan 2024 07:09:24 GMT etag "11083-65b5fda4" vary accept-encoding content-type text/css accept-ranges bytes content-length 69763 x-ua-compatible chrome=IE6
GET H2	200	authlogin-bdl.min.css bank.barclays.co.uk/authlogin/css/	45 KB 45 KB	336ms 161ms	Stylesheet text/css	23.201.243.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.min.css?v=1606745934868 Requested by Host: auth-online-security.com URL: https://auth-online-security.com/activation.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.201.243.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-201-243-222.deploy.static.akamaitechnologies.com Software / Resource Hash c7588e66ab3dfc34b4beda8e07aa630e5a764a001d7568244ef963c3620f3365 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://auth-online-security.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Wed, 13 Mar 2024 13:40:05 GMT x-content-type-options nosniff last-modified Thu, 11 Feb 2021 14:45:04 GMT etag "b345-602542f0" content-type text/css accept-ranges bytes content-length 45893 x-ua-compatible chrome=IE6
GET H2	200	1321217916907-bsikitemarklogo.png bank.barclays.co.uk/OLB/A/Content/Images/	13 KB 13 KB	216ms 215ms	Image image/png	23.201.243.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/OLB/A/Content/Images/1321217916907-bsikitemarklogo.png Requested by Host: auth-online-security.com URL: https://auth-online-security.com/activation.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.201.243.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-201-243-222.deploy.static.akamaitechnologies.com Software / Resource Hash 90326fd2ae35b37049ca9b624acb2b698be96a509f3619cf647d686433eaaa15 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://auth-online-security.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Wed, 13 Mar 2024 13:40:06 GMT last-modified Thu, 13 Jun 2019 15:08:21 GMT etag "34cc-5d0266e5" content-type image/png accept-ranges bytes content-length 13516 x-ua-compatible chrome=IE6
GET H2	200	1321217916492-iso27001footer.JPG bank.barclays.co.uk/OLB/A/Content/Images/	24 KB 24 KB	140ms 139ms	Image image/jpeg	23.201.243.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/OLB/A/Content/Images/1321217916492-iso27001footer.JPG Requested by Host: auth-online-security.com URL: https://auth-online-security.com/activation.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.201.243.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-201-243-222.deploy.static.akamaitechnologies.com Software / Resource Hash 03c2526a71f8b178491bca3226f69d72a28aa606133527c00b28adab490f940d Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://auth-online-security.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Wed, 13 Mar 2024 13:40:05 GMT last-modified Thu, 13 Jun 2019 15:10:15 GMT etag "5e04-5d026757" content-type image/jpeg accept-ranges bytes content-length 24068 x-ua-compatible chrome=IE6
GET H2	200	1321217918424-cyberfooter.jpg bank.barclays.co.uk/OLB/A/Content/Images/	9 KB 9 KB	122ms 121ms	Image image/jpeg	23.201.243.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/OLB/A/Content/Images/1321217918424-cyberfooter.jpg Requested by Host: auth-online-security.com URL: https://auth-online-security.com/activation.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.201.243.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-201-243-222.deploy.static.akamaitechnologies.com Software / Resource Hash effa2f551ae3f572384002e36028aa1e85544462f42c28065731284e8f81bfcd Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://auth-online-security.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Wed, 13 Mar 2024 13:40:05 GMT last-modified Thu, 13 Jun 2019 15:09:04 GMT etag "2406-5d026710" content-type image/jpeg accept-ranges bytes content-length 9222 x-ua-compatible chrome=IE6
GET H2	200	login-fscs.png bank.barclays.co.uk/OLB/A/Content/Images/	5 KB 6 KB	222ms 222ms	Image image/png	23.201.243.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/OLB/A/Content/Images/login-fscs.png Requested by Host: auth-online-security.com URL: https://auth-online-security.com/activation.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.201.243.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-201-243-222.deploy.static.akamaitechnologies.com Software / Resource Hash 2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://auth-online-security.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload date Wed, 13 Mar 2024 13:40:06 GMT last-modified Wed, 09 Sep 2020 09:55:15 GMT etag "152b-5f58a683" content-type image/png accept-ranges bytes content-length 5419 x-ua-compatible chrome=IE6
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91 Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6 Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET H2	200	Padlock_icon.svg bank.barclays.co.uk/authlogin/img/	2 KB 1 KB	83ms 83ms	Image image/svg+xml	23.201.243.222 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bank.barclays.co.uk/authlogin/img/Padlock_icon.svg Requested by Host: bank.barclays.co.uk URL: https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.min.css?v=1606745934868 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.201.243.222 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-201-243-222.deploy.static.akamaitechnologies.com Software / Resource Hash b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.min.css?v=1606745934868 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Wed, 13 Mar 2024 13:40:06 GMT last-modified Sun, 28 Jan 2024 07:09:24 GMT etag "2f3-65b5fda4" vary accept-encoding content-type image/svg+xml accept-ranges bytes content-length 755 x-ua-compatible chrome=IE6
GET		expert-sans-regular.woff bank.barclays.co.uk/authlogin/css/fonts/	0 0
GET		expert-sans-light.woff bank.barclays.co.uk/authlogin/css/fonts/	0 0
GET H2	404	activity.php Show response auth-online-security.com/files/	708 B 808 B	108ms 108ms	XHR text/html	91.215.85.79 PROSPERO-AS
General Check archive.org Show headers Download Go to Full URL https://auth-online-security.com/files/activity.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.5.1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.215.85.79 , Russian Federation, ASN200593 (PROSPERO-AS, RU), Reverse DNS Software / Resource Hash 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa Request headers Accept */* Referer https://auth-online-security.com/activation.php X-Requested-With XMLHttpRequest accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers pragma no-cache date Wed, 13 Mar 2024 13:40:09 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

bank.barclays.co.uk

URL

https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-regular.woff

Domain

bank.barclays.co.uk

URL

https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-light.woff

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Barclays (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery boolean| ie8 number| interval function| heartbeat

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			auth-online-security.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 42f06302597a1d9c667dc676bce05b98

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://auth-online-security.com/activation.php Message: Access to font at 'https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-light.woff' from origin 'https://auth-online-security.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://auth-online-security.com/activation.php Message: Access to font at 'https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-regular.woff' from origin 'https://auth-online-security.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-regular.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://auth-online-security.com/files/activity.php Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth-online-security.com
bank.barclays.co.uk
code.jquery.com
bank.barclays.co.uk
23.201.243.222
2a04:4e42:200::649
91.215.85.79
03c2526a71f8b178491bca3226f69d72a28aa606133527c00b28adab490f940d
2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e
32f5891b648500c4f534390e1c348060685ba728e64394d964e778eedabd7249
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
90326fd2ae35b37049ca9b624acb2b698be96a509f3619cf647d686433eaaa15
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
9cb4a700802e89396b0609a99192433cf7f6438c3f5713a4a2a8132df0ccfab1
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
c7588e66ab3dfc34b4beda8e07aa630e5a764a001d7568244ef963c3620f3365
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6
effa2f551ae3f572384002e36028aa1e85544462f42c28065731284e8f81bfcd