urlscan.io logo urlscan.io
SecurityTrails logo

protection-alpha-gr.com Open in urlscan Pro
68.65.123.120  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://protection-alpha-gr.com/
Effective URL: https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22...
Submission: On August 10 via manual from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 68.65.123.120, located in United States and belongs to NAMECHEAP-NET, US. The main domain is protection-alpha-gr.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 10th 2021. Valid for: a year.
This is the only time protection-alpha-gr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Alpha Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 3 68.65.123.120 22612 (NAMECHEAP...)
2 2
Apex Domain
Subdomains		 Transfer
3 protection-alpha-gr.com
protection-alpha-gr.com
1 MB
2 1
Domain Requested by
3 protection-alpha-gr.com 1 redirects protection-alpha-gr.com
2 1

This site contains links to these domains. Also see Links.

Domain
www.alpha.gr
Subject Issuer Validity Valid
protection-alpha-gr.com
Sectigo RSA Domain Validation Secure Server CA		 2021-08-10 -
2022-08-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
Frame ID: FF823C30EE070873BF93BEA97C515C76
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://protection-alpha-gr.com/ HTTP 302
    https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd6... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1293 kB
Transfer

3092 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://protection-alpha-gr.com/ HTTP 302
    https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
protection-alpha-gr.com/
Redirect Chain
  • https://protection-alpha-gr.com/
  • https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
2 MB
1 MB 		Document
General
Check archive.org
Download Go to
Full URL
https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.65.123.120 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server276-1.web-hosting.com
Software
LiteSpeed / PHP/7.3.29
Resource Hash
7bfa14f550530d1b21e566ee698c525d2cb8ac2f057ee52c1663c2943284ecec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
protection-alpha-gr.com
:scheme
https
:path
/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

x-powered-by
PHP/7.3.29
content-type
text/html; charset=UTF-8
content-encoding
br
vary
Accept-Encoding
date
Tue, 10 Aug 2021 12:06:17 GMT
server
LiteSpeed
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-turbo-charged-by
LiteSpeed

Redirect headers

x-powered-by
PHP/7.3.29
location
login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
content-type
text/html; charset=UTF-8
content-length
93
content-encoding
br
vary
Accept-Encoding
date
Tue, 10 Aug 2021 12:06:16 GMT
server
LiteSpeed
cache-control
no-cache, no-store, must-revalidate, max-age=0
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-turbo-charged-by
LiteSpeed
jquery.js
protection-alpha-gr.com/partials/js/ 		266 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://protection-alpha-gr.com/partials/js/jquery.js
Requested by
Host: protection-alpha-gr.com
URL: https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.65.123.120 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server276-1.web-hosting.com
Software
LiteSpeed /
Resource Hash
4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/partials/js/jquery.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
protection-alpha-gr.com
referer
https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 10 Aug 2021 12:06:19 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Fri, 05 Feb 2021 04:11:28 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
76354
x-xss-protection
1; mode=block
expires
Tue, 17 Aug 2021 12:06:19 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
21503eecb48b62604d6855e33399ab5731f3679a03d412065ea47464de612785

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		442 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a9ba69a712ca83a83213bb90a9f821da8c904c9f954eba6c5e7e23bdad6e2c3e

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		311 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a1612606ef48d6a8c375d4a747b8c1fe4f6927e242ec21c449b27ed0325505f2

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		350 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed71ce33d772d291d9c787d26972c89d581a81b6b5e10bfaa8a18173a9877f4c

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4626e282c2921300f1f087f82643dfe7c3482ef156d4f151d5d892d1a6cb7f49

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		622 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dd892e8748d7c8b9068fc17b082e57ba012a3e1923f8ea0323f4a325e5367e52

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		675 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b9294cf365d3365ce77692019b950cd5c1c1ea1187aa6cc891b0ee1457578643

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		162 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7b625a085dc2e7e3c7c5d882c279d6e6da3a860fb17c041232a575bfe033f1d

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		1006 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0735fb7399059f96adfcea3b0378e2df6e08488c6b65627e4fb79e1d127b3336

Request headers

Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
971c63fd885d291336d9cccd8f2665180768cfd0aa1d944819e104fd9cba6de9

Request headers

Origin
https://protection-alpha-gr.com
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
font/x-woff
truncated
/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de63222194af0292363f4acaf2e3162a13a088b327c27242f20c8c679b63bf80

Request headers

Origin
https://protection-alpha-gr.com
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Response headers

Content-Type
application/font-woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Alpha Bank (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block