protection-alpha-gr.com
Open in
urlscan Pro
68.65.123.120
Malicious Activity!
Public Scan
Effective URL: https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22...
Submission: On August 10 via manual from CH
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 10th 2021. Valid for: a year.
This is the only time protection-alpha-gr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Alpha Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 68.65.123.120 68.65.123.120 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server276-1.web-hosting.com
protection-alpha-gr.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
protection-alpha-gr.com
1 redirects
protection-alpha-gr.com |
1 MB |
2 | 1 |
Domain | Requested by | |
---|---|---|
3 | protection-alpha-gr.com |
1 redirects
protection-alpha-gr.com
|
2 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.alpha.gr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
protection-alpha-gr.com Sectigo RSA Domain Validation Secure Server CA |
2021-08-10 - 2022-08-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true
Frame ID: FF823C30EE070873BF93BEA97C515C76
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://protection-alpha-gr.com/
HTTP 302
https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd6... Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: εδώ.
Search URL Search Domain Scan URL
Title: Όροι Χρήσης
Search URL Search Domain Scan URL
Title: Πολιτική Απορρήτου
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://protection-alpha-gr.com/
HTTP 302
https://protection-alpha-gr.com/login.php?&return_url=e8f22ff6c774d1a532493226df6c9b3e&enrolmentID=e3b9c6fd622394235a1d477c6ff22f8e?securessl=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
protection-alpha-gr.com/ Redirect Chain
|
2 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
protection-alpha-gr.com/partials/js/ |
266 KB 75 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
442 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
311 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
350 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
622 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
675 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
162 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1006 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
23 KB 23 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 8 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Alpha Bank (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
protection-alpha-gr.com
68.65.123.120
0735fb7399059f96adfcea3b0378e2df6e08488c6b65627e4fb79e1d127b3336
21503eecb48b62604d6855e33399ab5731f3679a03d412065ea47464de612785
4626e282c2921300f1f087f82643dfe7c3482ef156d4f151d5d892d1a6cb7f49
4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379
7bfa14f550530d1b21e566ee698c525d2cb8ac2f057ee52c1663c2943284ecec
971c63fd885d291336d9cccd8f2665180768cfd0aa1d944819e104fd9cba6de9
a1612606ef48d6a8c375d4a747b8c1fe4f6927e242ec21c449b27ed0325505f2
a7b625a085dc2e7e3c7c5d882c279d6e6da3a860fb17c041232a575bfe033f1d
a9ba69a712ca83a83213bb90a9f821da8c904c9f954eba6c5e7e23bdad6e2c3e
b9294cf365d3365ce77692019b950cd5c1c1ea1187aa6cc891b0ee1457578643
dd892e8748d7c8b9068fc17b082e57ba012a3e1923f8ea0323f4a325e5367e52
de63222194af0292363f4acaf2e3162a13a088b327c27242f20c8c679b63bf80
ed71ce33d772d291d9c787d26972c89d581a81b6b5e10bfaa8a18173a9877f4c