a2plvcpnl168516.prod.iad2.secureserver.net Open in urlscan Pro
148.72.73.123 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://x.co/gtcarstart
Effective URL:
https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905e...
Submission: On January 12 via api (January 12th 2020, 10:56:26 am UTC) from US

Summary HTTP 18 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 148.72.73.123, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is a2plvcpnl168516.prod.iad2.secureserver.net.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on January 21st 2018. Valid for: 2 years.

This is the only time a2plvcpnl168516.prod.iad2.secureserver.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GTBank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	45.40.140.1 45.40.140.1	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
1 2	148.72.73.123 148.72.73.123	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
1 16	41.203.112.143 41.203.112.143	37001 (GTB-AS) (GTB-AS)
18	3

2 45.40.140.1 (Scottsdale, United States) 2 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-45-40-140-1.ip.secureserver.net

x.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 148.72.73.123 (Scottsdale, United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-148-72-73-123.ip.secureserver.net

a2plvcpnl168516.prod.iad2.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 41.203.112.143 (Ikorodu, Nigeria) 1 redirects

ASN37001 (GTB-AS, NG)

ibank.gtbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	gtbank.com 1 redirects ibank.gtbank.com iss.gtbank.com Failed	265 KB
2	secureserver.net 1 redirects a2plvcpnl168516.prod.iad2.secureserver.net	4 KB
2	x.co 2 redirects x.co	335 B
18	3

	Domain	Requested by
16	ibank.gtbank.com	1 redirects a2plvcpnl168516.prod.iad2.secureserver.net ibank.gtbank.com
2	a2plvcpnl168516.prod.iad2.secureserver.net	1 redirects
2	x.co	2 redirects
0	iss.gtbank.com Failed	a2plvcpnl168516.prod.iad2.secureserver.net
18	4

This site contains links to these domains. Also see Links.

Domain
www.gtbank.com

Subject Issuer	Validity	Valid
*.prod.iad2.secureserver.net Starfield Secure Certificate Authority - G2	`2018-01-21` - `2020-01-21`	2 years	crt.sh
ibank.gtbank.com DigiCert SHA2 Extended Validation Server CA	`2019-12-27` - `2022-02-01`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
Frame ID: 46CFA1B0A5F351A381FCFF72A4CDC997
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://x.co/gtcarstart HTTP 301
https://x.co/gtcarstart HTTP 302
https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/index.php HTTP 302
https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743... Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

18
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

268 kB
Transfer

273 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.gtbank.com/securitycentre
Title: READ MORE

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/index.php/personalbanking/41-services/e-banking-services/254-token
Title: GET YOURS

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/
Title: GTBANK.COM

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/terms-conditions
Title: TERMS & CONDITIONS

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/whistle-blower
Title: WHISTLE BLOWER

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://x.co/gtcarstart HTTP 301
https://x.co/gtcarstart HTTP 302
https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/index.php HTTP 302
https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://ibank.gtbank.com/ibank3/WebResource.axd?d=odj1PM6ZHPU7qvXI8G2nDRUEHWEYUa85agnpQXcjPawKuz288RP9GihfGPopdotNHoWSKEDi5ZdAttxeHKVrFmn5XlFUduOMsDAPH0GtuD81&t=635195493660000000 HTTP 302
https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request gtlert.php Show response
a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/
Redirect Chain

http://x.co/gtcarstart
https://x.co/gtcarstart
https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/index.php
https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6...

14 KB
3 KB

201ms
200ms

Document
text/html

148.72.73.123
GoDaddy.com

General

Check archive.org

Show headers Download Go to

Full URL: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 148.72.73.123 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS: ip-148-72-73-123.ip.secureserver.net
Software: Apache / PHP/7.2.20
Resource Hash: 95a1c9407db7dde85e01b9ed03c0fbd874c4b21946fdb20aad14396b96ab10f3

Request headers

:method: GET
:authority: a2plvcpnl168516.prod.iad2.secureserver.net
:scheme: https
:path: /~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 200
date: Sun, 12 Jan 2020 10:56:08 GMT
server: Apache
x-powered-by: PHP/7.2.20
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3445
content-type: text/html; charset=UTF-8

Redirect headers

status: 302
date: Sun, 12 Jan 2020 10:56:08 GMT
server: Apache
x-powered-by: PHP/7.2.20
location: gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
vary: User-Agent
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK Main.css
ibank.gtbank.com/ibank3/Style/ 62 KB
62 KB 878ms
165ms Stylesheet
text/css 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ibank.gtbank.com/ibank3/Style/Main.css

Requested by

Host: a2plvcpnl168516.prod.iad2.secureserver.net
URL: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

b76f3a9f4224828ac212d6f1068696aa829a824dcdb522056d35ffc6332b9b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "ea5efe7160bdd41:0"
Last-Modified: Tue, 05 Feb 2019 14:38:22 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Date: Sun, 12 Jan 2020 10:56:02 GMT
Accept-Ranges: bytes
Content-Length: 63337

GET
H/1.1 200
OK jquery.js Show response
ibank.gtbank.com/ibank3/js/ 90 KB
91 KB 889ms
177ms Script
application/javascript 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ibank.gtbank.com/ibank3/js/jquery.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

f76e9ad77bc5d73afc3d4208a860b9447a6e6a41fcfd8336a0ed30dd35252e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "2a82297be2aecf1:0"
Last-Modified: Sun, 03 Aug 2014 06:16:36 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Date: Sun, 12 Jan 2020 10:56:02 GMT
Accept-Ranges: bytes
Content-Length: 92593

GET
H/1.1 200
OK respond.min.js Show response
ibank.gtbank.com/ibank3/js/ 4 KB
4 KB 887ms
175ms Script
application/javascript 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ibank.gtbank.com/ibank3/js/respond.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

355d46f5be4da4152052ca59d5d1f3984c7fdc7e8c54e7c18cd545ce8215717f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "04d41b64f37ce1:0"
Last-Modified: Fri, 12 Apr 2013 07:31:14 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Date: Sun, 12 Jan 2020 10:56:02 GMT
Accept-Ranges: bytes
Content-Length: 4047

GET
H/1.1

200
OK

Expiresession.aspx Show response
ibank.gtbank.com/ibank3/
Redirect Chain

https://ibank.gtbank.com/ibank3/WebResource.axd?d=odj1PM6ZHPU7qvXI8G2nDRUEHWEYUa85agnpQXcjPawKuz288RP9GihfGPopdotNHoWSKEDi5ZdAttxeHKVrFmn5XlFUduOMsDAPH0GtuD81&t=635195493660000000
https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd

0
0

150ms
150ms

Script
text/html

41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd
Requested by: Host: a2plvcpnl168516.prod.iad2.secureserver.net
URL: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Location: /ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd
Cache-Control: private
Date: Sun, 12 Jan 2020 10:56:02 GMT
Content-Length: 181

GET
H/1.1 200
OK ad_trsf.gif
ibank.gtbank.com/ibank3/img/ads/ 4 KB
4 KB 881ms
169ms Image
image/gif 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/ads/ad_trsf.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

743a83264054a31c77a0a44d2f81e2527d057deed27ea4904865809fcdb18375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "0de64375532cf1:0"
Last-Modified: Tue, 25 Feb 2014 18:13:00 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Date: Sun, 12 Jan 2020 10:56:02 GMT
Accept-Ranges: bytes
Content-Length: 3781

GET
H/1.1 200
OK mobile_tab.jpg
ibank.gtbank.com/ibank3/img/adverts/280x650/ 29 KB
29 KB 897ms
185ms Image
image/jpeg 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/adverts/280x650/mobile_tab.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

6a2d62f4c5772cd0e3d1e8dc3ff014b71e0bd3392525efc9cbcb43d4cf0a5607

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "1855ca26e3f2cf1:0"
Last-Modified: Tue, 28 Oct 2014 19:12:43 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Date: Sun, 12 Jan 2020 10:56:02 GMT
Accept-Ranges: bytes
Content-Length: 29481

GET
H/1.1 200
OK mobile.jpg
ibank.gtbank.com/ibank3/img/adverts/280x650/ 59 KB
60 KB 158ms
157ms Image
image/jpeg 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/adverts/280x650/mobile.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

27ea81aa6109aee663f9b2675f0894bdb48a72ea2c718bc6c10188b4ce5646cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://a2plvcpnl168516.prod.iad2.secureserver.net/~fancyflix/cash2mate.com/gt/gt/gtlert.php?cmd=login_submit&id=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90&session=5ee137b6ef6743cf1e352b61154d4a905ee137b6ef6743cf1e352b61154d4a90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "5cf849dddb7cf1:0"
Last-Modified: Wed, 13 Aug 2014 15:47:19 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 60877

GET hI5.js
iss.gtbank.com/24684/ 0
0

GET k1Y.js
iss.gtbank.com/24684/ 0
0

GET
H/1.1 200
OK logo.png
ibank.gtbank.com/ibank3/img/ 3 KB
3 KB 159ms
159ms Image
image/png 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/logo.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

736f03dc62c4d15eb44d93effa1b31bedfc4ad84db8f95d6e33eef2a8196b558

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ibank.gtbank.com/ibank3/Style/Main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "eba5b0f4d068ce1:0"
Last-Modified: Fri, 14 Jun 2013 07:29:50 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 3054

GET
H/1.1 200
OK ibtext2.png
ibank.gtbank.com/ibank3/img/ 1 KB
2 KB 165ms
165ms Image
image/png 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/ibtext2.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

8356754f7a7240986d4cc59157aafea4258eea9d2a56550ea19d08a60a4af73c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ibank.gtbank.com/ibank3/Style/Main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "1ae4613e447ece1:0"
Last-Modified: Thu, 11 Jul 2013 14:38:00 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 1269

GET
H/1.1 200
OK gradbg.png
ibank.gtbank.com/ibank3/img/ 183 B
532 B 160ms
160ms Image
image/png 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/gradbg.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

aaeaf8ebf5b61080b3e1f7e675c85a42e051d4edb6183efb8968900198659dc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ibank.gtbank.com/ibank3/Style/Main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "f167d033d168ce1:0"
Last-Modified: Fri, 14 Jun 2013 07:31:36 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 183

GET
H/1.1 200
OK greenbg.png
ibank.gtbank.com/ibank3/img/ 519 B
867 B 165ms
165ms Image
image/png 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/greenbg.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

82b0d37da2dc26e64e5afae54b3c708fb49ee464bc8c58ec1ab01559c700776b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ibank.gtbank.com/ibank3/Style/Main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "b171731d168ce1:0"
Last-Modified: Fri, 14 Jun 2013 07:31:32 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 519

GET
H/1.1 200
OK keybg.png
ibank.gtbank.com/ibank3/img/ 147 B
496 B 162ms
162ms Image
image/png 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/keybg.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

efda1329039625b6b665fcc93e49a3f29dead8c49636f9a238ebe4b100301728

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ibank.gtbank.com/ibank3/Style/Main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "30666b31d168ce1:0"
Last-Modified: Fri, 14 Jun 2013 07:31:32 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 147

GET
H/1.1 200
OK footbg.png
ibank.gtbank.com/ibank3/img/ 331 B
680 B 155ms
155ms Image
image/png 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/footbg.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

9a7ca670add876603d9cfa2e106953f42d420ee481ff01ebabe686e97d902539

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ibank.gtbank.com/ibank3/Style/Main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "95ee7b34d168ce1:0"
Last-Modified: Fri, 14 Jun 2013 07:31:37 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 331

GET
H/1.1 200
OK shield.png
ibank.gtbank.com/ibank3/img/ 2 KB
2 KB 294ms
151ms Image
image/png 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/shield.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/js/jquery.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

53920bb8e98d002e6b57db8a516efe8835c6bda241020cc64ffad5ef4c5c28f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ibank.gtbank.com/ibank3/Style/Main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "891d4bf1d068ce1:0"
Last-Modified: Fri, 14 Jun 2013 07:29:45 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 2153

GET
H/1.1 200
OK token.png
ibank.gtbank.com/ibank3/img/ 3 KB
4 KB 292ms
152ms Image
image/png 41.203.112.143
GTB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/token.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/js/jquery.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

41.203.112.143 Ikorodu, Nigeria, ASN37001 (GTB-AS, NG),

Reverse DNS

Software

Microsoft-IIS/8.0 / ASP.NET

Resource Hash

b7fa39a9767692ee74840315b88d6d92a72b7a7dfa619aead9b954a39a2a92ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ibank.gtbank.com/ibank3/Style/Main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
ETag: "b77e41e8d668ce1:0"
Last-Modified: Fri, 14 Jun 2013 08:12:26 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Sun, 12 Jan 2020 10:56:03 GMT
Accept-Ranges: bytes
Content-Length: 3469

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: iss.gtbank.com
URL: https://iss.gtbank.com/24684/hI5.js

Domain: iss.gtbank.com
URL: https://iss.gtbank.com/24684/k1Y.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GTBank (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a2plvcpnl168516.prod.iad2.secureserver.net
ibank.gtbank.com
iss.gtbank.com
x.co
iss.gtbank.com
148.72.73.123
41.203.112.143
45.40.140.1
27ea81aa6109aee663f9b2675f0894bdb48a72ea2c718bc6c10188b4ce5646cb
355d46f5be4da4152052ca59d5d1f3984c7fdc7e8c54e7c18cd545ce8215717f
53920bb8e98d002e6b57db8a516efe8835c6bda241020cc64ffad5ef4c5c28f9
6a2d62f4c5772cd0e3d1e8dc3ff014b71e0bd3392525efc9cbcb43d4cf0a5607
736f03dc62c4d15eb44d93effa1b31bedfc4ad84db8f95d6e33eef2a8196b558
743a83264054a31c77a0a44d2f81e2527d057deed27ea4904865809fcdb18375
82b0d37da2dc26e64e5afae54b3c708fb49ee464bc8c58ec1ab01559c700776b
8356754f7a7240986d4cc59157aafea4258eea9d2a56550ea19d08a60a4af73c
95a1c9407db7dde85e01b9ed03c0fbd874c4b21946fdb20aad14396b96ab10f3
9a7ca670add876603d9cfa2e106953f42d420ee481ff01ebabe686e97d902539
aaeaf8ebf5b61080b3e1f7e675c85a42e051d4edb6183efb8968900198659dc2
b76f3a9f4224828ac212d6f1068696aa829a824dcdb522056d35ffc6332b9b1c
b7fa39a9767692ee74840315b88d6d92a72b7a7dfa619aead9b954a39a2a92ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efda1329039625b6b665fcc93e49a3f29dead8c49636f9a238ebe4b100301728
f76e9ad77bc5d73afc3d4208a860b9447a6e6a41fcfd8336a0ed30dd35252e82

a2plvcpnl168516.prod.iad2.secureserver.net Open in urlscan Pro 148.72.73.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

89 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

268 kBTransfer

273 kBSize

0 Cookies

5 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

a2plvcpnl168516.prod.iad2.secureserver.net Open in urlscan Pro
148.72.73.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

268 kB
Transfer

273 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!