www.learnsupp.com
Open in
urlscan Pro
81.19.159.66
Malicious Activity!
Public Scan
Submission: On October 26 via manual from DE
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 25th 2020. Valid for: 3 months.
This is the only time www.learnsupp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Alpha Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 81.19.159.66 81.19.159.66 | 38955 (WORLD4YOU) (WORLD4YOU) | |
17 | 95.100.181.33 95.100.181.33 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c | 15133 (EDGECAST) (EDGECAST) | |
1 | 40.69.200.41 40.69.200.41 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 40.118.101.67 40.118.101.67 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
32 | 6 |
ASN20940 (AKAMAI-ASN1, EU)
PTR: a95-100-181-33.deploy.static.akamaitechnologies.com
secure.alpha.gr | |
www.alpha.gr |
ASN15133 (EDGECAST, US)
az416426.vo.msecnd.net |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
monitoring.alpha.gr |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
alpha.gr
secure.alpha.gr www.alpha.gr monitoring.alpha.gr |
1 MB |
3 |
learnsupp.com
1 redirects
www.learnsupp.com |
24 KB |
1 |
monstat.com
monstat.com |
300 B |
1 |
msecnd.net
az416426.vo.msecnd.net |
22 KB |
32 | 4 |
Domain | Requested by | |
---|---|---|
16 | secure.alpha.gr |
www.learnsupp.com
secure.alpha.gr |
3 | www.learnsupp.com | 1 redirects |
2 | monitoring.alpha.gr |
az416426.vo.msecnd.net
|
1 | www.alpha.gr |
az416426.vo.msecnd.net
|
1 | monstat.com |
www.learnsupp.com
|
1 | az416426.vo.msecnd.net |
secure.alpha.gr
|
32 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.alpha.gr |
secure.alpha.gr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.learnsupp.com Let's Encrypt Authority X3 |
2020-10-25 - 2021-01-23 |
3 months | crt.sh |
www.alpha.gr DigiCert ECC Extended Validation Server CA |
2020-05-04 - 2021-12-11 |
2 years | crt.sh |
sni1e6ffgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA |
2020-04-16 - 2022-04-21 |
2 years | crt.sh |
www.monstat.com Go Daddy Secure Certificate Authority - G2 |
2020-02-16 - 2022-03-09 |
2 years | crt.sh |
monitoring.alpha.gr DigiCert SHA2 Secure Server CA |
2020-04-08 - 2022-04-18 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.learnsupp.com/alpha1/
Frame ID: 44A1D6050A9D5EAC7E828D30DC72C7B2
Requests: 31 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.learnsupp.com/alpha1
HTTP 301
https://www.learnsupp.com/alpha1/ Page URL
- https://www.learnsupp.com/alpha1/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: εδώ
Search URL Search Domain Scan URL
Title: Ξέχασα/Κλείδωσα το Password μου
Search URL Search Domain Scan URL
Title: Όροι Χρήσης
Search URL Search Domain Scan URL
Title: Πολιτική Απορρήτου
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.learnsupp.com/alpha1
HTTP 301
https://www.learnsupp.com/alpha1/ Page URL
- https://www.learnsupp.com/alpha1/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.learnsupp.com/alpha1 HTTP 301
- https://www.learnsupp.com/alpha1/
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
www.learnsupp.com/alpha1/ Redirect Chain
|
1 B 428 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
www.learnsupp.com/alpha1/ |
23 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login
secure.alpha.gr/Login/content/css/ |
174 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
secure.alpha.gr/Login/Content/media/login/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.png
secure.alpha.gr/Login/Content/media/login/ |
442 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
laptop.png
secure.alpha.gr/Login/Content/media/login/ |
311 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email.png
secure.alpha.gr/Login/Content/media/login/ |
350 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phone.png
secure.alpha.gr/Login/Content/media/login/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info.png
secure.alpha.gr/Login/Content/media/login/ |
622 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shield.png
secure.alpha.gr/Login/Content/media/login/ |
675 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
retail.png
secure.alpha.gr/Login/Content/media/login/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
corporate.png
secure.alpha.gr/Login/Content/media/login/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
appInsights
secure.alpha.gr/Login/bundles/ |
84 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login
secure.alpha.gr/Login/scripts/js/ |
164 KB 53 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rsa
secure.alpha.gr/Login/bundles/ |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sjcl.min.js
secure.alpha.gr/Login/Scripts/login/ |
25 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-background-stripped@3x.png
secure.alpha.gr/Login/content/media/login/ |
162 KB 163 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-background-elements@3x.png
secure.alpha.gr/Login/content/media/login/ |
1006 KB 1009 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular.woff2
secure.alpha.gr/Login/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold_1.woff2
secure.alpha.gr/ebanking/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ai.0.js
az416426.vo.msecnd.net/scripts/a/ |
94 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular.woff
secure.alpha.gr/Login/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myAlphaWeb2.png
monstat.com/ |
0 300 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
el
www.alpha.gr/api/ebankingnotification/ |
1 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular.ttf
secure.alpha.gr/Login/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold_1.woff
secure.alpha.gr/ebanking/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold_1.ttf
secure.alpha.gr/ebanking/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold.woff2
secure.alpha.gr/ebanking/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold.woff
secure.alpha.gr/ebanking/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Bold.ttf
secure.alpha.gr/ebanking/content/fonts/opensans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
monitoring.alpha.gr/appinsights/ |
0 0 |
Other
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
monitoring.alpha.gr/appinsights/ |
49 B 669 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/Login/content/fonts/opensans/OpenSans-Regular.woff2
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/ebanking/content/fonts/opensans/OpenSans-Bold_1.woff2
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/Login/content/fonts/opensans/OpenSans-Regular.woff
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/Login/content/fonts/opensans/OpenSans-Regular.ttf
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/ebanking/content/fonts/opensans/OpenSans-Bold_1.woff
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/ebanking/content/fonts/opensans/OpenSans-Bold_1.ttf
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/ebanking/content/fonts/opensans/OpenSans-Bold.woff2
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/ebanking/content/fonts/opensans/OpenSans-Bold.woff
- Domain
- secure.alpha.gr
- URL
- https://secure.alpha.gr/ebanking/content/fonts/opensans/OpenSans-Bold.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Alpha Bank (Banking)132 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| appInsights string| instrumentationKey string| applicationId string| disableBrowserAppInsights string| aiBrowserEndPointAddress string| serverRequestContextOperationId string| operationName string| serverDisplayName function| $ function| jQuery object| AI object| Microsoft function| __extends function| _endsWith object| bootstrap function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr function| t object| ua function| z string| b64map string| b64padchar object| sjcl function| u function| A function| C function| y function| B undefined| D undefined| E object| F boolean| G undefined| H object| loginSettings object| userActivityTimeout object| userActivityThrottlerTimeout number| INACTIVE_USER_TIME_THRESHOLD number| USER_ACTIVITY_THROTTLER_TIME function| resetUserActivityTimeout function| userActivityThrottler function| inactiveUserAction function| activateActivityTracker function| doResize function| userModal function| closeNotif function| closeServicesPopover function| closeModal function| rememberMe function| demoLogin function| addRBFAdditionalFields function| submitLogin function| submitReIssuePasswordForm function| submitDocUploadCustomLogin function| enc function| dec4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.learnsupp.com/ | Name: ai_session Value: L3n/j|1603720444545.295|1603720444545.295 |
|
www.learnsupp.com/ | Name: ai_user Value: G/4ih|2020-10-26T13:54:04.383Z |
|
www.learnsupp.com/ | Name: PHPSESSID Value: a4omi6eiogv6g6ldcs98n298ko |
|
www.learnsupp.com/alpha1 | Name: visited Value: yes |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
az416426.vo.msecnd.net
monitoring.alpha.gr
monstat.com
secure.alpha.gr
www.alpha.gr
www.learnsupp.com
secure.alpha.gr
2606:2800:233:1cb7:261b:1f9c:2074:3c
40.118.101.67
40.69.200.41
81.19.159.66
95.100.181.33
0735fb7399059f96adfcea3b0378e2df6e08488c6b65627e4fb79e1d127b3336
0e347b56c115b9a6553a4e3a18e3d39a2b138190e30d80f4fe11ec75c2d849e4
1c58e1e887f86d81f610df73d5890f6f5e9d316d2adb749585641dc5fdc47e9c
21503eecb48b62604d6855e33399ab5731f3679a03d412065ea47464de612785
2d4e6fc4cc086cf99949cb1d9c45ece2336d1a1b457fe7eb3136377bdf285aa2
3478a5adc0d012234c2540f6bf484a04fb06077b8db91a933964b92a2f88c691
3ba8e512923cd34399ee6274ba26e52ed26d9bc21794092eb8126012120daef9
4626e282c2921300f1f087f82643dfe7c3482ef156d4f151d5d892d1a6cb7f49
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
81318af9c9b393aab0554c82a83e6a29efa1fd9abf317f375c69ffe1a9a97980
8db46131574ac9109993d7f125528371d48583aae1f5c38a0ac9c844d63f5b76
a0528735cdfd91c5ec3139dee69492183dcf03e3b9a72e3df105a0b113ff96f4
a13b8ecdd8f20c0e1fda1bf01c4d61e90ea5df8731c6734081fecf007b778743
a1612606ef48d6a8c375d4a747b8c1fe4f6927e242ec21c449b27ed0325505f2
a7b625a085dc2e7e3c7c5d882c279d6e6da3a860fb17c041232a575bfe033f1d
a9ba69a712ca83a83213bb90a9f821da8c904c9f954eba6c5e7e23bdad6e2c3e
b9294cf365d3365ce77692019b950cd5c1c1ea1187aa6cc891b0ee1457578643
c74ea76f7d264d0029f242ad37a4a3822e0d82626a157dfff19faf81a875e20a
dd892e8748d7c8b9068fc17b082e57ba012a3e1923f8ea0323f4a325e5367e52
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed71ce33d772d291d9c787d26972c89d581a81b6b5e10bfaa8a18173a9877f4c