vps50296.inmotionhosting.com Open in urlscan Pro
74.124.211.126 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/index.php
Effective URL:
http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/gtlert.php?cmd=login_submit&id=3c8d860491ffd860ebf8cb...
Submission: On May 19 via manual (May 19th 2021, 3:16:57 pm UTC) from GB

Summary HTTP 18 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 74.124.211.126, located in United States and belongs to INMOTION, US. The main domain is vps50296.inmotionhosting.com.

This is the only time vps50296.inmotionhosting.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GTBank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	74.124.211.126 74.124.211.126	22611 (INMOTION) (INMOTION)
1 16	45.60.78.195 45.60.78.195	19551 (INCAPSULA) (INCAPSULA)
18	3

2 74.124.211.126 (United States) 1 redirects

ASN22611 (INMOTION, US)
PTR: vps50296.inmotionhosting.com

vps50296.inmotionhosting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 45.60.78.195 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

ibank.gtbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	gtbank.com 1 redirects ibank.gtbank.com iss.gtbank.com Failed	164 KB
2	inmotionhosting.com 1 redirects vps50296.inmotionhosting.com	4 KB
18	2

	Domain	Requested by
16	ibank.gtbank.com	1 redirects vps50296.inmotionhosting.com ibank.gtbank.com
2	vps50296.inmotionhosting.com	1 redirects
0	iss.gtbank.com Failed	vps50296.inmotionhosting.com
18	3

This site contains links to these domains. Also see Links.

Domain
www.gtbank.com

Subject Issuer	Validity	Valid
ibank.gtbank.com DigiCert SHA2 Extended Validation Server CA	`2019-12-27` - `2022-02-01`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/gtlert.php?cmd=login_submit&id=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db&session=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db
Frame ID: 59DA79CCDD0EB9209D4F9BFD8F56AB00
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/index.php HTTP 302
http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/gtlert.php?cmd=login_submit&id=3c... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

18
Requests

83 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

166 kB
Transfer

273 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.gtbank.com/securitycentre
Title: READ MORE

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/index.php/personalbanking/41-services/e-banking-services/254-token
Title: GET YOURS

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/
Title: GTBANK.COM

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/terms-conditions
Title: TERMS & CONDITIONS

Search URL Search Domain Scan URL

URL: http://www.gtbank.com/whistle-blower
Title: WHISTLE BLOWER

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/index.php HTTP 302
http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/gtlert.php?cmd=login_submit&id=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db&session=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://ibank.gtbank.com/ibank3/WebResource.axd?d=odj1PM6ZHPU7qvXI8G2nDRUEHWEYUa85agnpQXcjPawKuz288RP9GihfGPopdotNHoWSKEDi5ZdAttxeHKVrFmn5XlFUduOMsDAPH0GtuD81&t=635195493660000000 HTTP 302
https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request gtlert.php Show response
vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/
Redirect Chain

http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/index.php
http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/gtlert.php?cmd=login_submit&id=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db&session=3c8d860491ffd8...

14 KB
4 KB

358ms
352ms

Document
text/html

74.124.211.126
INMOTION

General

Check archive.org

Show headers Download Go to

Full URL: http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/gtlert.php?cmd=login_submit&id=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db&session=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db
Protocol: HTTP/1.1
Server: 74.124.211.126 , United States, ASN22611 (INMOTION, US),
Reverse DNS: vps50296.inmotionhosting.com
Software: Apache /
Resource Hash: 95a1c9407db7dde85e01b9ed03c0fbd874c4b21946fdb20aad14396b96ab10f3

Request headers

Host: vps50296.inmotionhosting.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 15:16:39 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3445
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Wed, 19 May 2021 15:16:38 GMT
Server: Apache
location: gtlert.php?cmd=login_submit&id=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db&session=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Main.css
ibank.gtbank.com/ibank3/Style/ 62 KB
12 KB 950ms
667ms Stylesheet
text/css 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://ibank.gtbank.com/ibank3/Style/Main.css

Requested by

Host: vps50296.inmotionhosting.com
URL: http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/gtlert.php?cmd=login_submit&id=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db&session=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b76f3a9f4224828ac212d6f1068696aa829a824dcdb522056d35ffc6332b9b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://vps50296.inmotionhosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Content-Encoding: gzip
Referrer-Policy: strict-origin
Last-Modified: Tue, 05 Feb 2019 14:38:22 GMT
X-CDN: Imperva
ETag: "ea5efe7160bdd41:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
X-Iinfo: 4-13765406-13765419 NNYN CT(132 298 0) RT(1621437399216 242) q(0 0 4 1) r(6 6) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:24 GMT
Accept-Ranges: bytes
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.js Show response
ibank.gtbank.com/ibank3/js/ 90 KB
34 KB 969ms
687ms Script
application/javascript 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://ibank.gtbank.com/ibank3/js/jquery.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f76e9ad77bc5d73afc3d4208a860b9447a6e6a41fcfd8336a0ed30dd35252e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://vps50296.inmotionhosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Content-Encoding: gzip
Referrer-Policy: strict-origin
Last-Modified: Sun, 03 Aug 2014 06:16:36 GMT
X-CDN: Imperva
ETag: "2a82297be2aecf1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
X-Iinfo: 10-21742572-21742576 NNYN CT(129 315 0) RT(1621437399216 242) q(0 0 5 0) r(6 7) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK respond.min.js Show response
ibank.gtbank.com/ibank3/js/ 4 KB
3 KB 937ms
654ms Script
application/javascript 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://ibank.gtbank.com/ibank3/js/respond.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

355d46f5be4da4152052ca59d5d1f3984c7fdc7e8c54e7c18cd545ce8215717f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://vps50296.inmotionhosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Content-Encoding: gzip
Referrer-Policy: strict-origin
Last-Modified: Fri, 12 Apr 2013 07:31:14 GMT
X-CDN: Imperva
ETag: "04d41b64f37ce1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
X-Iinfo: 8-14288946-14288948 NNYN CT(128 325 0) RT(1621437399216 242) q(0 0 5 0) r(6 6) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:24 GMT
Accept-Ranges: bytes
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff

GET
H/1.1

200
OK

Expiresession.aspx Show response
ibank.gtbank.com/ibank3/
Redirect Chain

https://ibank.gtbank.com/ibank3/WebResource.axd?d=odj1PM6ZHPU7qvXI8G2nDRUEHWEYUa85agnpQXcjPawKuz288RP9GihfGPopdotNHoWSKEDi5ZdAttxeHKVrFmn5XlFUduOMsDAPH0GtuD81&t=635195493660000000
https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd

0
0

175ms
174ms

Script
text/html

45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://ibank.gtbank.com/ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd
Requested by: Host: vps50296.inmotionhosting.com
URL: http://vps50296.inmotionhosting.com/~singlemommytribe/wp-admin/css/sound/gt/gt/gtlert.php?cmd=login_submit&id=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db&session=3c8d860491ffd860ebf8cb78a56ff0db3c8d860491ffd860ebf8cb78a56ff0db
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.78.195 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://vps50296.inmotionhosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
X-CDN: Imperva
Date: Wed, 19 May 2021 15:16:24 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Location: /ibank3/Expiresession.aspx?aspxerrorpath=/ibank3/WebResource.axd
X-Iinfo: 9-16757254-16757265 NNNN CT(128 296 0) RT(1621437399216 243) q(0 0 4 0) r(6 6) U5
Cache-Control: private
X-Content-Type-Options: nosniff
Content-Length: 181
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ad_trsf.gif
ibank.gtbank.com/ibank3/img/ads/ 4 KB
5 KB 167ms
167ms Image
image/gif 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/ads/ad_trsf.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

743a83264054a31c77a0a44d2f81e2527d057deed27ea4904865809fcdb18375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://vps50296.inmotionhosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Tue, 25 Feb 2014 18:13:00 GMT
X-CDN: Imperva
ETag: "0de64375532cf1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
X-Iinfo: 4-13765406-13765419 ENNN RT(1621437399216 1176) q(0 0 0 1) r(2 2) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Content-Length: 3781
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK mobile_tab.jpg
ibank.gtbank.com/ibank3/img/adverts/280x650/ 29 KB
30 KB 183ms
183ms Image
image/jpeg 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/adverts/280x650/mobile_tab.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6a2d62f4c5772cd0e3d1e8dc3ff014b71e0bd3392525efc9cbcb43d4cf0a5607

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://vps50296.inmotionhosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Tue, 28 Oct 2014 19:12:43 GMT
X-CDN: Imperva
ETag: "1855ca26e3f2cf1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Iinfo: 10-21742572-21742576 ENNN RT(1621437399216 1254) q(0 0 0 0) r(2 2) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Content-Length: 29481
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK mobile.jpg
ibank.gtbank.com/ibank3/img/adverts/280x650/ 59 KB
61 KB 175ms
173ms Image
image/jpeg 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/adverts/280x650/mobile.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

27ea81aa6109aee663f9b2675f0894bdb48a72ea2c718bc6c10188b4ce5646cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://vps50296.inmotionhosting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Wed, 13 Aug 2014 15:47:19 GMT
X-CDN: Imperva
ETag: "5cf849dddb7cf1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Iinfo: 8-14288946-14288948 ENNN RT(1621437399216 1266) q(0 0 0 1) r(2 2) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Content-Length: 60877
X-Content-Type-Options: nosniff

GET hI5.js
iss.gtbank.com/24684/ 0
0

GET k1Y.js
iss.gtbank.com/24684/ 0
0

GET
H/1.1 200
OK logo.png
ibank.gtbank.com/ibank3/img/ 3 KB
4 KB 472ms
215ms Image
image/png 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/logo.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/Style/Main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

736f03dc62c4d15eb44d93effa1b31bedfc4ad84db8f95d6e33eef2a8196b558

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ibank.gtbank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Fri, 14 Jun 2013 07:29:50 GMT
X-CDN: Imperva
ETag: "eba5b0f4d068ce1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Iinfo: 4-13765406-13765419 ENNN RT(1621437399216 1561) q(0 0 0 4) r(2 2) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Content-Length: 3054
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK ibtext2.png
ibank.gtbank.com/ibank3/img/ 1 KB
2 KB 508ms
157ms Image
image/png 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/ibtext2.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/Style/Main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

8356754f7a7240986d4cc59157aafea4258eea9d2a56550ea19d08a60a4af73c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ibank.gtbank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Thu, 11 Jul 2013 14:38:00 GMT
X-CDN: Imperva
ETag: "1ae4613e447ece1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Iinfo: 10-21742572-21742576 ENNN RT(1621437399216 1620) q(0 0 0 0) r(1 1) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Content-Length: 1269
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK gradbg.png
ibank.gtbank.com/ibank3/img/ 183 B
1 KB 611ms
163ms Image
image/png 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/gradbg.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/Style/Main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aaeaf8ebf5b61080b3e1f7e675c85a42e051d4edb6183efb8968900198659dc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ibank.gtbank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Fri, 14 Jun 2013 07:31:36 GMT
X-CDN: Imperva
ETag: "f167d033d168ce1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Iinfo: 8-14288946-14288948 ENNN RT(1621437399216 1717) q(0 0 0 0) r(1 1) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Content-Length: 183
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK greenbg.png
ibank.gtbank.com/ibank3/img/ 519 B
2 KB 666ms
643ms Image
image/png 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/greenbg.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/Style/Main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

82b0d37da2dc26e64e5afae54b3c708fb49ee464bc8c58ec1ab01559c700776b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ibank.gtbank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Fri, 14 Jun 2013 07:31:32 GMT
X-CDN: Imperva
ETag: "b171731d168ce1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Iinfo: 8-14288990-14288994 NNNN CT(135 314 0) RT(1621437400511 28) q(0 0 4 0) r(6 6) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:26 GMT
Accept-Ranges: bytes
Content-Length: 519
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK keybg.png
ibank.gtbank.com/ibank3/img/ 147 B
1 KB 684ms
661ms Image
image/png 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/keybg.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/Style/Main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

efda1329039625b6b665fcc93e49a3f29dead8c49636f9a238ebe4b100301728

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ibank.gtbank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Fri, 14 Jun 2013 07:31:32 GMT
X-CDN: Imperva
ETag: "30666b31d168ce1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Iinfo: 7-13216836-13216838 NNNN CT(136 320 0) RT(1621437400512 27) q(0 0 4 0) r(6 6) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:26 GMT
Accept-Ranges: bytes
Content-Length: 147
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footbg.png
ibank.gtbank.com/ibank3/img/ 331 B
1 KB 691ms
666ms Image
image/png 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/footbg.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/Style/Main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

9a7ca670add876603d9cfa2e106953f42d420ee481ff01ebabe686e97d902539

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ibank.gtbank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Fri, 14 Jun 2013 07:31:37 GMT
X-CDN: Imperva
ETag: "95ee7b34d168ce1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Iinfo: 8-14288991-14288995 NNNN CT(142 321 0) RT(1621437400512 30) q(0 0 5 0) r(6 6) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:26 GMT
Accept-Ranges: bytes
Content-Length: 331
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK shield.png
ibank.gtbank.com/ibank3/img/ 2 KB
3 KB 302ms
167ms Image
image/png 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/shield.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/Style/Main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

53920bb8e98d002e6b57db8a516efe8835c6bda241020cc64ffad5ef4c5c28f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ibank.gtbank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Fri, 14 Jun 2013 07:29:45 GMT
X-CDN: Imperva
ETag: "891d4bf1d068ce1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Iinfo: 10-21742572-21742576 ENNN RT(1621437399216 1451) q(0 0 0 0) r(2 2) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Content-Length: 2153
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK token.png
ibank.gtbank.com/ibank3/img/ 3 KB
4 KB 206ms
178ms Image
image/png 45.60.78.195
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ibank.gtbank.com/ibank3/img/token.png

Requested by

Host: ibank.gtbank.com
URL: https://ibank.gtbank.com/ibank3/Style/Main.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.78.195 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b7fa39a9767692ee74840315b88d6d92a72b7a7dfa619aead9b954a39a2a92ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ibank.gtbank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552001; includeSubDomains; preload, max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin
Last-Modified: Fri, 14 Jun 2013 08:12:26 GMT
X-CDN: Imperva
ETag: "b77e41e8d668ce1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Iinfo: 4-13765406-13765419 ENNN RT(1621437399216 1344) q(0 0 0 0) r(2 2) U5
X-XSS-Protection: 1; mode=block
Date: Wed, 19 May 2021 15:16:25 GMT
Accept-Ranges: bytes
Content-Length: 3469
X-Content-Type-Options: nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: iss.gtbank.com
URL: http://iss.gtbank.com/24684/hI5.js

Domain: iss.gtbank.com
URL: http://iss.gtbank.com/24684/k1Y.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GTBank (Banking)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ibank.gtbank.com
iss.gtbank.com
vps50296.inmotionhosting.com
iss.gtbank.com
45.60.78.195
74.124.211.126
27ea81aa6109aee663f9b2675f0894bdb48a72ea2c718bc6c10188b4ce5646cb
355d46f5be4da4152052ca59d5d1f3984c7fdc7e8c54e7c18cd545ce8215717f
53920bb8e98d002e6b57db8a516efe8835c6bda241020cc64ffad5ef4c5c28f9
6a2d62f4c5772cd0e3d1e8dc3ff014b71e0bd3392525efc9cbcb43d4cf0a5607
736f03dc62c4d15eb44d93effa1b31bedfc4ad84db8f95d6e33eef2a8196b558
743a83264054a31c77a0a44d2f81e2527d057deed27ea4904865809fcdb18375
82b0d37da2dc26e64e5afae54b3c708fb49ee464bc8c58ec1ab01559c700776b
8356754f7a7240986d4cc59157aafea4258eea9d2a56550ea19d08a60a4af73c
95a1c9407db7dde85e01b9ed03c0fbd874c4b21946fdb20aad14396b96ab10f3
9a7ca670add876603d9cfa2e106953f42d420ee481ff01ebabe686e97d902539
aaeaf8ebf5b61080b3e1f7e675c85a42e051d4edb6183efb8968900198659dc2
b76f3a9f4224828ac212d6f1068696aa829a824dcdb522056d35ffc6332b9b1c
b7fa39a9767692ee74840315b88d6d92a72b7a7dfa619aead9b954a39a2a92ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efda1329039625b6b665fcc93e49a3f29dead8c49636f9a238ebe4b100301728
f76e9ad77bc5d73afc3d4208a860b9447a6e6a41fcfd8336a0ed30dd35252e82

vps50296.inmotionhosting.com Open in urlscan Pro 74.124.211.126 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

83 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

1 Countries

166 kBTransfer

273 kBSize

0 Cookies

5 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

0 Cookies

Indicators

vps50296.inmotionhosting.com Open in urlscan Pro
74.124.211.126 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

83 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

166 kB
Transfer

273 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!