urlscan.io logo urlscan.io
SecurityTrails logo

invest.alfabank.ru Open in urlscan Pro
217.12.99.33  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://invest.alfabank.ru/
Effective URL: https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Submission: On October 16 via automatic, source certstream-suspicious — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 217.12.99.33, located in Russian Federation and belongs to ALFA-BANK-AS, RU. The main domain is invest.alfabank.ru.
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on February 9th 2024. Valid for: a year.
This is the only time invest.alfabank.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 7 217.12.99.33 15632 (ALFA-BANK-AS)
8 2
Apex Domain
Subdomains		 Transfer
7 alfabank.ru
invest.alfabank.ru
private.auth.alfabank.ru Failed
metrics.alfabank.ru Failed
2 MB
8 1
Domain Requested by
7 invest.alfabank.ru 1 redirects invest.alfabank.ru
0 metrics.alfabank.ru Failed
0 private.auth.alfabank.ru Failed invest.alfabank.ru
8 3

This site contains no links.

Subject Issuer Validity Valid
invest.alfabank.ru
Actalis Domain Validation Server CA G3		 2024-02-09 -
2025-02-09		 a year crt.sh

This page contains 1 frames:

Frame: https://private.auth.alfabank.ru/passport/cerberus-mini/dashboard/cross_auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Frame ID: 07710A8A734243E3A15B229E72622C86
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Альфа-Инвестиции Онлайн

Page URL History Show full URLs

  1. https://invest.alfabank.ru/ HTTP 302
    https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react

Page Statistics

8
Requests

75 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

2309 kB
Transfer

8732 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://invest.alfabank.ru/ HTTP 302
    https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request auth
invest.alfabank.ru/
Redirect Chain
  • https://invest.alfabank.ru/
  • https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
784 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.12.99.33 , Russian Federation, ASN15632 (ALFA-BANK-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
536a7dc7a27cf697e7a1fa8cecedc0d208dca113f0823bec769ba844893650cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
*
Access-Control-Allow-Methods
*
Access-Control-Allow-Origin
*
Cache-Control
max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Wed, 16 Oct 2024 13:40:47 GMT
ETag
W/"670f6c34-310"
Expires
Wed, 16 Oct 2024 13:40:47 GMT
Last-Modified
Wed, 16 Oct 2024 07:33:08 GMT
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.20.1
Transfer-Encoding
chunked
Vary
Accept-Encoding Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN

Redirect headers

Access-Control-Allow-Headers
*
Access-Control-Allow-Methods
*
Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
0
Content-Security-Policy
Date
Wed, 16 Oct 2024 13:40:47 GMT
Location
https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Server
nginx/1.20.1
X-Frame-Options
SAMEORIGIN
vendors.313f9e48.js
invest.alfabank.ru/desktop/static/js/ 		33 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invest.alfabank.ru/desktop/static/js/vendors.313f9e48.js
Requested by
Host: invest.alfabank.ru
URL: https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.12.99.33 , Russian Federation, ASN15632 (ALFA-BANK-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
e66cf777b1c66f145c7d72af92e8fe2ef7cdfc08fbb29084a880fe46a18cee61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro

Response headers

Content-Encoding
gzip
ETag
W/"670f6c29-8467"
X-Content-Type-Options
nosniff
Access-Control-Allow-Methods
*
Expires
Thu, 16 Oct 2025 13:40:47 GMT
Date
Wed, 16 Oct 2024 13:40:47 GMT
Last-Modified
Wed, 16 Oct 2024 07:32:57 GMT
Content-Type
application/javascript
Vary
Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Access-Control-Allow-Headers
*
Cache-Control
max-age=31536000
Connection
keep-alive
Access-Control-Allow-Origin
*
Server
nginx/1.20.1
main.33bfaf88.js
invest.alfabank.ru/desktop/static/js/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://invest.alfabank.ru/desktop/static/js/main.33bfaf88.js
Requested by
Host: invest.alfabank.ru
URL: https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.12.99.33 , Russian Federation, ASN15632 (ALFA-BANK-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
a951099a48dd78e97c5b0819120762bcf0e23d598019928994dc03a7a9647b83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro

Response headers

Content-Encoding
gzip
ETag
W/"670f6c34-72c410"
X-Content-Type-Options
nosniff
Access-Control-Allow-Methods
*
Expires
Thu, 16 Oct 2025 13:40:48 GMT
Date
Wed, 16 Oct 2024 13:40:48 GMT
Last-Modified
Wed, 16 Oct 2024 07:33:08 GMT
Content-Type
application/javascript
Vary
Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Access-Control-Allow-Headers
*
Cache-Control
max-age=31536000
Connection
keep-alive
Access-Control-Allow-Origin
*
Server
nginx/1.20.1
vendors.2c863b19.css
invest.alfabank.ru/desktop/static/css/ 		537 KB
66 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://invest.alfabank.ru/desktop/static/css/vendors.2c863b19.css
Requested by
Host: invest.alfabank.ru
URL: https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.12.99.33 , Russian Federation, ASN15632 (ALFA-BANK-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
2558370391636b707553047a44fb14184b923a43ae12308afd2ccbbdbb3fe0d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro

Response headers

Content-Encoding
gzip
ETag
W/"670f6c34-865b9"
X-Content-Type-Options
nosniff
Access-Control-Allow-Methods
*
Expires
Thu, 16 Oct 2025 13:40:47 GMT
Date
Wed, 16 Oct 2024 13:40:47 GMT
Last-Modified
Wed, 16 Oct 2024 07:33:08 GMT
Content-Type
text/css
Vary
Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Access-Control-Allow-Headers
*
Cache-Control
max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Access-Control-Allow-Origin
*
Server
nginx/1.20.1
main.ef82aa6a.css
invest.alfabank.ru/desktop/static/css/ 		748 KB
146 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://invest.alfabank.ru/desktop/static/css/main.ef82aa6a.css
Requested by
Host: invest.alfabank.ru
URL: https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.12.99.33 , Russian Federation, ASN15632 (ALFA-BANK-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
302f7fdfa7855cba74785511a83d4c86b9078324d7223dfef3b3e7945ce7b2d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro

Response headers

Content-Encoding
gzip
ETag
W/"670f6c28-bb16e"
X-Content-Type-Options
nosniff
Access-Control-Allow-Methods
*
Expires
Thu, 16 Oct 2025 13:40:48 GMT
Date
Wed, 16 Oct 2024 13:40:48 GMT
Last-Modified
Wed, 16 Oct 2024 07:32:56 GMT
Content-Type
text/css
Vary
Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Access-Control-Allow-Headers
*
Cache-Control
max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Access-Control-Allow-Origin
*
Server
nginx/1.20.1
cross_auth
private.auth.alfabank.ru/passport/cerberus-mini/dashboard/ 		0
0
56.fc6a1d0f.chunk.js
invest.alfabank.ru/desktop/static/js/ 		67 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invest.alfabank.ru/desktop/static/js/56.fc6a1d0f.chunk.js
Requested by
Host: invest.alfabank.ru
URL: https://invest.alfabank.ru/desktop/static/js/main.33bfaf88.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.12.99.33 , Russian Federation, ASN15632 (ALFA-BANK-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
6c46f28729a4335b42e3078187907690ad705631d2f528042b4bd4644b5b0b46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://invest.alfabank.ru/auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro

Response headers

Content-Encoding
gzip
ETag
W/"670f6c29-10d40"
X-Content-Type-Options
nosniff
Access-Control-Allow-Methods
*
Expires
Thu, 16 Oct 2025 13:40:56 GMT
Date
Wed, 16 Oct 2024 13:40:56 GMT
Last-Modified
Wed, 16 Oct 2024 07:32:57 GMT
Content-Type
application/javascript
Vary
Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Access-Control-Allow-Headers
*
Cache-Control
max-age=31536000
Connection
keep-alive
Access-Control-Allow-Origin
*
Server
nginx/1.20.1
i
metrics.alfabank.ru/metrica/cib/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
private.auth.alfabank.ru
URL
https://private.auth.alfabank.ru/passport/cerberus-mini/dashboard/cross_auth?response_type=code&client_id=adirect-webpro&scope=openid%20adirect-webpro
Domain
metrics.alfabank.ru
URL
https://metrics.alfabank.ru/metrica/cib/i?ztm=1729086107416&e=se&se_ca=tech_trace&se_ac=app_is_opened&se_la=Tech&tv=js-2.8.2&tna=ab&aid=aio-desktop&p=web&tz=America%2FLos_Angeles&lang=en-CA&cs=UTF-8&f_pdf=1&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=0&f_java=0&f_gears=0&f_ag=0&res=1600x1200&cd=24&cookie=1&eid=59fc8e66-b9d5-432c-9a47-bb193cd3a2e0&dtm=1729086107414&vp=1600x1200&ds=1600x1200&vid=1&sid=81b19860-0644-4133-97e2-fca69be3a8c7&duid=29dc7d40-77fe-42ad-88ea-c4f7dc097acc&fp=712367576&url=https%3A%2F%2Finvest.alfabank.ru%2Fauth%3Fresponse_type%3Dcode%26client_id%3Dadirect-webpro%26scope%3Dopenid%2520adirect-webpro&cx=eyJzY2hlbWEiOiJpZ2x1OmNvbS5zbm93cGxvd2FuYWx5dGljcy5zbm93cGxvdy9jb250ZXh0cy9qc29uc2NoZW1hLzEtMC0wIiwiZGF0YSI6W3sic2NoZW1hIjoiaWdsdTpjb20uYWxmYWJhbmsvY3VzdG9tX2RpbWVuc2lvbi9qc29uc2NoZW1hLzEtMC0wIiwiZGF0YSI6eyIxIjoiYXBwU291cmNlPWJyb3dzZXIifX1dfQ

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunk_terminal_ai_pro function| h0kk function| _logout function| __zsstore function| __setGoFeatureFlags function| _ function| saveAs function| __setProFeatureFlags object| __renderTracker object| aDebug function| setLogLevel object| GlobalSnowplowNamespace function| sp object| Snowplow

3 Cookies

Domain/Path Name / Value
.alfabank.ru/ Name: GW_SESSION_AIO
Value: 733836f1-9cc6-466d-bccd-7cb211e62ee1
.alfabank.ru/ Name: _sp_ses.3c2b
Value: *
.alfabank.ru/ Name: _sp_id.3c2b
Value: 29dc7d40-77fe-42ad-88ea-c4f7dc097acc.1729086107.1.1729086107.1729086107.81b19860-0644-4133-97e2-fca69be3a8c7

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN