onnumara.click
Open in
urlscan Pro
172.67.164.133
Malicious Activity!
Public Scan
Submission: On June 06 via api from TR — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on May 29th 2024. Valid for: 3 months.
This is the only time onnumara.click was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Denizbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
19 | 172.67.164.133 172.67.164.133 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
onnumara.click
onnumara.click |
742 KB |
19 | 1 |
Domain | Requested by | |
---|---|---|
19 | onnumara.click |
onnumara.click
|
19 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
onnumara.click GTS CA 1P5 |
2024-05-29 - 2024-08-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://onnumara.click/?fbclid=PAAaaNCwdSSWhxzSKXWmk6KR108OcTnhVqkb_N2wMTTo3Io_rM7Ij5aABizC8_aem_AXXpyOQu6K59ql-LgJpFSsmQfPXRwjSEiUxXPwn80XJ2_En5Dn2zSYuYlFdswc5TPAW_eDnAPIxi6HgTdL0qww9r
Frame ID: BB9065E53493ACE574D0BE5073083CD1
Requests: 19 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
onnumara.click/ |
20 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
onnumara.click/assets/css/ |
662 KB 111 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loading.gif
onnumara.click/assets/img/ |
37 KB 37 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo-light.svg
onnumara.click/assets/img/ |
176 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
world.svg
onnumara.click/assets/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
qrPhoto.jpg
onnumara.click/assets/img/ |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
denizbank-mobile.jpg
onnumara.click/assets/img/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
login-footer-logo.svg
onnumara.click/assets/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
enbd.png
onnumara.click/assets/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
onnumara.click/assets/js/ |
426 KB 128 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
spring.jpg
onnumara.click/assets/img/ |
325 KB 326 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
opensans-semibold-webfont.1045337df148fc781940.woff2
onnumara.click/assets/fonts/ |
12 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icomoon.2d5db81bd20c9209ae0b.ttf
onnumara.click/assets/fonts/ |
105 KB 59 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
opensans-regular-webfont.a66a53e7f788b1ab7e41.woff2
onnumara.click/assets/fonts/ |
12 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
opensans-bold-webfont.7b013a3110831768093f.woff2
onnumara.click/assets/fonts/ |
12 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
datach.php
onnumara.click/ |
0 443 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
appicon.png
onnumara.click/assets/img/ |
808 B 852 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
onnumara.click/assets/img/ |
1 KB 826 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
datach.php
onnumara.click/ |
0 445 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Denizbank (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0xf7e9 function| _0x4d18 function| $ function| jQuery function| gonder0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
onnumara.click
172.67.164.133
1817d385ab183f0aa686fb0414447c488f7067167c21b23741c4942ec76bd6cf
1963b64c74e7685913c0098a62f1c675ff8c0068cfbeda402656d961e406bfaa
1b74331ad061c583ad54561f95596a8481b95d863a431fc4daf3a9ee7d151975
3da913d79fff46cfe4d58d56e141cfcb31865606284507f7a530db69394330fb
4d54a976b6fa75c73ec219bf5ca96537d46c387c138842fe3d76be0d9e111e0a
54e92ad9930ef375b8f4e1a1fe7fe5c86d43d7ad00a955c5df818e26489049b8
59c1a112d5d610c1399aa46d5b549c5aad1e4b283aaf785545e818d053f25378
7a8608edb1a080569125722d8c65598fd4a27c78c1c3fe09bd157cfc5fbf2523
a085c2f1e7df8cdded779fa68b0ce2e0d31d3352ed8d8238cb540f35fa20cf0d
b582e5e36135cfe697ec9cfbb06ff7407a7d89a9e4a1287cfdd905cc3f9669e5
b7adb5ea78fcffa3c66186e90d237802f3d8d3fd21e77c7dcf33f952ed9bf73f
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
be3979aa66ab98b74f4c323b1c194cba444de65913e489d5786e0c7fd8f310c0
ca8e907c10b418e455dee845fb08993fa1f8edb7a3f890f7a19a8011e472ee3d
cf33092752054c7e93201ebd484c7e47a194635120a46cc3786b4107195edf1e
d5b36f08a46e0a0ef81b828bb9d05df63f1f7391521d238b82c5c3ce31782b05
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb9d142415c55c049c8c9514263c4faed91f49a206e1985fef4915af2d819453