www.online.ziraatsecure.net Open in urlscan Pro
198.54.121.239 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.online.ziraatsecure.net/
Submission: On August 30 via automatic, source certstream-suspicious (August 30th 2021, 10:38:16 pm UTC)

Summary HTTP 44 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 9 domains to perform 44 HTTP transactions. The main IP is 198.54.121.239, located in Los Angeles, United States and belongs to NAMECHEAP-NET, US. The main domain is www.online.ziraatsecure.net.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 7th 2020. Valid for: 2 years.

This is the only time www.online.ziraatsecure.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	198.54.121.239 198.54.121.239	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
44	3

1 198.54.121.239 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium68-4.web-hosting.com

www.online.ziraatsecure.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	bootstrapcdn.com stackpath.bootstrapcdn.com	7 KB
1	ziraatsecure.net www.online.ziraatsecure.net	18 KB
0	userway.org Failed cdn.userway.org Failed
0	unsplash.com Failed images.unsplash.com Failed
0	google-analytics.com Failed www.google-analytics.com Failed
0	mycoracle.com Failed static.mycoracle.com Failed
0	whenwherehow.pk Failed whenwherehow.pk Failed
0	fidelitybank.ng Failed eserve.fidelitybank.ng Failed
0	mp.bank Failed mp.bank Failed
44	9

	Domain	Requested by
1	stackpath.bootstrapcdn.com	www.online.ziraatsecure.net
1	www.online.ziraatsecure.net	www.online.ziraatsecure.net
0	cdn.userway.org Failed	www.online.ziraatsecure.net
0	images.unsplash.com Failed	www.online.ziraatsecure.net
0	www.google-analytics.com Failed	www.online.ziraatsecure.net
0	static.mycoracle.com Failed	www.online.ziraatsecure.net
0	whenwherehow.pk Failed	www.online.ziraatsecure.net
0	eserve.fidelitybank.ng Failed	www.online.ziraatsecure.net
0	mp.bank Failed	www.online.ziraatsecure.net
44	9

This site contains no links.

Subject Issuer	Validity	Valid
*.web-hosting.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-07` - `2022-04-05`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.online.ziraatsecure.net/
Frame ID: 1F9BFCA5C25A08825BD16CB4720A1F39
Requests: 44 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

44
Requests

2 %
HTTPS

50 %
IPv6

9
Domains

9
Subdomains

3
IPs

1
Countries

26 kB
Transfer

141 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.online.ziraatsecure.net/ 111 KB
18 KB 1023ms
472ms Document
text/html 198.54.121.239
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.online.ziraatsecure.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.121.239 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium68-4.web-hosting.com
Software: LiteSpeed /
Resource Hash: 4a4adad7e907988273db17361dffae97b01526e1ae9f9e986b47199298f4fe78

Request headers

:method: GET
:authority: www.online.ziraatsecure.net
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-type: text/html
last-modified: Mon, 30 Aug 2021 15:30:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18571
date: Mon, 30 Aug 2021 22:37:38 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

GET style.min.css
mp.bank/wp-includes/css/dist/block-library/ 0
0

GET frontend.min.css
mp.bank/wp-content/plugins/exit-notifier/assets/css/ 0
0

GET jAlert.min.css
mp.bank/wp-content/plugins/exit-notifier/assets/css/ 0
0

GET mediaelementplayer-legacy.min.css
mp.bank/wp-includes/js/mediaelement/ 0
0

GET wp-mediaelement.min.css
mp.bank/wp-includes/js/mediaelement/ 0
0

GET avia-merged-styles-8bf3d5dad2ce75c2cbcc2c37494cf826---5f3b067ba783e.css
mp.bank/wp-content/uploads/dynamic_avia/ 0
0

GET style.css
mp.bank/wp-content/themes/enfold-child/ 0
0

GET jquery.js
mp.bank/wp-includes/js/jquery/ 0
0

GET frontend.min.js
mp.bank/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 0
0

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 208ms
73ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.online.ziraatsecure.net
URL: https://www.online.ziraatsecure.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.online.ziraatsecure.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 22:37:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 617, 617
age: 13916506
cdn-cachedat: 2021-03-11 11:57:51
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 6fc1a75116c932681ed09108db37b84c
cf-ray: 687181412cb04e80-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET frontend.js
mp.bank/wp-content/plugins/exit-notifier/assets/js/ 0
0

GET jAlert.min.js
mp.bank/wp-content/plugins/exit-notifier/assets/js/ 0
0

GET sweetalert2.all.min.js
mp.bank/wp-content/plugins/exit-notifier/assets/js/ 0
0

GET logo.png
www.online.ziraatsecure.net/ 0
0

GET web-gravity-payments-background-2000x800-1.jpg
mp.bank/wp-content/uploads/2020/09/ 0
0

GET Coronavirus-Scams-v2.jpg
mp.bank/wp-content/uploads/2020/08/ 0
0

GET web-banner-loans-sba-2000x800-background.jpg
mp.bank/wp-content/uploads/2020/07/ 0
0

GET banner1.jpg
eserve.fidelitybank.ng/onlineaccount/Images/newdesign/ 0
0

GET Mortgage_banner.jpg
mp.bank/wp-content/uploads/2020/06/ 0
0

GET 960x0.jpg
whenwherehow.pk/wp-content/uploads/2020/08/ 0
0

GET banker_2.jpg
static.mycoracle.com/maritimeinfo/media/content/ 0
0

GET img_herobanner.jpg
mp.bank/wp-content/uploads/2019/03/ 0
0

GET Coronavirus-Scams-scaled.jpg
mp.bank/wp-content/uploads/2020/08/ 0
0

GET HP-Mobile-Deposit-2.jpg
mp.bank/wp-content/uploads/2020/04/ 0
0

GET after-slider-bg-1.jpg
mp.bank/wp-content/uploads/2019/01/ 0
0

GET after-slider-bg-2.jpg
mp.bank/wp-content/uploads/2019/01/ 0
0

GET after-slider-bg-3.jpg
mp.bank/wp-content/uploads/2019/01/ 0
0

GET after-slider-bg-4.jpg
mp.bank/wp-content/uploads/2019/01/ 0
0

GET analytics.js
www.google-analytics.com/ 0
0

GET free-atms-img.jpg
mp.bank/wp-content/uploads/2019/01/ 0
0

GET merchant-services-img.jpg
mp.bank/wp-content/uploads/2019/01/ 0
0

GET photo-1541354329998-f4d9a9f9297f
images.unsplash.com/ 0
0

GET location-img.png
mp.bank/wp-content/uploads/2019/01/ 0
0

GET widget.js
cdn.userway.org/ 0
0

GET style.css
mp.bank/wp-content/plugins/userway-accessibility-widget/assets/ 0
0

GET blankshield.min.js
mp.bank/wp-content/plugins/ithemes-security-pro/core/modules/wordpress-tweaks/js/blankshield/ 0
0

GET block-tabnapping.min.js
mp.bank/wp-content/plugins/ithemes-security-pro/core/modules/wordpress-tweaks/js/ 0
0

GET mailtolinks.js
mp.bank/wp-content/themes/enfold-child/ 0
0

GET mediaelement-and-player.min.js
mp.bank/wp-includes/js/mediaelement/ 0
0

GET mediaelement-migrate.min.js
mp.bank/wp-includes/js/mediaelement/ 0
0

GET wp-mediaelement.min.js
mp.bank/wp-includes/js/mediaelement/ 0
0

GET wp-embed.min.js
mp.bank/wp-includes/js/ 0
0

GET avia-footer-scripts-59d78a6f5a51c9f6493dd73f9ae00f07---5f3b055741e54.js
mp.bank/wp-content/uploads/dynamic_avia/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mp.bank
URL: https://mp.bank/wp-includes/css/dist/block-library/style.min.css

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/exit-notifier/assets/css/frontend.min.css

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/exit-notifier/assets/css/jAlert.min.css

Domain: mp.bank
URL: https://mp.bank/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Domain: mp.bank
URL: https://mp.bank/wp-includes/js/mediaelement/wp-mediaelement.min.css

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/dynamic_avia/avia-merged-styles-8bf3d5dad2ce75c2cbcc2c37494cf826---5f3b067ba783e.css

Domain: mp.bank
URL: https://mp.bank/wp-content/themes/enfold-child/style.css

Domain: mp.bank
URL: https://mp.bank/wp-includes/js/jquery/jquery.js

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend.min.js

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/exit-notifier/assets/js/frontend.js

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/exit-notifier/assets/js/jAlert.min.js

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/exit-notifier/assets/js/sweetalert2.all.min.js

Domain: www.online.ziraatsecure.net
URL: https://www.online.ziraatsecure.net/logo.png

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2020/09/web-gravity-payments-background-2000x800-1.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2020/08/Coronavirus-Scams-v2.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2020/07/web-banner-loans-sba-2000x800-background.jpg

Domain: eserve.fidelitybank.ng
URL: https://eserve.fidelitybank.ng/onlineaccount/Images/newdesign/banner1.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2020/06/Mortgage_banner.jpg

Domain: whenwherehow.pk
URL: https://whenwherehow.pk/wp-content/uploads/2020/08/960x0.jpg

Domain: static.mycoracle.com
URL: https://static.mycoracle.com/maritimeinfo/media/content/banker_2.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2019/03/img_herobanner.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2020/08/Coronavirus-Scams-scaled.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2020/04/HP-Mobile-Deposit-2.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2019/01/after-slider-bg-1.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2019/01/after-slider-bg-2.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2019/01/after-slider-bg-3.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2019/01/after-slider-bg-4.jpg

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2019/01/free-atms-img.jpg

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2019/01/merchant-services-img.jpg

Domain: images.unsplash.com
URL: https://images.unsplash.com/photo-1541354329998-f4d9a9f9297f?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=934&q=80

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/2019/01/location-img.png

Domain: cdn.userway.org
URL: https://cdn.userway.org/widget.js

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/userway-accessibility-widget/assets/style.css

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/ithemes-security-pro/core/modules/wordpress-tweaks/js/blankshield/blankshield.min.js

Domain: mp.bank
URL: https://mp.bank/wp-content/plugins/ithemes-security-pro/core/modules/wordpress-tweaks/js/block-tabnapping.min.js

Domain: mp.bank
URL: https://mp.bank/wp-content/themes/enfold-child/mailtolinks.js

Domain: mp.bank
URL: https://mp.bank/wp-includes/js/mediaelement/mediaelement-and-player.min.js

Domain: mp.bank
URL: https://mp.bank/wp-includes/js/mediaelement/mediaelement-migrate.min.js

Domain: mp.bank
URL: https://mp.bank/wp-includes/js/mediaelement/wp-mediaelement.min.js

Domain: mp.bank
URL: https://mp.bank/wp-includes/js/wp-embed.min.js

Domain: mp.bank
URL: https://mp.bank/wp-content/uploads/dynamic_avia/avia-footer-scripts-59d78a6f5a51c9f6493dd73f9ae00f07---5f3b055741e54.js

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.userway.org
eserve.fidelitybank.ng
images.unsplash.com
mp.bank
stackpath.bootstrapcdn.com
static.mycoracle.com
whenwherehow.pk
www.google-analytics.com
www.online.ziraatsecure.net
cdn.userway.org
eserve.fidelitybank.ng
images.unsplash.com
mp.bank
static.mycoracle.com
whenwherehow.pk
www.google-analytics.com
www.online.ziraatsecure.net
198.54.121.239
2606:4700::6812:bcf
4a4adad7e907988273db17361dffae97b01526e1ae9f9e986b47199298f4fe78
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

www.online.ziraatsecure.net Open in urlscan Pro 198.54.121.239 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

44 Requests

2 %HTTPS

50 %IPv6

9 Domains

9 Subdomains

3 IPs

1 Countries

26 kBTransfer

141 kBSize

0 Cookies

0 Outgoing links

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

0 Cookies

Indicators

www.online.ziraatsecure.net Open in urlscan Pro
198.54.121.239 Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

2 %
HTTPS

50 %
IPv6

9
Domains

9
Subdomains

3
IPs

1
Countries

26 kB
Transfer

141 kB
Size

0
Cookies

44 HTTP transactions
0 data transactions