erdemr34denyasarsin.xyz Open in urlscan Pro
172.67.213.92  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request login.php Show response erdemr34denyasarsin.xyz/	8 KB 3 KB	279ms 228ms	Document text/html	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://erdemr34denyasarsin.xyz/login.php?bank=garanti Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.3.7 PleskLin Resource Hash 41ec1cc54595544930734754d8c3ba67e340f14076e7f2d3d695ccaa971ad1ed Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 888cc500eda39c0c-FRA content-encoding br content-type text/html; charset=UTF-8 date Fri, 24 May 2024 10:58:16 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1XGennS%2FL3T5vFGaf69aw1zGeRJPKIHZF8pdP52p9dFEJR4F%2Fs1v9jo6IvBxB9CbtR%2BV425IwSMAhlAJzuProDYScE6HCmyvO0CFstCBAbo47fn%2FVx5cAwtX1Q3Kis%2FcCk19D5DlhcnYQg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.3.7 PleskLin
GET H3	200	style.css erdemr34denyasarsin.xyz/assets/css/	139 KB 19 KB	282ms 281ms	Stylesheet text/css	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://erdemr34denyasarsin.xyz/assets/css/style.css Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/login.php?bank=garanti Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash 633926b7656b3a4072597166517dabc779c8f15d0c455dfad616c11bf3694600 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/login.php?bank=garanti Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 22 Feb 2024 12:04:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65d73842-22b6c" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WremVuzgczgWbAmxlQnEPKTPwb5LLb3Fo9QJ1LZNV9VelCZ9%2B07228h7lZsojG%2BW2zrRiKhLzmlee3gV5H8pO9hwx6JZUAjRJ%2B5pwQPHY5TVf0XlAP0enAfNELSQei1b%2BaRpBA1Fkfqh1A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 888cc50258569c0c-FRA alt-svc h3=":443"; ma=86400
GET H3	200	garanti-transformed.png erdemr34denyasarsin.xyz/assets/images/transparent/	46 KB 46 KB	331ms 330ms	Image image/png	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://erdemr34denyasarsin.xyz/assets/images/transparent/garanti-transformed.png Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/login.php?bank=garanti Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash 1273f5a50d06e87ba0af8a2da2b63f272a758ca2f94ebe82faf88577840c2324 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/login.php?bank=garanti Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT cf-cache-status MISS last-modified Thu, 22 Feb 2024 12:04:29 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65d7384d-b61b" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xQ6OtZxhnz%2BCFVNLCncGiiC7ugCJFY2WBEz3fp50aR%2FbRsVNo7M6XOvAiWZfZgQUA1oIqiTibfwsT02FJocCkqUWwcPK6jG8BCiPE%2FoRz3aboeO%2BPxsnkZz8X1dI0y0grlDwagSj8qhJJQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 888cc502585b9c0c-FRA alt-svc h3=":443"; ma=86400 content-length 46619
GET H3	200	form-progress.svg erdemr34denyasarsin.xyz/assets/images/	1 KB 1 KB	222ms 221ms	Image image/svg+xml	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://erdemr34denyasarsin.xyz/assets/images/form-progress.svg Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/login.php?bank=garanti Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash ff7498da718b1f50faeefae71e24ceadf4575da0692b84c9a1ad359daa1f2ff2 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/login.php?bank=garanti Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 22 Feb 2024 12:04:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65d73844-42c" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tyARku5NmTlgu7n3zskkeT%2Bt1%2BmUhC6nyxR%2BjcT3cKeagJcgxcHcYKkfwc7IOv4pGnR%2BuAFe851eZyMkwqkpMsXCgVfgB%2FprhyHLKZyaVWulE397AeeJ8T0fTtDbXLKTZARcmq55GWZ8uA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 888cc502585d9c0c-FRA alt-svc h3=":443"; ma=86400
GET H3	200	inputmask.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.7/	99 KB 27 KB	75ms 52ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.7/inputmask.min.js Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/login.php?bank=garanti Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash db82ffa65fe7193674430ba62870145e3637005f59077b7dea606d39cf4b0091 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer Origin https://erdemr34denyasarsin.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 4372207 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 26905 last-modified Thu, 30 Dec 2021 22:38:08 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "61ce34d0-6919" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hLkF8EkDy5bEt3YPUVVAbBs6Nwtel04e2VQXwyzHTozXI72giTfwvsWCtD0oBi4nIISXbT%2BqZNCaRU1AvgM4wEVlS1a5twQA4zydIb3mw99ev65km%2FhKMd1rJu%2F7QRLcS1cvLwpd"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 888cc5027fc81c6d-FRA expires Wed, 14 May 2025 10:58:16 GMT
GET H3	200	script.js Show response erdemr34denyasarsin.xyz/assets/js/	162 KB 60 KB	232ms 231ms	Script application/javascript	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://erdemr34denyasarsin.xyz/assets/js/script.js Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/login.php?bank=garanti Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash 9ea5de183cb4e7bbfd327d5d5283553f323e60e149bd3ebee310e81c5eda500e Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/login.php?bank=garanti Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 22 Feb 2024 12:04:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65d73846-28671" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VVM2pO2VIsvL%2FBJh4Ag4%2Buzann7Y8UFZU2g4fpC3m8qNXEJzcJv0kLlL%2FkDxmfmR0iUnoglBzYihUlVHLnof%2FP3yD5l%2BZxYis52eNz4u3xyDaEVLQnYo%2FH7YPRZxpZTiKamOzmw5DETGmA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 888cc502686a9c0c-FRA alt-svc h3=":443"; ma=86400
GET H3	200	s.js Show response waust.at/	8 KB 4 KB	77ms 41ms	Script application/x-javascript	172.67.71.57 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://waust.at/s.js Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/login.php?bank=garanti Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.71.57 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding gzip cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2553 alt-svc h3=":443"; ma=86400 last-modified Thu, 12 Jan 2023 17:19:26 GMT server cloudflare etag W/"63c0411e-2170" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ETWotvQPJJzlRHdsGpniJinOzmu1%2BMXLyOJ65MaThZrlRsoVN0PM48kyN8KQlB94BikichBKkHpxMLK9avEIf%2F0uQ18dN%2FXdX99ALyLMrr2lBUVGrWIiVEZU"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=86400 cf-ray 888cc502aa08a05b-FRA expires Sat, 25 May 2024 10:15:43 GMT
GET H2	200	css2 fonts.googleapis.com/	68 KB 2 KB	75ms 29ms	Stylesheet text/css	2a00:1450:4001:809::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/assets/css/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0dcf73b3ae74451091df71905883cc4e32d18ab16c3b36d552fc79bddec1be1c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Fri, 24 May 2024 10:58:16 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 24 May 2024 10:07:17 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 24 May 2024 10:58:16 GMT
GET H2	200	css2 fonts.googleapis.com/	21 KB 1 KB	75ms 29ms	Stylesheet text/css	2a00:1450:4001:809::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto+Slab:wght@100;200;300;400;500;600;700;800;900&display=swap Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/assets/css/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash bd4bb9bd2a39844fa841d35ad0b27b3aeb1f625cc0d7763caf1377d7d36d6fae Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Fri, 24 May 2024 10:58:16 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 24 May 2024 10:24:02 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 24 May 2024 10:58:16 GMT
GET H3	200	edkkds.svg erdemr34denyasarsin.xyz/assets/images/	9 KB 4 KB	232ms 232ms	Image image/svg+xml	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://erdemr34denyasarsin.xyz/assets/images/edkkds.svg Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/assets/css/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash 39966ec7eea8f508184cef9f98895a0e8d74e3328a43cc8a93c528cfca888691 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/assets/css/style.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 22 Feb 2024 12:04:19 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65d73843-222a" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qq%2FHvAO9obdq5T7KYtIF3QbdsYqP8j5BHNIWeL4livit7vJU%2BYqpbYqpZm5a5ZiGcK6JXor4ZhQcP%2BBNd0jVNocnRrGRSC0x1Gb7LW16zfYhtsSFRTj9RhkuaLfDPLZcMNUVd3%2B9n8vHGA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 888cc504ac4b9c0c-FRA alt-svc h3=":443"; ma=86400
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v40/	47 KB 47 KB	86ms 42ms	Font font/woff2	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://fonts.googleapis.com/ Origin https://erdemr34denyasarsin.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 17 May 2024 22:45:56 GMT x-content-type-options nosniff age 562340 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 48236 x-xss-protection 0 last-modified Thu, 14 Dec 2023 02:08:40 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 17 May 2025 22:45:56 GMT
GET H3	200	button-right.126.svg erdemr34denyasarsin.xyz/assets/images/	448 B 789 B	215ms 215ms	Image image/svg+xml	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://erdemr34denyasarsin.xyz/assets/images/button-right.126.svg Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/assets/css/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash 14e8e481e7afcaae3200f172bd49bf7146ea2a23d3fdf0ba71d5fdbbd0c8c5a4 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/assets/css/style.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 22 Feb 2024 12:04:19 GMT x-accel-version 0.01 server cloudflare nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} etag W/"1c0-611f73e3c56c0" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lH7wXbbmxi4eUB0IvSzrQESjC7JZjLXoD4vHE03isKQAH%2FBg7RSO1xnD3w3YJnZ8xoHuWek52T8VesKGvoZbhpmiJ5maF82IkXo2q6P6ej1z2qGPQTZ%2ByTxzmBXvEVikXrF1ACEHN%2FagsQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 888cc504ac559c0c-FRA alt-svc h3=":443"; ma=86400
GET H3	200	arrow-left.126.svg erdemr34denyasarsin.xyz/assets/images/	393 B 756 B	223ms 223ms	Image image/svg+xml	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://erdemr34denyasarsin.xyz/assets/images/arrow-left.126.svg Requested by Host: erdemr34denyasarsin.xyz URL: https://erdemr34denyasarsin.xyz/assets/css/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash 945f7d25e8f885da3c77668f74ecacefa894dc535ac048f57a56e2b2fc2560df Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/assets/css/style.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding br cf-cache-status MISS last-modified Thu, 22 Feb 2024 12:04:18 GMT x-accel-version 0.01 server cloudflare nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} etag W/"189-611f73e2d1480" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aOuCRRDnNgDg5XdA1JJ8ody5wqwxnw1fo1A2n9gcG4SO5RHF4skwwKsQijGnvTbKbP90w3YcQDw%2B7ZtCVMpxZyV3DLdj%2Bh6zFfGFPJda25wRDnUMWKVlombjibs3htZEkBhdTBtCXvIU%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 888cc504ac599c0c-FRA alt-svc h3=":443"; ma=86400
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 fonts.gstatic.com/s/opensans/v40/	35 KB 35 KB	64ms 19ms	Font font/woff2	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://fonts.googleapis.com/ Origin https://erdemr34denyasarsin.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 21 May 2024 06:19:06 GMT x-content-type-options nosniff age 275950 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35328 x-xss-protection 0 last-modified Thu, 14 Dec 2023 02:00:45 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 21 May 2025 06:19:06 GMT
GET H3	200	/ Show response whos.amung.us/pingjs/	28 B 213 B	252ms 216ms	Script text/javascript	172.67.8.141 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://whos.amung.us/pingjs/?k=9rjcinrjmu&t=M%C3%BC%C5%9Fteri%20Portal%C4%B1%20%7C%20e-Devlet&c=s&x=https%3A%2F%2Ferdemr34denyasarsin.xyz%2Flogin.php%3Fbank%3Dgaranti&y=&a=0&d=0.695&v=27&r=2127 Requested by Host: waust.at URL: https://waust.at/s.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.8.141 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 766e2a4a42176791da5ae383fe632465a2261adf9bd7f75916f2e83a1810fbc1 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:16 GMT content-encoding gzip cf-cache-status DYNAMIC server cloudflare cf-ray 888cc5052b450497-FRA alt-svc h3=":443"; ma=86400 content-type text/javascript;charset=UTF-8
GET DATA	200 OK	truncated /	439 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Type image/gif
GET H3	200	favicon-196x196.png erdemr34denyasarsin.xyz/assets/images/	38 KB 38 KB	313ms 312ms	Other image/png	172.67.213.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://erdemr34denyasarsin.xyz/assets/images/favicon-196x196.png Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.213.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash cb0374314e49be2700c9f7c6c59be3248d2658cc0f426faed041928712b26475 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://erdemr34denyasarsin.xyz/login.php?bank=garanti Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 24 May 2024 10:58:17 GMT cf-cache-status MISS last-modified Thu, 22 Feb 2024 12:04:19 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65d73843-9696" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lipgdcq038XTZx7yZcvOeX2sILkXc9wI%2Bfpmb8fQ%2FXL%2B3O76jSwwQA%2B34LeWjjfHVbO%2F%2FfMq91Q3%2FO18yOHhjvwQ4RZtRbOFAKkD1JGVPcU464EPKzPQLcCuU5KryMwE%2B%2B6%2BrStFwSRf0w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 888cc5068f729c0c-FRA alt-svc h3=":443"; ma=86400 content-length 38550

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BDDK (Banking)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Inputmask function| default function| _0x29df51 function| _0x5330c0 function| _0x319c50 function| _0x35d290 function| _0x557935 function| _0x1a557a function| _0x40960b function| _0xf78fb0 function| _0x289a function| _0x494c function| _0x4ca9d2 function| _0x185439 function| _0x450d6e object| _wau object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x2

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			erdemr34denyasarsin.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: hp0ic1r6kpb9kr35c8934mu86q

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
erdemr34denyasarsin.xyz
fonts.googleapis.com
fonts.gstatic.com
waust.at
whos.amung.us
104.17.24.14
172.67.213.92
172.67.71.57
172.67.8.141
2a00:1450:4001:809::200a
2a00:1450:4001:813::2003
0dcf73b3ae74451091df71905883cc4e32d18ab16c3b36d552fc79bddec1be1c
1273f5a50d06e87ba0af8a2da2b63f272a758ca2f94ebe82faf88577840c2324
14e8e481e7afcaae3200f172bd49bf7146ea2a23d3fdf0ba71d5fdbbd0c8c5a4
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
39966ec7eea8f508184cef9f98895a0e8d74e3328a43cc8a93c528cfca888691
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
41ec1cc54595544930734754d8c3ba67e340f14076e7f2d3d695ccaa971ad1ed
633926b7656b3a4072597166517dabc779c8f15d0c455dfad616c11bf3694600
766e2a4a42176791da5ae383fe632465a2261adf9bd7f75916f2e83a1810fbc1
945f7d25e8f885da3c77668f74ecacefa894dc535ac048f57a56e2b2fc2560df
9ea5de183cb4e7bbfd327d5d5283553f323e60e149bd3ebee310e81c5eda500e
adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b
bd4bb9bd2a39844fa841d35ad0b27b3aeb1f625cc0d7763caf1377d7d36d6fae
cb0374314e49be2700c9f7c6c59be3248d2658cc0f426faed041928712b26475
db82ffa65fe7193674430ba62870145e3637005f59077b7dea606d39cf4b0091
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
ff7498da718b1f50faeefae71e24ceadf4575da0692b84c9a1ad359daa1f2ff2