![](/screenshots/6ad251ed-03f1-4d37-8f4a-336f76020f66.png)
erdemr34denyasarsin.xyz
Open in
urlscan Pro
172.67.213.92
Malicious Activity!
Public Scan
Submission: On May 24 via api from TR — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on May 24th 2024. Valid for: 3 months.
This is the only time erdemr34denyasarsin.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BDDK (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 172.67.213.92 172.67.213.92 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.67.71.57 172.67.71.57 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:813::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.67.8.141 172.67.8.141 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 7 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
erdemr34denyasarsin.xyz
erdemr34denyasarsin.xyz |
173 KB |
2 |
gstatic.com
fonts.gstatic.com |
82 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33 |
4 KB |
1 |
amung.us
whos.amung.us — Cisco Umbrella Rank: 17157 |
213 B |
1 |
waust.at
waust.at — Cisco Umbrella Rank: 40895 |
4 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
27 KB |
16 | 6 |
Domain | Requested by | |
---|---|---|
9 | erdemr34denyasarsin.xyz |
erdemr34denyasarsin.xyz
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | fonts.googleapis.com |
erdemr34denyasarsin.xyz
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
erdemr34denyasarsin.xyz
|
1 | cdnjs.cloudflare.com |
erdemr34denyasarsin.xyz
|
16 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
erdemr34denyasarsin.xyz GTS CA 1P5 |
2024-05-24 - 2024-08-22 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
waust.at GTS CA 1P5 |
2024-05-04 - 2024-08-02 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
amung.us GTS CA 1P5 |
2024-05-09 - 2024-08-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://erdemr34denyasarsin.xyz/login.php?bank=garanti
Frame ID: 8AD0E25A7FE2E20813D0FFDC3590C594
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
login.php
erdemr34denyasarsin.xyz/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
erdemr34denyasarsin.xyz/assets/css/ |
139 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
garanti-transformed.png
erdemr34denyasarsin.xyz/assets/images/transparent/ |
46 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form-progress.svg
erdemr34denyasarsin.xyz/assets/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
inputmask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.7/ |
99 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
erdemr34denyasarsin.xyz/assets/js/ |
162 KB 60 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
s.js
waust.at/ |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
68 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
21 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
edkkds.svg
erdemr34denyasarsin.xyz/assets/images/ |
9 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 47 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
button-right.126.svg
erdemr34denyasarsin.xyz/assets/images/ |
448 B 789 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
arrow-left.126.svg
erdemr34denyasarsin.xyz/assets/images/ |
393 B 756 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/ |
35 KB 35 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
whos.amung.us/pingjs/ |
28 B 213 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon-196x196.png
erdemr34denyasarsin.xyz/assets/images/ |
38 KB 38 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BDDK (Banking)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| Inputmask function| default function| _0x29df51 function| _0x5330c0 function| _0x319c50 function| _0x35d290 function| _0x557935 function| _0x1a557a function| _0x40960b function| _0xf78fb0 function| _0x289a function| _0x494c function| _0x4ca9d2 function| _0x185439 function| _0x450d6e object| _wau object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
erdemr34denyasarsin.xyz/ | Name: PHPSESSID Value: hp0ic1r6kpb9kr35c8934mu86q |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
erdemr34denyasarsin.xyz
fonts.googleapis.com
fonts.gstatic.com
waust.at
whos.amung.us
104.17.24.14
172.67.213.92
172.67.71.57
172.67.8.141
2a00:1450:4001:809::200a
2a00:1450:4001:813::2003
0dcf73b3ae74451091df71905883cc4e32d18ab16c3b36d552fc79bddec1be1c
1273f5a50d06e87ba0af8a2da2b63f272a758ca2f94ebe82faf88577840c2324
14e8e481e7afcaae3200f172bd49bf7146ea2a23d3fdf0ba71d5fdbbd0c8c5a4
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
39966ec7eea8f508184cef9f98895a0e8d74e3328a43cc8a93c528cfca888691
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
41ec1cc54595544930734754d8c3ba67e340f14076e7f2d3d695ccaa971ad1ed
633926b7656b3a4072597166517dabc779c8f15d0c455dfad616c11bf3694600
766e2a4a42176791da5ae383fe632465a2261adf9bd7f75916f2e83a1810fbc1
945f7d25e8f885da3c77668f74ecacefa894dc535ac048f57a56e2b2fc2560df
9ea5de183cb4e7bbfd327d5d5283553f323e60e149bd3ebee310e81c5eda500e
adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b
bd4bb9bd2a39844fa841d35ad0b27b3aeb1f625cc0d7763caf1377d7d36d6fae
cb0374314e49be2700c9f7c6c59be3248d2658cc0f426faed041928712b26475
db82ffa65fe7193674430ba62870145e3637005f59077b7dea606d39cf4b0091
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
ff7498da718b1f50faeefae71e24ceadf4575da0692b84c9a1ad359daa1f2ff2