![](/screenshots/93a4085b-b387-4491-8e23-302b78d3bb07.png)
zerosevenone.buzz
Open in
urlscan Pro
161.97.83.26
Malicious Activity!
Public Scan
Submission: On July 07 via api from TR — Scanned from DE
Summary
TLS certificate: Issued by R11 on June 17th 2024. Valid for: 3 months.
This is the only time zerosevenone.buzz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Finansbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 161.97.83.26 161.97.83.26 | 51167 (CONTABO) (CONTABO) | |
16 | 62.108.64.94 62.108.64.94 | 8831 (FINANSBAN...) (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad.) | |
2 | 2606:4700::68... 2606:4700::6812:14e2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 178.18.193.121 178.18.193.121 | 50941 (VARGONEN) (VARGONEN) | |
28 | 4 |
ASN51167 (CONTABO, DE)
PTR: vmi1355066.contaboserver.net
zerosevenone.buzz |
ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR)
internetsubesi.qnbfinansbank.com |
ASN13335 (CLOUDFLARENET, US)
ssif1.globalsign.com | |
seal.globalsign.com |
ASN50941 (VARGONEN, TR)
PTR: wpf02.vargonen.net
www.globalsign.com.tr | |
globalsign.com.tr |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
qnbfinansbank.com
internetsubesi.qnbfinansbank.com — Cisco Umbrella Rank: 748324 |
146 KB |
9 |
zerosevenone.buzz
zerosevenone.buzz |
9 KB |
2 |
globalsign.com.tr
1 redirects
www.globalsign.com.tr globalsign.com.tr |
10 KB |
2 |
globalsign.com
ssif1.globalsign.com — Cisco Umbrella Rank: 64190 seal.globalsign.com — Cisco Umbrella Rank: 48119 |
1 KB |
28 | 4 |
Domain | Requested by | |
---|---|---|
16 | internetsubesi.qnbfinansbank.com |
zerosevenone.buzz
internetsubesi.qnbfinansbank.com |
9 | zerosevenone.buzz |
zerosevenone.buzz
|
1 | seal.globalsign.com |
zerosevenone.buzz
|
1 | globalsign.com.tr |
zerosevenone.buzz
|
1 | www.globalsign.com.tr | 1 redirects |
1 | ssif1.globalsign.com |
zerosevenone.buzz
|
28 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.qnbfinansbank.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
zerosevenone.buzz R11 |
2024-06-17 - 2024-09-15 |
3 months | crt.sh |
internetsubesi.qnbfinansbank.com GlobalSign RSA OV SSL CA 2018 |
2024-06-04 - 2025-07-06 |
a year | crt.sh |
www.globalsign.com GlobalSign Extended Validation CA - SHA256 - G3 |
2023-10-04 - 2024-11-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://zerosevenone.buzz/
Frame ID: 989FC3D62B41C22D0F93EC670B224BFF
Requests: 28 HTTP requests in this frame
Screenshot
![](/screenshots/93a4085b-b387-4491-8e23-302b78d3bb07.png)
Page Title
QNB Finansbank İnternet ŞubesiDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Microsoft ASP.NET.png)
Detected patterns
- <input[^>]+name="__VIEWSTATE
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: buraya
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 21- https://www.globalsign.com.tr/Content/Images/v4/dv-image-seal.png HTTP 301
- https://globalsign.com.tr/Content/Images/v4/dv-image-seal.png
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
zerosevenone.buzz/ |
33 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.smartbanner.css
internetsubesi.qnbfinansbank.com/Content/Devices/ |
4 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FinansbankDropDownList.css
internetsubesi.qnbfinansbank.com/Content/Themes/FinansbankTheme/ |
17 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FBDialog.css
internetsubesi.qnbfinansbank.com/Content/Themes/FinansbankTheme/ |
21 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FBTooltip.css
internetsubesi.qnbfinansbank.com/Content/Themes/FinansbankTheme/ |
5 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FinansbankLoginStyle.css
internetsubesi.qnbfinansbank.com/Content/Themes/LoginTheme/ |
54 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
warning.css
internetsubesi.qnbfinansbank.com/Content/Themes/LoginTheme/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginmain.css
internetsubesi.qnbfinansbank.com/Content/Themes/LoginTheme/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
internetsubesi.qnbfinansbank.com/Content/Themes/LoginTheme/ |
202 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-ie11.css
internetsubesi.qnbfinansbank.com/Content/Themes/LoginTheme/ |
10 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cordale.min.css
internetsubesi.qnbfinansbank.com/Content/Fonts/Cordale/ |
186 B 1010 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
muli.min.css
internetsubesi.qnbfinansbank.com/Content/Fonts/Muli/ |
304 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.smartbanner.js
zerosevenone.buzz/Content/Devices/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loader.gif
zerosevenone.buzz/Content/Images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content_title_left.png
zerosevenone.buzz/Content/Images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content_title_right.png
zerosevenone.buzz/Content/Images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr_disabled.png
internetsubesi.qnbfinansbank.com/Content/Images/ |
39 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
captcha-refresh.jpg
internetsubesi.qnbfinansbank.com/Content/Images/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content_ok.png
zerosevenone.buzz/Content/Images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
guvenlik_top.png
zerosevenone.buzz/Content/Images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
guvenlik_bottom.png
zerosevenone.buzz/Content/Images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
siteSeal.do
ssif1.globalsign.com/SiteSeal/siteSeal/siteSeal/ |
0 157 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dv-image-seal.png
globalsign.com.tr/Content/Images/v4/ Redirect Chain
|
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gmogs_image_110-45_en_dblue.js
seal.globalsign.com/SiteSeal/ |
2 KB 959 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kusakli_web.png
internetsubesi.qnbfinansbank.com/Content/Images/ResponsiveLogin/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow.png
internetsubesi.qnbfinansbank.com/Content/Images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-bg.jpg
internetsubesi.qnbfinansbank.com/Content/Images/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
zerosevenone.buzz/ |
315 B 515 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Finansbank (Banking)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage function| ss_js_sealTagStr function| ss_js_seal string| ss_ua undefined| ss_opera boolean| ss_msie boolean| ss_msie4 boolean| ss_ns4 boolean| ss_ns6 undefined| ss_opera6lower undefined| ss_no_dyna_script string| ss_fqdn string| ss_size string| ss_type string| ss_lang string| ss_ver string| ss_service string| ss_protocol string| ss_jspUrl0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
globalsign.com.tr
internetsubesi.qnbfinansbank.com
seal.globalsign.com
ssif1.globalsign.com
www.globalsign.com.tr
zerosevenone.buzz
161.97.83.26
178.18.193.121
2606:4700::6812:14e2
62.108.64.94
005e7276b6346022d9311d6dd61a2ffd5f7b84ee14f94ce28ba569fbe6cb2c20
20f8ed2bf854270b68617662902cf145554cd87ba4ff29d800879978bbb2d92a
2863c5fdfcdb9f42e75d7d75fa998208150f27829d6ed4956c715ca1e7596dc7
2988840b8f277ea5d45a27627b42b29e7974ef10cf7159e637174c535f5c8890
2d3d0ffc095f087278741a02ec1348d656e1647d3ca54960d30022adfb0e9154
2f8c6a8953c6a17936468d82c8d2b383cf38e93a06081c9b7c3bc9c04f4f0307
323524115e60df7e7e094de9388e553bf8f7e87c8ef934d50ad1b99841c735e6
336c78f5c9fe388e51c865c5ebefb736687909ebc39e118e45b20a13f47e2038
5c1a446f09220df838792922c870088a90247310a3dc2094800c2ef14367a248
6722e1471c13f7e3365469775fe0a6c39b1df6a5b4f6dff08b4f113ab545a163
6ff2aa400887a533106a9497a5d59c4b36ee2594b8614a166ea96ded8780ec0e
9c882904b4c57ec2761920df6798ea9cd23296151f1d6e79a0aa8805dbcae706
a05826090ec74ff3f28479211fd28065237aa75fb9c7ba2bb320c731a5e45f70
b9fc16c04b32f1056489e41287cf33536a05f6912d2da1e598284220266a89d9
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e1bc8b5658f16ea8945a2281db1f2c95cbb5ab9256c7400987e5d9b456213c2d
e1c784b966e7cb2985fbcc42b5362987c076dfc9d347d3286ed131ea26c6dcd6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d74b1fa656995627ce5e8b0839a62b0ffd54b8de7be4f2e40eae2c92b968c8
fbf3992a7e94cb53ec90c822b5c63dbcc582c62442f5e5fb48ef9db706784385
fedf4740b9ae487ac387afe5ac91b724a7a0c9fc05680b9f024ccc37ebb7772b