www-enpara-ramazankampanyasi-com-tr.ml
Open in
urlscan Pro
35.204.58.166
Malicious Activity!
Public Scan
Submission: On May 13 via manual from TR
Summary
This is the only time www-enpara-ramazankampanyasi-com-tr.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Finansbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 35.204.58.166 35.204.58.166 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 62.108.64.90 62.108.64.90 | 8831 (FINANSBAN...) (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad.) | |
1 | 52.222.157.72 52.222.157.72 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:808::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:400c:c08::9d | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
22 | 5 |
ASN15169 (GOOGLE - Google LLC, US)
PTR: 166.58.204.35.bc.googleusercontent.com
www-enpara-ramazankampanyasi-com-tr.ml |
ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR)
internetsubesi.qnbfinansbank.enpara.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-157-72.fra53.r.cloudfront.net
cdn.linearicons.com |
ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com |
ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
www-enpara-ramazankampanyasi-com-tr.ml
www-enpara-ramazankampanyasi-com-tr.ml |
1 MB |
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
17 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
102 B |
1 |
linearicons.com
cdn.linearicons.com |
22 KB |
1 |
enpara.com
internetsubesi.qnbfinansbank.enpara.com |
5 KB |
22 | 5 |
Domain | Requested by | |
---|---|---|
18 | www-enpara-ramazankampanyasi-com-tr.ml |
www-enpara-ramazankampanyasi-com-tr.ml
|
2 | www.google-analytics.com |
1 redirects
www-enpara-ramazankampanyasi-com-tr.ml
|
1 | stats.g.doubleclick.net |
www-enpara-ramazankampanyasi-com-tr.ml
|
1 | cdn.linearicons.com |
www-enpara-ramazankampanyasi-com-tr.ml
|
1 | internetsubesi.qnbfinansbank.enpara.com |
www-enpara-ramazankampanyasi-com-tr.ml
|
22 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
leadxen.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
internetsubesi.qnbfinansbank.enpara.com GlobalSign Extended Validation CA - SHA256 - G3 |
2018-01-30 - 2020-04-30 |
2 years | crt.sh |
cdn.linearicons.com Amazon |
2019-04-01 - 2020-05-01 |
a year | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-04-16 - 2019-07-09 |
3 months | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2019-04-16 - 2019-07-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://www-enpara-ramazankampanyasi-com-tr.ml/
Frame ID: B7D3CF7FFBB63E6910A8BEC5BFC410FE
Requests: 22 HTTP requests in this frame
Screenshot
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Select2 (JavaScript Libraries) Expand
Detected patterns
- script /select2.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
- script /select2.*\.js/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
- script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 19- http://www.google-analytics.com/analytics.js HTTP 307
- https://www.google-analytics.com/analytics.js
- http://www.google-analytics.com/r/collect?v=1&_v=j73&a=1776619305&t=pageview&_s=1&dl=http%3A%2F%2Fwww-enpara-ramazankampanyasi-com-tr.ml%2F&ul=en-us&de=UTF-8&dt=Enpara.com%20Internet%20Bankaciligi%20Giris&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=45635217&gjid=394680570&cid=1411360648.1557750073&tid=UA-71731539-1&_gid=690583583.1557750073&_r=1&z=1225580757 HTTP 307
- https://www.google-analytics.com/r/collect?v=1&_v=j73&a=1776619305&t=pageview&_s=1&dl=http%3A%2F%2Fwww-enpara-ramazankampanyasi-com-tr.ml%2F&ul=en-us&de=UTF-8&dt=Enpara.com%20Internet%20Bankaciligi%20Giris&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=45635217&gjid=394680570&cid=1411360648.1557750073&tid=UA-71731539-1&_gid=690583583.1557750073&_r=1&z=1225580757 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71731539-1&cid=1411360648.1557750073&jid=45635217&_gid=690583583.1557750073&gjid=394680570&_v=j73&z=1225580757
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www-enpara-ramazankampanyasi-com-tr.ml/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
www-enpara-ramazankampanyasi-com-tr.ml/Themes/vendor/bootstrap/css/ |
122 KB 122 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
www-enpara-ramazankampanyasi-com-tr.ml/Themes/fonts/font-awesome-4.7.0/css/ |
30 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-font.min.css
www-enpara-ramazankampanyasi-com-tr.ml/Themes/fonts/Linearicons-Free-v1.0.0/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
animate.css
www-enpara-ramazankampanyasi-com-tr.ml/Themes/vendor/animate/ |
23 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hamburgers.min.css
www-enpara-ramazankampanyasi-com-tr.ml/Themes/vendor/css-hamburgers/ |
19 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
select2.min.css
www-enpara-ramazankampanyasi-com-tr.ml/Themes/vendor/select2/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
util.css
www-enpara-ramazankampanyasi-com-tr.ml/Themes/css/ |
85 KB 85 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
www-enpara-ramazankampanyasi-com-tr.ml/Themes/css/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
internetsubesi.qnbfinansbank.enpara.com/Content/Images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.2.1.min.js
www-enpara-ramazankampanyasi-com-tr.ml/Themes/vendor/jquery/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popper.js
www-enpara-ramazankampanyasi-com-tr.ml/Themes/vendor/bootstrap/js/ |
80 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
www-enpara-ramazankampanyasi-com-tr.ml/Themes/vendor/bootstrap/js/ |
50 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
select2.min.js
www-enpara-ramazankampanyasi-com-tr.ml/Themes/vendor/select2/ |
65 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
www-enpara-ramazankampanyasi-com-tr.ml/Themes/js/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img-01.png
www-enpara-ramazankampanyasi-com-tr.ml/Themes/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Raleway-SemiBold.ttf
www-enpara-ramazankampanyasi-com-tr.ml/Themes/fonts/raleway/ |
176 KB 177 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Linearicons-Free.woff2
cdn.linearicons.com/free/1.0.0/ |
21 KB 22 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Raleway-Bold.ttf
www-enpara-ramazankampanyasi-com-tr.ml/Themes/fonts/raleway/ |
175 KB 175 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Poppins-Regular.ttf
www-enpara-ramazankampanyasi-com-tr.ml/Themes/fonts/poppins/ |
142 KB 142 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Redirect Chain
|
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 102 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Finansbank (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| Popper string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www-enpara-ramazankampanyasi-com-tr.ml/ | Name: _gat Value: 1 |
|
.www-enpara-ramazankampanyasi-com-tr.ml/ | Name: _gid Value: GA1.2.690583583.1557750073 |
|
.www-enpara-ramazankampanyasi-com-tr.ml/ | Name: _ga Value: GA1.2.1411360648.1557750073 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.linearicons.com
internetsubesi.qnbfinansbank.enpara.com
stats.g.doubleclick.net
www-enpara-ramazankampanyasi-com-tr.ml
www.google-analytics.com
2a00:1450:4001:808::200e
2a00:1450:400c:c08::9d
35.204.58.166
52.222.157.72
62.108.64.90
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
1644bddbc56361207f707177714ebe70597e09baee7b4a6f4a4884d9a81ef267
2425ebbc021bfdd18fe55edbeeb1539d22a217212c14430a7d4d75266a333bbc
27751cc48fb8c009d013ffb85f0f2b1db36530791eca74d317aec90d34f09b39
296945e5922e764eef17b1b4a3ee3e60dc202b3c7f074150b62158915bf74e33
3149a74d701ee7dd476f83694f8962062a456b5abbdea234101d30aff2738bcd
31ca8fc4bb190118851959f282909af4a8f6e782b69dcfbe00094ffc010878b3
3252defb25bd1d43565efaa5c99684e786d6ad47497dc34e81e8a44e03901c48
3c86ed1a776be1e6a46c9a1f4b520b63bb7b9b2303edeef665447a5f69d7e36d
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
80aa5497ff31b2c001474d9432f0853c11d200a67ea4f9852ab2f7ee2fedd9c2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
a8e98b651f82ffb90e8c87af9e02bfd70e4c4c20869b58f0b172494316cfff39
a93f37c5c32d030a1d831b5023b6b29bc93290f5423debaf47c83b6444528059
b7680f30199f65ce3b2620713f7cb27a175560ea7402e0b4cba01c5d54508a17
c493991dfa712d1fee861d41c18152e5f8663807484506a23ae97917f6fbbf7b
ca9de8b3be7ccd4b80774a9c7dd56a98c49c276771c5957729b5958d1d579112
f62cb4f7ead6ce81ddb768ca2281bf86c033f45fc28da4b67ec6100c25c7778e
fa659dfc6ebd4b8aad80fa304842c879502fefe16e2fcef55976a89605e7af04