urlscan.io logo urlscan.io
SecurityTrails logo

besikcioglu.com.tr Open in urlscan Pro
89.163.214.157  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://besikcioglu.com.tr/Wss1/TSB/TSB/
Effective URL: https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p...
Submission: On November 27 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 89.163.214.157, located in Germany and belongs to MYLOC-AS IP Backbone of myLoc managed IT AG, DE. The main domain is besikcioglu.com.tr.
TLS certificate: Issued by R3 on November 25th 2023. Valid for: 3 months.
This is the only time besikcioglu.com.tr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TSB Bank (Banking) Generic (Online)

Domain & IP information

IP Address AS Autonomous System
6 89.163.214.157 24961 (MYLOC-AS ...)
6 1
Apex Domain
Subdomains		 Transfer
6 besikcioglu.com.tr
besikcioglu.com.tr
151 KB
6 1
Domain Requested by
6 besikcioglu.com.tr besikcioglu.com.tr
6 1

This site contains no links.

Subject Issuer Validity Valid
*.besikcioglu.com.tr
R3		 2023-11-25 -
2024-02-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E
Frame ID: 0C478162A848F84C7723D41056E11725
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. https://besikcioglu.com.tr/Wss1/TSB/TSB/ Page URL
  2. https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qi... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

151 kB
Transfer

179 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://besikcioglu.com.tr/Wss1/TSB/TSB/ Page URL
  2. https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
besikcioglu.com.tr/Wss1/TSB/TSB/ 		563 B
819 B 		Document
General
Check archive.org
Download Go to
Full URL
https://besikcioglu.com.tr/Wss1/TSB/TSB/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.163.214.157 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
vps2415162.dedi.server-hosting.expert
Software
LiteSpeed /
Resource Hash
42819ce5b815c9769735a84cdfbf65572ef9894f783a21a90183c03bc963a4d5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
468
content-type
text/html; charset=UTF-8
date
Mon, 27 Nov 2023 07:43:46 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding
soa.js
besikcioglu.com.tr/Wss1/TSB/TSB/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://besikcioglu.com.tr/Wss1/TSB/TSB/soa.js
Requested by
Host: besikcioglu.com.tr
URL: https://besikcioglu.com.tr/Wss1/TSB/TSB/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.163.214.157 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
vps2415162.dedi.server-hosting.expert
Software
LiteSpeed /
Resource Hash
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://besikcioglu.com.tr/Wss1/TSB/TSB/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 27 Nov 2023 07:43:46 GMT
content-encoding
br
last-modified
Tue, 15 Aug 2023 04:56:14 GMT
server
LiteSpeed
etag
"4f65-64db056e-2c13035f;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
5744
expires
Mon, 04 Dec 2023 07:43:46 GMT
Primary Request Login.php
besikcioglu.com.tr/Wss1/TSB/TSB/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E
Requested by
Host: besikcioglu.com.tr
URL: https://besikcioglu.com.tr/Wss1/TSB/TSB/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.163.214.157 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
vps2415162.dedi.server-hosting.expert
Software
LiteSpeed /
Resource Hash
0a6ec4a31963d52945ac504ec89cc7b45bcc813c071d9f2c6f6ab49e5e73a722

Request headers

Referer
https://besikcioglu.com.tr/Wss1/TSB/TSB/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
1284
content-type
text/html; charset=UTF-8
date
Mon, 27 Nov 2023 07:43:46 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding
soa.js
besikcioglu.com.tr/Wss1/TSB/TSB/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://besikcioglu.com.tr/Wss1/TSB/TSB/soa.js
Requested by
Host: besikcioglu.com.tr
URL: https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
89.163.214.157 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
vps2415162.dedi.server-hosting.expert
Software
LiteSpeed /
Resource Hash
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 27 Nov 2023 07:43:46 GMT
content-encoding
br
last-modified
Tue, 15 Aug 2023 04:56:14 GMT
server
LiteSpeed
etag
"4f65-64db056e-2c13035f;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
5744
expires
Mon, 04 Dec 2023 07:43:46 GMT
continue.png
besikcioglu.com.tr/Wss1/TSB/TSB/assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://besikcioglu.com.tr/Wss1/TSB/TSB/assets/img/continue.png
Requested by
Host: besikcioglu.com.tr
URL: https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
89.163.214.157 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
vps2415162.dedi.server-hosting.expert
Software
LiteSpeed /
Resource Hash
618b0e96c6bf41f64cb14c9c32219f278311936e6cf5a7ba832230389db3ccb0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 27 Nov 2023 07:43:46 GMT
last-modified
Tue, 15 Aug 2023 04:56:14 GMT
server
LiteSpeed
etag
"5a6-64db056e-3407f066;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1446
expires
Mon, 04 Dec 2023 07:43:46 GMT
1.png
besikcioglu.com.tr/Wss1/TSB/TSB/ 		135 KB
135 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://besikcioglu.com.tr/Wss1/TSB/TSB/1.png
Requested by
Host: besikcioglu.com.tr
URL: https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
89.163.214.157 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
vps2415162.dedi.server-hosting.expert
Software
LiteSpeed /
Resource Hash
d22a8fec25e0f44176ac92b1b8adeb7e3a1222be1f0fdb8b7382c02800252d08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://besikcioglu.com.tr/Wss1/TSB/TSB/Login.php?sslchannel=true&form=AccountVerification&sessionid=qijguZaoXlgKZXmmsJLI6p1jy1POlfcRRtm78wLvWmj1MffoACKzWsMOUN0aqkotFUMjXIbTlQ1RhV6E
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 27 Nov 2023 07:43:46 GMT
last-modified
Tue, 15 Aug 2023 04:56:12 GMT
server
LiteSpeed
etag
"21d66-64db056c-2c12f350;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
138598
expires
Mon, 04 Dec 2023 07:43:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TSB Bank (Banking) Generic (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| Aes object| Base64 object| Utf8 string| hea2p string| hea2t string| output string| ctrTxt

1 Cookies

Domain/Path Name / Value
besikcioglu.com.tr/ Name: PHPSESSID
Value: 901de5c4b3590f0be3b938b7d31b4a7d