ziraattbank-tr.com
Open in
urlscan Pro
91.241.19.111
Malicious Activity!
Public Scan
Effective URL: https://ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true
Submission: On October 01 via manual from TR — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 30th 2022. Valid for: 3 months.
This is the only time ziraattbank-tr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Ziraat Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 8 | 91.241.19.111 91.241.19.111 | 207566 (CHANGWAY0...) (CHANGWAY007-AS) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ziraattbank-tr.com
3 redirects
ziraattbank-tr.com |
2 MB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 208 |
28 KB |
6 | 2 |
Domain | Requested by | |
---|---|---|
8 | ziraattbank-tr.com |
3 redirects
cdnjs.cloudflare.com
ziraattbank-tr.com |
1 | cdnjs.cloudflare.com |
ziraattbank-tr.com
|
6 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ziraattbank-tr.com cPanel, Inc. Certification Authority |
2022-09-30 - 2022-12-29 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true
Frame ID: C8A74420A2DD20FE2D8149D4025306F8
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Hoş Geldiniz | Ziraat Bankası İnternet BankacılığıPage URL History Show full URLs
-
http://ziraattbank-tr.com/
HTTP 301
https://ziraattbank-tr.com/ Page URL
-
https://ziraattbank-tr.com/c9f7198c57735fa7a7a8ac2cc18dd542.php
HTTP 302
https://ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/index.php HTTP 302
https://ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ziraattbank-tr.com/
HTTP 301
https://ziraattbank-tr.com/ Page URL
-
https://ziraattbank-tr.com/c9f7198c57735fa7a7a8ac2cc18dd542.php
HTTP 302
https://ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/index.php HTTP 302
https://ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/login.php?user=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ziraattbank-tr.com/ HTTP 301
- https://ziraattbank-tr.com/
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
ziraattbank-tr.com/ Redirect Chain
|
29 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fetch.php
ziraattbank-tr.com/remote/ |
0 252 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/ Redirect Chain
|
124 KB 125 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/partial/js/ |
266 KB 266 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
ziraattbank-tr.com/ecae13117d6f0584c25a9da6c8f8415e/partial/css/ |
1 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
104 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
84 KB 84 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Ziraat Bank (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ziraattbank-tr.com/ | Name: PHPSESSID Value: 3dca70525bc4e82ad3ef10fc4f3cb56e |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
ziraattbank-tr.com
2606:4700::6811:190e
91.241.19.111
0d56f27b09b2c78890ae6f08e461059d0289525af94b5dcbe7ece532df71afd9
1eb51dcc853d0c074ed36f16ff8aad62a01dbc70ae3b7d2ec8a5aa9bea64c7d6
1f2fad8c2469c8a8b1d1bd1942b297aae2593d0b1daffe162da4d2c8ca2f8b2b
2f9071e4de731c949bee363cc182a5b88e61caa7cffbfd3ccf7321ca11327544
4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379
75e159dc563cef2d81dfc676edd0562791341ffc58e8fb9d377011d4fe0977ae
7bd1ce5e91f7fa685fe3ec37c7f79c27a49f3ae067afce596fa46bb5b2d90d89
87066901222869bbc18ab6d6620daa3aeac78dad94f88233f14ff68bae4cb472
b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
c76d0ed20042d36379e7b768d551714a7fe6d5ec82e146b930ca7a3a93324b0b
ecd0bd452254e541bd3e0f90384daf729c71bac57dcd6506ce531b82e91a6077