acikgirisin.denizgunleriseninle.site Open in urlscan Pro
2606:4700:3033::6815:56ea Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/index.php
Effective URL:
https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/hataliyizx.html
Submission: On April 26 via api (April 26th 2024, 6:04:49 pm UTC) from TR — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3033::6815:56ea, located in United States and belongs to CLOUDFLARENET, US. The main domain is acikgirisin.denizgunleriseninle.site.
TLS certificate: Issued by GTS CA 1P5 on April 23rd 2024. Valid for: 3 months.

This is the only time acikgirisin.denizgunleriseninle.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Denizbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
5	2606:4700:303... 2606:4700:3033::6815:56ea		13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2

5 2606:4700:3033::6815:56ea (United States)

ASN13335 (CLOUDFLARENET, US)

acikgirisin.denizgunleriseninle.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	denizgunleriseninle.site acikgirisin.denizgunleriseninle.site	190 KB
16	1

	Domain	Requested by
5	acikgirisin.denizgunleriseninle.site	acikgirisin.denizgunleriseninle.site
16	1

This site contains no links.

Subject Issuer	Validity	Valid
denizgunleriseninle.site GTS CA 1P5	`2024-04-23` - `2024-07-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/hataliyizx.html
Frame ID: 2E5EB3FDF6B7300CA82FBFA5FF1FFFCD
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/index.php Page URL
https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/index.php Page URL
https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/hataliyizx.html Page URL

Page Statistics

16
Requests

31 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

190 kB
Transfer

199 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/index.php Page URL
https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/index.php Page URL
https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/hataliyizx.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	index.php acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/	14 KB 5 KB	193ms 135ms	Document text/html	2606:4700:3033::6815:56ea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/index.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:56ea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.2.18 PleskLin Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 87a87f393a821e6c-FRA content-encoding br content-type text/html; charset=UTF-8 date Fri, 26 Apr 2024 18:04:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKgFFm0GTkat9PV%2FIYeGxk2vuly2gdfuc17lg%2BkFOjOoMrA3IGypxH27%2BDeeGT2pBbhQZY7fKMS0hySGfjoLgcD0Mw5jmDklh9E2CaQFUL%2BZZ2HHa2Xw8aXxrE33lFA7n6sGMFUnGNO5fhWUrAqRD%2FoU3ChsuhatMGBGPepaIKse1Hc%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/8.2.18 PleskLin
GET		styles.css acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		loading.gif acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		logo-light.svg acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		qr.png acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		login-footer-logo.svg acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		enbd.png acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		runtime.js acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		polyfills.js acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		scripts.js acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		vendor.js acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET		main.js acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/	0 0

GET H3	200	index.php acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/	60 B 555 B	136ms 136ms	Document text/html	2606:4700:3033::6815:56ea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/index.php Requested by Host: acikgirisin.denizgunleriseninle.site URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/index.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:56ea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.2.18 PleskLin Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/index.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 87a87f3a3bef1e6c-FRA content-encoding br content-type text/html; charset=UTF-8 date Fri, 26 Apr 2024 18:04:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hgTRP184AeBeVgwo2K5Yf9b6Nd%2B81cPieq7jAZSmYdUk4qZTcO6%2B5d%2BOLjqRz1P9aDsxcLCHID71pQB2T9RxSIJ3irHCtofRV4f%2BqTq9%2FAxf8HmO881v0CEr28Xyu9YoJWgvo%2Fk1QM9mZuMu4um19K9X0IDIyvkAV8DbmwBSo%2B7TY20%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/8.2.18 PleskLin
GET H3	200	Primary Request hataliyizx.html Show response acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/	416 B 730 B	77ms 77ms	Document text/html	2606:4700:3033::6815:56ea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/hataliyizx.html Requested by Host: acikgirisin.denizgunleriseninle.site URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/index.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:56ea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `0b25b4461e3aba05a98b0ef400ff07a5e52804e9203843f3a084ac0510f37aa3` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/index.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 87a87f3b2d381e6c-FRA content-encoding br content-type text/html date Fri, 26 Apr 2024 18:04:44 GMT last-modified Fri, 26 Apr 2024 18:04:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J7ugwWcBhb3xQAjBzyZQm3fZ%2F4GcrxKHZay9HYNz38YiPnvis51O3CcXih%2F0KiEwP%2BbqFb%2B6QckAKMmnCAORYnIhxH2OdO4BpiWs2JwPEDWKC3TunUuRIC52oiLakdVNuh8lLSMb1C0hPvnWqtPzZsUL%2BdPGV0wAQRMViNWiu3ay6bU%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-accel-version 0.01 x-powered-by PleskLin
GET H3	200	xccd1.jpeg acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/	183 KB 184 KB	105ms 105ms	Image image/jpeg	2606:4700:3033::6815:56ea CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/xccd1.jpeg Requested by Host: acikgirisin.denizgunleriseninle.site URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/hataliyizx.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:56ea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `ba6c85733013a895ffb2eae7b89918efb38c1edd0ff19fb7dc30724c6d5d0738` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/hataliyizx.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 26 Apr 2024 18:04:44 GMT cf-cache-status MISS last-modified Fri, 26 Apr 2024 18:04:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "662beca6-2dc2b" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ou2qUIGDiuJvdr5h5pcs7ifbL5N6dST7%2FF4bzDn1VY%2BKCiFTKQyd3jf07j%2BYFVC04RldzzpKknaVQXvydoeAV7efnQ76xRgTgxsQ4VlTZ8W0FVi5oKCmf%2FPEXcTDJ6JbpFgZ42gbdEoWktSfKZTnvAzgvNCAgnxsF6C6da9Ng20K6Bs%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 accept-ranges bytes cf-ray 87a87f3badfa1e6c-FRA alt-svc h3=":443"; ma=86400 content-length 187435
GET H3	404	favicon.ico acikgirisin.denizgunleriseninle.site/	808 B 889 B	93ms 92ms	Other text/html	2606:4700:3033::6815:56ea CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://acikgirisin.denizgunleriseninle.site/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:56ea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/hataliyizx.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 26 Apr 2024 18:04:44 GMT content-encoding br cf-cache-status MISS last-modified Fri, 12 Apr 2024 17:27:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FTSD76ukECtPVgdobDFkWXIi%2FgODUlA4d7TU8s%2F2UiG0CsNkgIp%2Bf%2FF4jmavNtAsGWHSlhaxtq8dqBidHR9kT%2BWr8ZjCCb5o%2FZSIYyo7zcBs1e5%2BuDUtezTdGmta5i3EvBY%2FBYyarcuCvDlNG5Smef4Z5JieekCQj8ChYtR8rA32FMg%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 87a87f3c8f651e6c-FRA alt-svc h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/styles.css

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/loading.gif

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/logo-light.svg

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/qr.png

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/login-footer-logo.svg

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/enbd.png

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/runtime.js

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/polyfills.js

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/scripts.js

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/vendor.js

Domain: acikgirisin.denizgunleriseninle.site
URL: https://acikgirisin.denizgunleriseninle.site/Denizden-9600fa4517f2587ac8d8de4354504513/girisim/_assets/main.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Denizbank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://acikgirisin.denizgunleriseninle.site/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acikgirisin.denizgunleriseninle.site
acikgirisin.denizgunleriseninle.site
2606:4700:3033::6815:56ea
0b25b4461e3aba05a98b0ef400ff07a5e52804e9203843f3a084ac0510f37aa3
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
ba6c85733013a895ffb2eae7b89918efb38c1edd0ff19fb7dc30724c6d5d0738

acikgirisin.denizgunleriseninle.site Open in urlscan Pro 2606:4700:3033::6815:56ea Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

16 Requests

31 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

190 kBTransfer

199 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

acikgirisin.denizgunleriseninle.site Open in urlscan Pro
2606:4700:3033::6815:56ea Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

31 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

190 kB
Transfer

199 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!