bursahizlikurye.com
Open in
urlscan Pro
185.130.58.66
Malicious Activity!
Public Scan
Submitted URL: http://bursahizlikurye.com/docsign1/docusi%203/
Effective URL: http://bursahizlikurye.com/docsign1/docusi%203/u.php?response_type=code&scope=all_click.manage%20me_profile&client_id=2CC56...
Submission: On January 24 via api from US — Scanned from DE
Effective URL: http://bursahizlikurye.com/docsign1/docusi%203/u.php?response_type=code&scope=all_click.manage%20me_profile&client_id=2CC56...
Submission: On January 24 via api from US — Scanned from DE
Summary
This website contacted 2 IPs
in 1 countries
across 2 domains to perform 11 HTTP transactions.
The main IP is 185.130.58.66, located in
Istanbul, Turkey and
belongs to AS43260, TR.
The main domain is bursahizlikurye.com.
This is the only time bursahizlikurye.com was scanned on urlscan.io!
This is the only time bursahizlikurye.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DocuSign (Online) DHL (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 9 | 185.130.58.66 185.130.58.66 | 43260 (AS43260) (AS43260) | |
| 2 | 185.81.100.38 185.81.100.38 | () () | |
| 11 | 2 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
bursahizlikurye.com
bursahizlikurye.com |
324 KB |
| 2 |
docusign.com
account.docusign.com |
9 KB |
| 11 | 2 |
| Domain | Requested by | |
|---|---|---|
| 9 | bursahizlikurye.com |
bursahizlikurye.com
|
| 2 | account.docusign.com |
bursahizlikurye.com
|
| 11 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| account.docusign.com DigiCert SHA2 Extended Validation Server CA |
2020-01-09 - 2022-03-26 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://bursahizlikurye.com/docsign1/docusi%203/u.php?response_type=code&scope=all_click.manage%20me_profile&client_id=2CC56DC9-4BCD-4B55-8AB0-8BA60BAE1065&redirect_uri=
Frame ID: 96507A7F5417CFFA0D58F4A7331DAF9D
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://bursahizlikurye.com/docsign1/docusi%203/ Page URL
- http://bursahizlikurye.com/docsign1/docusi%203/u.php?response_type=code&scope=all_click.manage%20me_pro... Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://bursahizlikurye.com/docsign1/docusi%203/ Page URL
- http://bursahizlikurye.com/docsign1/docusi%203/u.php?response_type=code&scope=all_click.manage%20me_profile&client_id=2CC56DC9-4BCD-4B55-8AB0-8BA60BAE1065&redirect_uri= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
bursahizlikurye.com/docsign1/docusi%203/ |
614 B 822 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hl.jpg
bursahizlikurye.com/docsign1/docusi%203/img/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bar.gif
bursahizlikurye.com/docsign1/docusi%203/img/ |
189 KB 189 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
u.php
bursahizlikurye.com/docsign1/docusi%203/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
facebox.css
bursahizlikurye.com/docsign1/docusi%203/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.6.2.min.js
bursahizlikurye.com/docsign1/docusi%203/javascript/ |
89 KB 90 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
facebox.js
bursahizlikurye.com/docsign1/docusi%203/javascript/facebox/src/ |
9 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.watermark.js
bursahizlikurye.com/docsign1/docusi%203/javascript/watermark/ |
19 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
javascript1.js
bursahizlikurye.com/docsign1/docusi%203/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
docusign_logo_small.png
account.docusign.com/LoginAppNext/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
social_auth_providers.png
account.docusign.com/LoginAppNext/images/social/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DocuSign (Online) DHL (Transportation)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account.docusign.com
bursahizlikurye.com
185.130.58.66
185.81.100.38
016f9cfa001792db7ad2be1e1ea1424cea09f108f68e7efb1caf4c5e65ac1335
2cd71212e9f32ad6cdf96f4467a515d8c16e620bb579898830d7adb12bdbbc63
73f5caae156cfbd7560675e824517b591aedbf850c840aaba8dcfca597f676e3
84a75ad61d0404ae29810295acffc370e195b64227a5445c30613ea316bdafdc
9775030ee067be2b25772eeefe9a56ad2ef10ed5c2c5efebe93f92a9781b768a
c614122e326d88fffd8495fc3ccbac314634f3c36ea1f003cd222288bf67686b
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
e83f8d0b4a78d14185abfca96ee2fbaf18e396a047f725d944ff27a845787279
ee3cec3c33913424b8a94f2ba811277a4aaf0a8476d61653769c5d953ddeecbd
fc1051ff8ece6493b643873b420df97c3cb5037337891450cad3051a9bba1754
fc38767c5270e458fa2433d18b22354752e1d7173d7f0a21e4f4b13e0aae5b33