katilandeventstartup.net Open in urlscan Pro
2606:4700:3032::6815:25f1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://katilandeventstartup.net/
Effective URL:
https://katilandeventstartup.net/
Submission Tags: @ecarlesi threat #phishing #denizbank Search All
Submission: On June 01 via api (June 1st 2023, 1:34:54 am UTC) from FR — Scanned from FR

Summary HTTP 3 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3032::6815:25f1, located in United States and belongs to CLOUDFLARENET, US. The main domain is katilandeventstartup.net.
TLS certificate: Issued by GTS CA 1P5 on May 30th 2023. Valid for: 3 months.

This is the only time katilandeventstartup.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Denizbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3034::ac43:d784	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3032::6815:25f1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2

1 2606:4700:3034::ac43:d784 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

katilandeventstartup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3032::6815:25f1 (United States)

ASN13335 (CLOUDFLARENET, US)

katilandeventstartup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	katilandeventstartup.net 1 redirects katilandeventstartup.net	811 KB
3	1

	Domain	Requested by
4	katilandeventstartup.net	1 redirects katilandeventstartup.net
3	1

This site contains no links.

Subject Issuer	Validity	Valid
katilandeventstartup.net GTS CA 1P5	`2023-05-30` - `2023-08-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://katilandeventstartup.net/
Frame ID: BCAAAD4A44F6253D3859617D4229CF9D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DenizBank İnternet Bankacılığı

Page URL History Show full URLs

http://katilandeventstartup.net/ HTTP 301
https://katilandeventstartup.net/ Page URL

Page Statistics

3
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

887 kB
Transfer

2248 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://katilandeventstartup.net/ HTTP 301
https://katilandeventstartup.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
9 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response katilandeventstartup.net/ Redirect Chain http://katilandeventstartup.net/ https://katilandeventstartup.net/	2 MB 802 KB	116ms 72ms	Document text/html	2606:4700:3032::6815:25f1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://katilandeventstartup.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:25f1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 PleskLin Resource Hash `b3edf251d6eef812aed25b81d1fffb86d8a4e847e37300ee6ae21d1682ef3200` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7d03b759f9c0d70a-CDG content-encoding br content-type text/html; charset=UTF-8 date Thu, 01 Jun 2023 01:34:47 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dpeVtPO6PGqorD8mgOB9sBJexrKCoRvcvjxQ8FpIhXews17JgYKMtDzr6%2BrJS2%2B524SMVkkJcFw7GJJaE%2BLqJoBhPneL9YwBgVIJLhZhoGF8dpfm6K9QKSwLb9yjsGBN%2BaNwofBIi9EKMiln3dJKaIad4cu7hIM%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.33 PleskLin Redirect headers CF-Cache-Status DYNAMIC CF-RAY 7d03b75948f599ee-CDG Connection keep-alive Content-Type text/html Date Thu, 01 Jun 2023 01:34:47 GMT Location https://katilandeventstartup.net/ NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ezGL7ZRnqRRWY0Tfv10GT4b8Z%2FdQWG4RvpS2GJqo70JJgpVpUWarC8xSMUG4i2oFaAlfnWPCM92gLjmJnGMXGKNoGTEPNmkBfQ0x70ymZPzW%2FCT5Q0QzH5z4%2Bs6cFj2TCA9iOk6kuEBs0dgGkhjoivHF0zMpKuo%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400
GET H2	404	== katilandeventstartup.net/	808 B 808 B	37ms 36ms	Image text/html	2606:4700:3032::6815:25f1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://katilandeventstartup.net/== Requested by Host: katilandeventstartup.net URL: https://katilandeventstartup.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:25f1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers accept-language fr-FR,fr;q=0.9 Referer https://katilandeventstartup.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 01 Jun 2023 01:34:47 GMT content-encoding br cf-cache-status DYNAMIC last-modified Tue, 30 May 2023 13:23:29 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tnth%2FCQUor2SOglBUD2jL%2BMho%2F5Fzi5ip3HrTFI1NFF3XnjLeDr96%2B4dhvmVE5vCnjlNdPtSWGVgqdPsyry4VMFn9cPYWz6S2y45IFbGcDH5BkumoLkYqbJnPCVg7DIVsy22JAbYD745IuTCTB4oF%2BqQfbM44HA%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 7d03b75b4a2ed70a-CDG alt-svc h3=":443"; ma=86400
GET H2	200	logo-light.svg katilandeventstartup.net/img/	176 KB 7 KB	29ms 28ms	Image image/svg+xml	2606:4700:3032::6815:25f1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://katilandeventstartup.net/img/logo-light.svg Requested by Host: katilandeventstartup.net URL: https://katilandeventstartup.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:25f1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `3da913d79fff46cfe4d58d56e141cfcb31865606284507f7a530db69394330fb` Request headers accept-language fr-FR,fr;q=0.9 Referer https://katilandeventstartup.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 01 Jun 2023 01:34:47 GMT content-encoding br cf-cache-status HIT last-modified Sat, 11 Dec 2021 17:25:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 37 etag W/"61b4df1e-2c141" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DxpT2dO%2BBw%2BIQvVgbjbKiprf4borL5PmM9W%2BSNSG9CX0tvngxrDkFCNYUzQzcbpC9Bii%2FVZzK1dl9y6JI4QeN7A41BafSJYZC2x05J6M4waWaMwyTw%2BQ3H%2BpZGRGGvSzvXs80WIzHTn7XW7eyqAITpEStpubEGE%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 7d03b75b4a2fd70a-CDG alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	38 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `74ded04044e0ea5035452097608c57828b228d0201feda6055c58029fff87f29` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	8 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `54e92ad9930ef375b8f4e1a1fe7fe5c86d43d7ad00a955c5df818e26489049b8` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `59c1a112d5d610c1399aa46d5b549c5aad1e4b283aaf785545e818d053f25378` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1b74331ad061c583ad54561f95596a8481b95d863a431fc4daf3a9ee7d151975` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	379 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f7278ca494d765eab007679ace9914b237327326d7cd2840660dc8140a8b5542` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	39 KB 39 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7eb704d9b4ca582fa56c8f610af81afdf6773b3c0a8a40362befc94b3b70dbc6` Request headers Referer Origin https://katilandeventstartup.net accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	12 KB 12 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a085c2f1e7df8cdded779fa68b0ce2e0d31d3352ed8d8238cb540f35fa20cf0d` Request headers Referer Origin https://katilandeventstartup.net accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	12 KB 12 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b582e5e36135cfe697ec9cfbb06ff7407a7d89a9e4a1287cfdd905cc3f9669e5` Request headers Referer Origin https://katilandeventstartup.net accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	12 KB 12 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `be3979aa66ab98b74f4c323b1c194cba444de65913e489d5786e0c7fd8f310c0` Request headers Referer Origin https://katilandeventstartup.net accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type application/font-woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Denizbank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless function| savepage_ShadowLoader

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			katilandeventstartup.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: g089arv7m2gu55rat4pccsrjk0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://katilandeventstartup.net/== Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

katilandeventstartup.net
2606:4700:3032::6815:25f1
2606:4700:3034::ac43:d784
1b74331ad061c583ad54561f95596a8481b95d863a431fc4daf3a9ee7d151975
3da913d79fff46cfe4d58d56e141cfcb31865606284507f7a530db69394330fb
54e92ad9930ef375b8f4e1a1fe7fe5c86d43d7ad00a955c5df818e26489049b8
59c1a112d5d610c1399aa46d5b549c5aad1e4b283aaf785545e818d053f25378
74ded04044e0ea5035452097608c57828b228d0201feda6055c58029fff87f29
7eb704d9b4ca582fa56c8f610af81afdf6773b3c0a8a40362befc94b3b70dbc6
a085c2f1e7df8cdded779fa68b0ce2e0d31d3352ed8d8238cb540f35fa20cf0d
b3edf251d6eef812aed25b81d1fffb86d8a4e847e37300ee6ae21d1682ef3200
b582e5e36135cfe697ec9cfbb06ff7407a7d89a9e4a1287cfdd905cc3f9669e5
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
be3979aa66ab98b74f4c323b1c194cba444de65913e489d5786e0c7fd8f310c0
f7278ca494d765eab007679ace9914b237327326d7cd2840660dc8140a8b5542

katilandeventstartup.net Open in urlscan Pro 2606:4700:3032::6815:25f1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

3 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

887 kBTransfer

2248 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

katilandeventstartup.net Open in urlscan Pro
2606:4700:3032::6815:25f1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

887 kB
Transfer

2248 kB
Size

1
Cookies

3 HTTP transactions
9 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!