kureselmekanik.com Open in urlscan Pro
94.73.148.60  Malicious Activity! Public Scan

URL: http://kureselmekanik.com/includes/fr/sms/sms/
Submission Tags: @ipnigh
Submission: On April 22 via api from GB

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 94.73.148.60, located in Turkey and belongs to CIZGI, TR. The main domain is kureselmekanik.com.
This is the only time kureselmekanik.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banque Postale (Banking)

Domain & IP information

IP Address AS Autonomous System
1 16 94.73.148.60 34619 (CIZGI)
15 1
Apex Domain
Subdomains
Transfer
16 kureselmekanik.com
kureselmekanik.com
141 KB
15 1
Domain Requested by
16 kureselmekanik.com 1 redirects kureselmekanik.com
15 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 2 frames:

Primary Page: http://kureselmekanik.com/includes/fr/sms/sms/
Frame ID: 7278B15504313008A2A16247608571DF
Requests: 6 HTTP requests in this frame

Frame: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Frame ID: 7C8BB70D9C2C3EFBC0C1D81C7773E68C
Requests: 9 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://kureselmekanik.com/includes/fr/sms/sms HTTP 301
    http://kureselmekanik.com/includes/fr/sms/sms/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

15
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

141 kB
Transfer

219 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://kureselmekanik.com/includes/fr/sms/sms HTTP 301
    http://kureselmekanik.com/includes/fr/sms/sms/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
kureselmekanik.com/includes/fr/sms/sms/
Redirect Chain
  • http://kureselmekanik.com/includes/fr/sms/sms
  • http://kureselmekanik.com/includes/fr/sms/sms/
1 KB
734 B
Document
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
46ff2be4b8263e5493aba57d07584b033e2cdc72cc395afde19fab5dc86629bb

Request headers

Host
kureselmekanik.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Content-Length
527
Content-Encoding
gzip
Vary
Accept-Encoding
Date
Wed, 22 Apr 2020 00:37:13 GMT
Server
LiteSpeed

Redirect headers

Connection
Keep-Alive
Content-Type
text/html
Content-Length
705
Date
Wed, 22 Apr 2020 00:37:13 GMT
Server
LiteSpeed
Location
http://kureselmekanik.com/includes/fr/sms/sms/
index_01.gif
kureselmekanik.com/includes/fr/sms/sms/images/
7 KB
7 KB
Image
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/images/index_01.gif
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
68374609fd96961cd1590f53a2b061527ae5ba00bc5a505b7c5758aea3b93b7e

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Last-Modified
Fri, 10 Jul 2015 20:07:54 GMT
Server
LiteSpeed
Content-Type
image/gif
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
6752
Expires
Wed, 29 Apr 2020 00:37:13 GMT
index_02.gif
kureselmekanik.com/includes/fr/sms/sms/images/
4 KB
4 KB
Image
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/images/index_02.gif
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
50f08e3f8e9097920c6d34dc772b9cf34310e754b8455e0926c8dfcb3dfccc35

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Last-Modified
Fri, 10 Jul 2015 20:07:54 GMT
Server
LiteSpeed
Content-Type
image/gif
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
4312
Expires
Wed, 29 Apr 2020 00:37:13 GMT
index_04.gif
kureselmekanik.com/includes/fr/sms/sms/images/
6 KB
7 KB
Image
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/images/index_04.gif
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
32f05b7fb60d1016106addff81157e44ab82d45c0bab485b5d2b28ed19f3380f

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Last-Modified
Thu, 12 Oct 2017 08:51:46 GMT
Server
LiteSpeed
Content-Type
image/gif
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
6524
Expires
Wed, 29 Apr 2020 00:37:13 GMT
index_05.gif
kureselmekanik.com/includes/fr/sms/sms/images/
58 KB
58 KB
Image
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/images/index_05.gif
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
1932ee779a3e5adc6a48b5e00f1f084810fb30aed61786839b7604441a949d3c

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Last-Modified
Thu, 12 Oct 2017 09:01:54 GMT
Server
LiteSpeed
Content-Type
image/gif
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
59423
Expires
Wed, 29 Apr 2020 00:37:13 GMT
login.php
kureselmekanik.com/includes/fr/sms/sms/ Frame 7C8B
5 KB
2 KB
Document
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/login.php
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
0250b13f2f63c1a36e0586501207ab1853902a3ce90d6e0f7116f84431b48ffa

Request headers

Host
kureselmekanik.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://kureselmekanik.com/includes/fr/sms/sms/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://kureselmekanik.com/includes/fr/sms/sms/

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Content-Length
1564
Content-Encoding
gzip
Vary
Accept-Encoding
Date
Wed, 22 Apr 2020 00:37:13 GMT
Server
LiteSpeed
bg.jpg
kureselmekanik.com/includes/fr/sms/sms/images/
14 KB
14 KB
Image
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/images/bg.jpg
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
9c3c51c993e93289ee20b82b30e73ddab4ea26312b9aab6f0b16e0e289ab5be9

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Last-Modified
Fri, 10 Jul 2015 20:32:56 GMT
Server
LiteSpeed
Content-Type
image/jpeg
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
13902
Expires
Wed, 29 Apr 2020 00:37:13 GMT
cvs_all.css
kureselmekanik.com/includes/fr/sms/sms/css/ Frame 7C8B
6 KB
2 KB
Stylesheet
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/css/cvs_all.css
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
ac4b179388e43f276ab7562431986e8acb819e986ca88a3b5bf70d645337a8f3

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 May 2014 06:25:36 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1495
Expires
Wed, 29 Apr 2020 00:37:13 GMT
cvs_portable.css
kureselmekanik.com/includes/fr/sms/sms/css/ Frame 7C8B
1001 B
708 B
Stylesheet
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/css/cvs_portable.css
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
9aaac9ad9b461893e7a54809e3a819de0af5d6b227fb24efe1c577f62645bc32

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 May 2014 06:25:36 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
370
Expires
Wed, 29 Apr 2020 00:37:13 GMT
transparent.gif
kureselmekanik.com/includes/fr/sms/sms/images/ Frame 7C8B
42 B
333 B
Image
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/images/transparent.gif
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Last-Modified
Tue, 20 May 2014 06:25:36 GMT
Server
LiteSpeed
Content-Type
image/gif
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
42
Expires
Wed, 29 Apr 2020 00:37:13 GMT
jquery-1.7.2.min.js
kureselmekanik.com/includes/fr/sms/sms/js/ Frame 7C8B
93 KB
33 KB
Script
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/js/jquery-1.7.2.min.js
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
d72fcb8924d1e14dbd4b04aff994c1183ee86c620f0aaac034f75fc508548220

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 May 2014 06:25:36 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
33797
Expires
Wed, 29 Apr 2020 00:37:13 GMT
val_keypad_cvvs-commun-unifie.js
kureselmekanik.com/includes/fr/sms/sms/js/ Frame 7C8B
12 KB
4 KB
Script
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/js/val_keypad_cvvs-commun-unifie.js
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
26ac457637b6e883ca410bef71797ad78df8ab692fd4a42eebc2cf35326d4de5

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 May 2014 06:25:36 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
3528
Expires
Wed, 29 Apr 2020 00:37:13 GMT
val_keypad_cvvs-unifie.js
kureselmekanik.com/includes/fr/sms/sms/js/ Frame 7C8B
7 KB
3 KB
Script
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/js/val_keypad_cvvs-unifie.js
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
8646606c95edd17842c81e1740c5d5b82ce0db9d85cee289e7f9f8b4f949ba34

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Jul 2015 03:24:18 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
2335
Expires
Wed, 29 Apr 2020 00:37:13 GMT
bad.png
kureselmekanik.com/includes/fr/sms/sms/img/ Frame 7C8B
1 KB
1 KB
Image
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/img/bad.png
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 22 Apr 2020 00:37:13 GMT
Content-Encoding
gzip
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/html
Cteonnt-Length
1236
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Connection
Keep-Alive
Content-Length
709
login.png
kureselmekanik.com/includes/fr/sms/sms/data_img/ Frame 7C8B
5 KB
5 KB
Image
General
Full URL
http://kureselmekanik.com/includes/fr/sms/sms/data_img/login.png
Requested by
Host: kureselmekanik.com
URL: http://kureselmekanik.com/includes/fr/sms/sms/login.php
Protocol
HTTP/1.1
Server
94.73.148.60 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS
94-73-148-60.cizgi.net.tr
Software
LiteSpeed /
Resource Hash
fb04604a9152cc57920f51513c860c699b2c71551334e5986b12ecc560b4ed2e

Request headers

Referer
http://kureselmekanik.com/includes/fr/sms/sms/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 00:37:13 GMT
Last-Modified
Sat, 10 Oct 2015 03:43:32 GMT
Server
LiteSpeed
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
4635
Expires
Wed, 29 Apr 2020 00:37:13 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banque Postale (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies