urlscan.io logo urlscan.io
SecurityTrails logo

giris.bkm.com.tr Open in urlscan Pro
62.244.244.176  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://giris.bkm.com.tr/
Effective URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Submission: On March 01 via manual from TR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 62.244.244.176, located in Turkey and belongs to BKM-AS, TR. The main domain is giris.bkm.com.tr.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on October 16th 2023. Valid for: a year.
This is the only time giris.bkm.com.tr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 17 62.244.244.176 33830 (BKM-AS)
2 62.244.244.25 15924 (BORUSANTE...)
17 2
Apex Domain
Subdomains		 Transfer
19 bkm.com.tr
giris.bkm.com.tr
api-prod.bkm.com.tr
582 KB
17 1
Domain Requested by
17 giris.bkm.com.tr 2 redirects giris.bkm.com.tr
2 api-prod.bkm.com.tr giris.bkm.com.tr
17 2

This site contains no links.

Subject Issuer Validity Valid
parametre.bkm.com.tr
GlobalSign RSA OV SSL CA 2018		 2023-10-16 -
2024-11-16		 a year crt.sh
*.api-prod.bkm.com.tr
GlobalSign RSA OV SSL CA 2018		 2023-06-23 -
2024-07-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Frame ID: 6528B51F4332730FE535270720E0AA56
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Parametre Yönetim Sistemi

Page URL History Show full URLs

  1. https://giris.bkm.com.tr/ HTTP 302
    https://giris.bkm.com.tr/?AspxAutoDetectCookieSupport=1 HTTP 302
    https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1& Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

580 kB
Transfer

1390 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://giris.bkm.com.tr/ HTTP 302
    https://giris.bkm.com.tr/?AspxAutoDetectCookieSupport=1 HTTP 302
    https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1& Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request MKYLogin
giris.bkm.com.tr/
Redirect Chain
  • https://giris.bkm.com.tr/
  • https://giris.bkm.com.tr/?AspxAutoDetectCookieSupport=1
  • https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
f9fcc4b3c7d4bd00ab3238d0796fa417add06d734899c3350aaa094987480844
Security Headers
Name Value
Content-Security-Policy default-src self unsafe-eval unsafe-inline; style-src self unsafe-inline; media-src *; img-src self data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Content-Encoding
gzip
Content-Length
2693
Content-Security-Policy
default-src self unsafe-eval unsafe-inline; style-src self unsafe-inline; media-src *; img-src self data: content:;
Content-Type
text/html; charset=utf-8
Date
Fri, 01 Mar 2024 10:20:10 GMT
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
XXSS-Protection
1

Redirect headers

Cache-Control
private
Content-Security-Policy
default-src self unsafe-eval unsafe-inline; style-src self unsafe-inline; media-src *; img-src self data: content:;
Content-Type
text/html; charset=utf-8
Date
Fri, 01 Mar 2024 10:20:10 GMT
Location
/MKYLogin??AspxAutoDetectCookieSupport=1&
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
XXSS-Protection
1
smartadmin-all.css
giris.bkm.com.tr/Features/wwwroot/statics/sa/css/ 		656 KB
157 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/css/smartadmin-all.css
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
d5c7f339c272cce41eec92a5e73a4f0d0d5538e49fcc9360d7ac069f54828b19
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Last-Modified
Wed, 15 Jan 2020 17:40:19 GMT
Date
Fri, 01 Mar 2024 10:20:10 GMT
ETag
"ce151adbcacbd51:0"
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
text/css
Transfer-Encoding
chunked
Cache-Control
max-age=86400
XXSS-Protection
1
Accept-Ranges
bytes
opensans.css
giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
a9d5b6df6b700b3b87a20f9d6fa867e936c97c43db7eb0445d345c3c1aa1db17
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Fri, 01 Mar 2024 07:58:40 GMT
Via
NS-CACHE-8.0: 1
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Age
8492
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Connection
Keep-Alive
Content-Length
715
Last-Modified
Wed, 15 Jan 2020 17:40:21 GMT
ETag
"9be2adccacbd51:0"
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
max-age=86400
XXSS-Protection
1
Accept-Ranges
bytes
veribranch-all.css
giris.bkm.com.tr/Features/wwwroot/statics/um/style/ 		24 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/um/style/veribranch-all.css
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
1067f5dc93bb19de7380b343ecb733f281e1ac0e7b3922cc70f7246655e883e1
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Fri, 01 Mar 2024 07:58:40 GMT
Via
NS-CACHE-8.0: 1
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Age
8492
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Connection
Keep-Alive
Content-Length
5903
Last-Modified
Wed, 15 Jan 2020 17:40:21 GMT
ETag
"141b44dccacbd51:0"
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
max-age=86400
XXSS-Protection
1
Accept-Ranges
bytes
plugins-all.css
giris.bkm.com.tr/Features/wwwroot/statics/css/ 		19 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/css/plugins-all.css
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
b23edc2c1cdadf8f9267bcfa570301a4f68470b9874b6302efa3091f414f57e4
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Fri, 01 Mar 2024 07:58:40 GMT
Via
NS-CACHE-8.0: 1
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Age
8491
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Connection
Keep-Alive
Content-Length
5030
Last-Modified
Wed, 15 Jan 2020 17:40:19 GMT
ETag
"dd2dd0dacacbd51:0"
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
max-age=86400
XXSS-Protection
1
Accept-Ranges
bytes
jquery-all.js
giris.bkm.com.tr/Features/wwwroot/statics/js/ 		325 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/js/jquery-all.js?v=1475671222761
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
3571df1cf4c2cec67611883b935b1e9233dc7deef99abe95d00b221c686820fc
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Last-Modified
Wed, 15 Jan 2020 17:40:19 GMT
Date
Fri, 01 Mar 2024 10:20:10 GMT
ETag
"e052f6dacacbd51:0"
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
application/javascript
Transfer-Encoding
chunked
Cache-Control
max-age=86400
XXSS-Protection
1
Accept-Ranges
bytes
smartadmin-all.js
giris.bkm.com.tr/Features/wwwroot/statics/sa/js/ 		112 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/js/smartadmin-all.js
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
d1c75260590a4b1d61756467f6ec737e1313b7106acb962e7e8094bc4ee7fbfe
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Thu, 29 Feb 2024 11:45:07 GMT
Via
NS-CACHE-8.0: 1
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Age
81305
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Connection
Keep-Alive
Content-Length
39649
Last-Modified
Wed, 15 Jan 2020 17:40:21 GMT
ETag
"9be2adccacbd51:0"
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
max-age=86400
XXSS-Protection
1
Accept-Ranges
bytes
BotDetectCaptcha.ashx
giris.bkm.com.tr/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/BotDetectCaptcha.ashx?get=layout-stylesheet
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
59efc3d7fef2a6404d5f42fbe24ab52f12241e9361d38d0755baf50037a70785
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Fri, 01 Mar 2024 10:20:10 GMT
Via
NS-CACHE-8.0: 1
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Age
1
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Connection
Keep-Alive
Content-Length
948
ETag
"KXJJMPKGFMQPYSV"
Vary
Accept-Encoding
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
public
XXSS-Protection
1
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Expires
Fri, 01 Mar 2024 11:20:10 GMT
captcha.js
api-prod.bkm.com.tr/bkmcaptcha/resources/v1/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api-prod.bkm.com.tr/bkmcaptcha/resources/v1/captcha.js
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.25 , Turkey, ASN15924 (BORUSANTELEKOM-AS, TR),
Reverse DNS
Software
/
Resource Hash
9b193f178e3b5aa0d9724145ac0d520495cf3088d666561cc9f96c9b2bfa6ecd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; style-src 'self'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Fri, 01 Mar 2024 10:20:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Fri, 15 Dec 2023 05:21:48 GMT
referrer-policy
strict-origin-when-cross-origin
content-security-policy
default-src 'self'; frame-src 'self' data:; style-src 'self'; img-src 'self' data:; font-src 'self' data:
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=2592000, private
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
accept-ranges
bytes
content-length
1302
x-xss-protection
1; mode=block
captcha.css
api-prod.bkm.com.tr/bkmcaptcha/resources/v1/ 		14 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api-prod.bkm.com.tr/bkmcaptcha/resources/v1/captcha.css
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.25 , Turkey, ASN15924 (BORUSANTELEKOM-AS, TR),
Reverse DNS
Software
/
Resource Hash
0b70416a9dae56dd5761fd1548e21b658c7ee4b124814d22f86afaaf606eff2c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; style-src 'self'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Fri, 01 Mar 2024 10:20:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Fri, 15 Dec 2023 05:21:48 GMT
referrer-policy
strict-origin-when-cross-origin
content-security-policy
default-src 'self'; frame-src 'self' data:; style-src 'self'; img-src 'self' data:; font-src 'self' data:
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
text/css
cache-control
max-age=2592000, private
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
accept-ranges
bytes
content-length
10263
x-xss-protection
1; mode=block
logo.png
giris.bkm.com.tr/Features/wwwroot/statics/pys/image/ 		71 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/pys/image/logo.png
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
5e0b05b02df9e164723d4626858c8e6b9abc630d8c3a9c751aa0382cc867155c
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Thu, 29 Feb 2024 11:06:05 GMT
Via
NS-CACHE-8.0: 1
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 15 Jan 2020 17:40:19 GMT
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Age
83648
ETag
"74669dbcacbd51:0"
X-Frame-Options
sameorigin
Content-Type
image/png
Cache-Control
max-age=86400
XXSS-Protection
1
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
72641
mybg.png
giris.bkm.com.tr/Features/wwwroot/statics/sa/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/img/mybg.png
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/Features/wwwroot/statics/sa/css/smartadmin-all.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
de596377f6ec54f0ed72ea194719439be686b2d3171df9242bab4f4e0af9dcef
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/css/smartadmin-all.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Thu, 29 Feb 2024 11:06:04 GMT
Via
NS-CACHE-8.0: 1
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 15 Jan 2020 17:40:19 GMT
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Age
83649
ETag
"699e42dbcacbd51:0"
X-Frame-Options
sameorigin
Content-Type
image/png
Cache-Control
max-age=86400
XXSS-Protection
1
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
2841
fontawesome-webfont.woff
giris.bkm.com.tr/Features/wwwroot/statics/sa/fonts/ 		82 KB
83 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/Features/wwwroot/statics/sa/css/smartadmin-all.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/css/smartadmin-all.css
Origin
https://giris.bkm.com.tr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
X-Content-Type-Options
nosniff
Date
Fri, 01 Mar 2024 10:20:11 GMT
Last-Modified
Wed, 15 Jan 2020 17:40:19 GMT
ETag
"eb9f23dbcacbd51:0"
X-Frame-Options
sameorigin
Content-Type
font/x-woff
XXSS-Protection
1
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Length
83760
open-sans-v13-latin_latin-ext-300.woff2
giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/open-sans-v13-latin_latin-ext-300.woff2
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Origin
https://giris.bkm.com.tr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Thu, 29 Feb 2024 11:15:13 GMT
Via
NS-CACHE-8.0: 1
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Age
83100
ETag
"KXJJMPKGFMRXKUV"
X-Frame-Options
sameorigin
Content-Type
text/html
Cache-Control
max-age=86400
XXSS-Protection
1
Connection
Keep-Alive
Content-Length
1245
open-sans-v13-latin_latin-ext-regular.woff2
giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/open-sans-v13-latin_latin-ext-regular.woff2
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Origin
https://giris.bkm.com.tr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Thu, 29 Feb 2024 11:13:35 GMT
Via
NS-CACHE-8.0: 1
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Age
83198
ETag
"KXJJMPKGFMPKLUV"
X-Frame-Options
sameorigin
Content-Type
text/html
Cache-Control
max-age=86400
XXSS-Protection
1
Connection
Keep-Alive
Content-Length
1245
open-sans-v13-latin_latin-ext-regular.woff
giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/open-sans-v13-latin_latin-ext-regular.woff
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
0cbc1f593f367f6ebdbb37bb8e80c2538b216b3c481ec8629c653b2cd2c1e94e
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Origin
https://giris.bkm.com.tr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Thu, 29 Feb 2024 11:06:06 GMT
Via
NS-CACHE-8.0: 1
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 15 Jan 2020 17:40:21 GMT
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Age
83648
ETag
"c5731dccacbd51:0"
X-Frame-Options
sameorigin
Content-Type
font/x-woff
Cache-Control
max-age=86400
XXSS-Protection
1
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
33060
open-sans-v13-latin_latin-ext-300.woff
giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/ 		33 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/open-sans-v13-latin_latin-ext-300.woff
Requested by
Host: giris.bkm.com.tr
URL: https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.244.244.176 , Turkey, ASN33830 (BKM-AS, TR),
Reverse DNS
Software
/
Resource Hash
738ed6a2c5aaca5fc9a513061f9ec20a326fb97d6a88b220109bc8a2037dab56
Security Headers
Name Value
Content-Security-Policy default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/opensans.css
Origin
https://giris.bkm.com.tr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date
Thu, 29 Feb 2024 11:06:05 GMT
Via
NS-CACHE-8.0: 1
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Last-Modified
Wed, 15 Jan 2020 17:40:21 GMT
Content-Security-Policy
default-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’; style-src ‘self’ ‘unsafe-inline’; media-src *; img-src ‘self’ data: content:;
Age
83649
ETag
"fda6fdccacbd51:0"
X-Frame-Options
sameorigin
Content-Type
font/x-woff
Cache-Control
max-age=86400
XXSS-Protection
1
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
33704

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| root boolean| debugState string| debugStyle string| debugStyle_green string| debugStyle_red string| debugStyle_warning string| debugStyle_success string| debugStyle_error number| throttle_delay number| menu_speed boolean| menu_accordion boolean| enableJarvisWidgets boolean| localStorageJarvisWidgets boolean| sortableJarvisWidgets boolean| enableMobileWidgets boolean| fastClick object| boxList object| showList object| nameList object| idList object| chatbox_config object| ignore_key_elms boolean| voice_command boolean| voice_command_auto string| voice_command_lang boolean| voice_localStorage object| commands function| SmartUnLoading function| getInternetExplorerVersion function| checkVersion function| isIE8orlower number| ExistMsg number| SmartMSGboxCount number| PrevTop number| BigBoxes number| SmallBoxes number| SmallCount number| SmallBoxesAnchos function| FastClick function| runAllForms function| runAllCharts function| setup_widgets_desktop function| setup_widgets_mobile function| loadScript function| checkURL function| loadURL function| drawBreadCrumb function| pageSetUp function| getParam function| calc_navbar_height function| navbar_height object| shortcut_dropdown object| bread_crumb boolean| topmenu string| thisDevice boolean| ismobile object| jsArray object| initApp undefined| ie boolean| gMapsLoaded function| gMapsCallback function| loadGoogleMaps object| _timeoutRefreshCountMap function| _getCaptchaHTML function| _getReloadCount function| _setReloadCount function| _onImageError function| _onImageSuccess function| _getCaptcha function| _setRefreshTimeout function| _loadAllCaptchasByClassName function| _loadCaptchaById function| loadCaptcha object| featureVersions function| IsTurkishChars function| IsAlphaNUmeric function| GetWhichCode object| $this

10 Cookies

Domain/Path Name / Value
.bkm.com.tr/ Name: AspxAutoDetectCookieSupport
Value: 1
.giris.bkm.com.tr/ Name: TS010c0f73
Value: 0100593e02a86cdf33858fa1bfdffc24551d41c8e1fb6d0427251ff4ffb4b9fd5774e5aedc05af988d9af0aa3fb032ada18cc5b0fc
.bkm.com.tr/ Name: ASP.NET_SessionId
Value: 5ldpyphh1i2x13aklkis2f3k
.bkm.com.tr/ Name: XSRF-TOKEN
Value: OGGBRg_wqm4C-G5gDRgnxAzStgWyA54XsBL5F38djRvo2krUyRHhrI1ovFUaRZxOPDLZtieeaEbjZq5X8oe-ScA8Cco1
.bkm.com.tr/ Name: __RequestVerificationToken
Value: mhQXGebIC_fOUjx3JBt5gDx7BYkVLhSKHIUBFzJoPMGRgotOLJme94e_VBnkvtoWWKOv5nV1d6DYvrfnrTkbYeUEo2I1
.bkm.com.tr/ Name: TS0138e516
Value: 0100593e02af1cff709f64cfda16235128e7a67ffbfb6d0427251ff4ffb4b9fd5774e5aedc5cb138de46b8b64b315246b878cfe35ed9738b3c77dd1de6ae3ef57f80307c39c8e6ff55e57c90dc7a1154b4837454909204ecdf14115130cec200b527d5b177077bbb61cfd35374e2641a421a51384b56f0cac5f61a438126cfe823985c5772
api-prod.bkm.com.tr/ Name: 98b1f01514b95899e92876edf1757948
Value: 69e7ae1d75654fd7277a127f5330f1af
.api-prod.bkm.com.tr/ Name: TS01c1cfc4
Value: 0100593e025debdfbf4edced653efcc4ed0df651e919bde3d4281922ce053b24b2742318c31840efe2787aa7d53e20391058615823db68fb213ef5563824653bf8f0fc50cf
api-prod.bkm.com.tr/ Name: TScdf8a186027
Value: 08bcbf7f6cab2000863f9fd6c1e1fd6e682147081b9cc4b893f2fb363016924a2cb5a606fdc9679708d610a85f1130000cc88fbd227cd155236bb63883eaa56a566d48bdb087479b5bc63161cadfe145935baf683e81df37cf6064909e486a37
giris.bkm.com.tr/ Name: TS5cea099c027
Value: 08bcbf7f6cab20005889b962885b842bf0090dec7761551ce4abe274f5a18ff5dec735d494e70c3b0822348af91130003ae8e582d7123ba7236bb63883eaa56a2a38fca7fff9f781bfa4075e5a7a7bed555e995f77249c82a4ca844f3c802b62

5 Console Messages

Source Level URL
Text
security error URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Message:
The value for the Content-Security-Policy directive 'default-src' contains one or more invalid characters. In a source expression, non-whitespace characters outside ASCII 0x21-0x7E must be Punycode-encoded, as described in RFC 3492 (https://tools.ietf.org/html/rfc3492), if part of the hostname and percent-encoded, as described in RFC 3986, section 2.1 (http://tools.ietf.org/html/rfc3986#section-2.1), if part of the path.
security error URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Message:
The value for the Content-Security-Policy directive 'style-src' contains one or more invalid characters. In a source expression, non-whitespace characters outside ASCII 0x21-0x7E must be Punycode-encoded, as described in RFC 3492 (https://tools.ietf.org/html/rfc3492), if part of the hostname and percent-encoded, as described in RFC 3986, section 2.1 (http://tools.ietf.org/html/rfc3986#section-2.1), if part of the path.
security error URL: https://giris.bkm.com.tr/MKYLogin??AspxAutoDetectCookieSupport=1&
Message:
The value for the Content-Security-Policy directive 'img-src' contains one or more invalid characters. In a source expression, non-whitespace characters outside ASCII 0x21-0x7E must be Punycode-encoded, as described in RFC 3492 (https://tools.ietf.org/html/rfc3492), if part of the hostname and percent-encoded, as described in RFC 3986, section 2.1 (http://tools.ietf.org/html/rfc3986#section-2.1), if part of the path.
network error URL: https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/open-sans-v13-latin_latin-ext-regular.woff2
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://giris.bkm.com.tr/Features/wwwroot/statics/sa/opensans/fonts/open-sans-v13-latin_latin-ext-300.woff2
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src self unsafe-eval unsafe-inline; style-src self unsafe-inline; media-src *; img-src self data: content:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin