haberyok.com Open in urlscan Pro
45.14.164.34 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://haberyok.com/fn/
Effective URL:
https://haberyok.com/fn/login.php
Submission: On February 21 via api (February 21st 2024, 12:58:24 am UTC) from TR — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 45.14.164.34, located in Reston, United States and belongs to DATEMA, TR. The main domain is haberyok.com.
TLS certificate: Issued by R3 on February 18th 2024. Valid for: 3 months.

This is the only time haberyok.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: First National Bank of Omaha (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 16	45.14.164.34 45.14.164.34	60446 (DATEMA) (DATEMA)
1	151.101.195.10 151.101.195.10	54113 (FASTLY) (FASTLY)
16	2

16 45.14.164.34 (Reston, United States) 1 redirects

ASN60446 (DATEMA, TR)
PTR: server.dnspanel.com.tr

haberyok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.195.10 (United States)

ASN54113 (FASTLY, US)

www.card.fnbo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	haberyok.com 1 redirects haberyok.com	304 KB
1	fnbo.com www.card.fnbo.com — Cisco Umbrella Rank: 123630	1 KB
16	2

	Domain	Requested by
16	haberyok.com	1 redirects haberyok.com
1	www.card.fnbo.com	haberyok.com
16	2

This site contains no links.

Subject Issuer	Validity	Valid
*.haberyok.com R3	`2024-02-18` - `2024-05-18`	3 months	crt.sh
www.card.fnbo.com Sectigo RSA Organization Validation Secure Server CA	`2024-02-20` - `2025-02-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://haberyok.com/fn/login.php
Frame ID: 639FF320791E6FCED4B0BB11FB0BA56A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

securebanklogin.com - Sign In

Page URL History Show full URLs

https://haberyok.com/fn/ HTTP 302
https://haberyok.com/fn/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

305 kB
Transfer

304 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://haberyok.com/fn/ HTTP 302
https://haberyok.com/fn/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
haberyok.com/fn/
Redirect Chain

https://haberyok.com/fn/
https://haberyok.com/fn/login.php

16 KB
16 KB

115ms
112ms

Document
text/html

45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash: c0beda436133caaaea529e8f3cc2019165e53568bbaa7b79fa09b3949dd6ce8a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 21 Feb 2024 00:58:18 GMT
Keep-Alive: timeout=5, max=99
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 21 Feb 2024 00:58:18 GMT
Keep-Alive: timeout=5, max=100
Location: ./login.php
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 200
OK okta-sign-in.min.css
haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/ 253 KB
253 KB 93ms
72ms Stylesheet
text/css 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash: 884a2fedbcfd95e5316c709a650f133d488e667ced4d36cad7361badf09e6573

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://haberyok.com/fn/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:18 GMT
Last-Modified: Sun, 10 Dec 2023 03:18:50 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 259158

GET
H/1.1 200
OK custom-signin.737a914842b846fb44d117b7a2900fcb.css
haberyok.com/fn/assets/loginpage/css/ 11 KB
11 KB 134ms
71ms Stylesheet
text/css 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash: 61ba05532ac15dc4d27d7c63b94e3a52354b03842c8bc08e106650c1217225e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://haberyok.com/fn/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:18 GMT
Last-Modified: Sun, 10 Dec 2023 03:18:50 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 11325

GET
H2 200 fnbo-simple-green.svg
www.card.fnbo.com/content/dam/fnbo/logos/ 2 KB
1 KB 262ms
40ms Image
image/svg+xml 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.card.fnbo.com/content/dam/fnbo/logos/fnbo-simple-green.svg

Requested by

Host: haberyok.com
URL: https://haberyok.com/fn/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

acf4af3d7cda611d7d3f64fffe00bde4c3ad92dd6bb45ba3596f085c674987c2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' fnbo.com *.fnbo.com www.fnbo.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://haberyok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload;
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' fnbo.com *.fnbo.com www.fnbo.com;
date: Wed, 21 Feb 2024 00:58:18 GMT
age: 69
x-vhost: publish
x-cache: HIT
content-disposition: inline
content-length: 872
x-xss-protection: 1; mode=block
x-served-by: cache-fra-etou8220062-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 30 Nov 2021 23:47:32 GMT
x-timer: S1708477099.850043,VS0,VS0,VE2
etag: "658-5d20a2e4f2d00-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=300
accept-ranges: bytes

GET
H/1.1 200
OK logo-equal-housing-lender.png
haberyok.com/fn/brand/images/ 19 KB
19 KB 140ms
71ms Image
image/png 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://haberyok.com/fn/brand/images/logo-equal-housing-lender.png
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash: c605c016ef2e50c11792b9813e19ce69d04a85c39dfaa96d13b369ee7f002a59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://haberyok.com/fn/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:18 GMT
Last-Modified: Sun, 10 Dec 2023 03:18:50 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 19437

GET
H/1.1 200
OK checkbox-sign-in-widget.png
haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/img/ui/forms/ 3 KB
3 KB 74ms
72ms Image
image/png 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/img/ui/forms/checkbox-sign-in-widget.png
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash: 40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:18 GMT
Last-Modified: Sun, 10 Dec 2023 03:18:50 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3141

GET
H/1.1 200
OK proximanova-reg-webfont.353416ed0ff540352235.woff2
haberyok.com/fn/assets/loginpage/font/assets/ 122 B
364 B 72ms
71ms Font
font/woff2 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash: 5e88cabd5d44266ff53ef2d8faa4a5abd39ae92dd23adcfb16597e1065bbce78

Request headers

Referer: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:18 GMT
Last-Modified: Sun, 10 Dec 2023 03:18:50 GMT
Server: Apache
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 122

GET
H/1.1 200
OK proximanova-sbold-webfont.41acb8650115f83780fc.woff2
haberyok.com/fn/assets/loginpage/font/assets/ 124 B
367 B 72ms
71ms Font
font/woff2 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash: 5572db259bd8f0bb0941c6f694bfe57acf8cff8d465de8602c16609c8c97c9d5

Request headers

Referer: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:18 GMT
Last-Modified: Sun, 10 Dec 2023 03:18:50 GMT
Server: Apache
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 124

GET
H/1.1 404
Not Found proximanova-reg-webfont.51ac1a980f546ac17d67.woff
haberyok.com/fn/assets/loginpage/font/assets/ 0
0 71ms
71ms Font
text/html 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-reg-webfont.51ac1a980f546ac17d67.woff
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash

Request headers

Referer: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found proximanova-sbold-webfont.78cef0e33b9c7cebcf75.woff
haberyok.com/fn/assets/loginpage/font/assets/ 0
0 71ms
71ms Font
text/html 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-sbold-webfont.78cef0e33b9c7cebcf75.woff
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash

Request headers

Referer: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found proximanova-reg-webfont.f9f2259180c0e36006aa.ttf
haberyok.com/fn/assets/loginpage/font/assets/ 0
0 71ms
71ms Font
text/html 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-reg-webfont.f9f2259180c0e36006aa.ttf
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash

Request headers

Referer: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found proximanova-sbold-webfont.25ecfa3e3cee8643c95e.ttf
haberyok.com/fn/assets/loginpage/font/assets/ 0
0 71ms
71ms Font
text/html 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-sbold-webfont.25ecfa3e3cee8643c95e.ttf
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash

Request headers

Referer: https://haberyok.com/fn/assets/loginpage/css/custom-signin.737a914842b846fb44d117b7a2900fcb.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found montserrat-okta-light-webfont.woff
haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/ 0
0 71ms
71ms Font
text/html 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-light-webfont.woff
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash

Request headers

Referer: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found montserrat-okta-regular-webfont.woff
haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/ 0
0 71ms
71ms Font
text/html 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-regular-webfont.woff
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash

Request headers

Referer: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found montserrat-okta-light-webfont.ttf
haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/ 0
0 71ms
70ms Font
text/html 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-light-webfont.ttf
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash

Request headers

Referer: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found montserrat-okta-regular-webfont.ttf
haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/ 0
0 71ms
70ms Font
text/html 45.14.164.34
DATEMA

General

Check archive.org

Show headers Download Go to

Full URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-regular-webfont.ttf
Requested by: Host: haberyok.com
URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.14.164.34 Reston, United States, ASN60446 (DATEMA, TR),
Reverse DNS: server.dnspanel.com.tr
Software: Apache /
Resource Hash

Request headers

Referer: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/css/okta-sign-in.min.css
Origin: https://haberyok.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Wed, 21 Feb 2024 00:58:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: First National Bank of Omaha (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| checkbox

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://haberyok.com/fn/login.php Message: Failed to decode downloaded font: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
other	warning	URL: https://haberyok.com/fn/login.php Message: OTS parsing error: invalid sfntVersion: 1315905603
other	warning	URL: https://haberyok.com/fn/login.php Message: Failed to decode downloaded font: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2
other	warning	URL: https://haberyok.com/fn/login.php Message: OTS parsing error: invalid sfntVersion: 1315905603
network	error	URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-reg-webfont.51ac1a980f546ac17d67.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-sbold-webfont.78cef0e33b9c7cebcf75.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-reg-webfont.f9f2259180c0e36006aa.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://haberyok.com/fn/assets/loginpage/font/assets/proximanova-sbold-webfont.25ecfa3e3cee8643c95e.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-light-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-regular-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-light-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://haberyok.com/fn/assets/js/sdk/okta-signin-widget/7.12.2/font/montserrat-okta-regular-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

haberyok.com
www.card.fnbo.com
151.101.195.10
45.14.164.34
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
5572db259bd8f0bb0941c6f694bfe57acf8cff8d465de8602c16609c8c97c9d5
5e88cabd5d44266ff53ef2d8faa4a5abd39ae92dd23adcfb16597e1065bbce78
61ba05532ac15dc4d27d7c63b94e3a52354b03842c8bc08e106650c1217225e9
884a2fedbcfd95e5316c709a650f133d488e667ced4d36cad7361badf09e6573
acf4af3d7cda611d7d3f64fffe00bde4c3ad92dd6bb45ba3596f085c674987c2
c0beda436133caaaea529e8f3cc2019165e53568bbaa7b79fa09b3949dd6ce8a
c605c016ef2e50c11792b9813e19ce69d04a85c39dfaa96d13b369ee7f002a59

haberyok.com Open in urlscan Pro 45.14.164.34 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

305 kBTransfer

304 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

12 Console Messages

Indicators

haberyok.com Open in urlscan Pro
45.14.164.34 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

305 kB
Transfer

304 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!