qnbfinansbankesi.com Open in urlscan Pro
104.24.127.204 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://qnbfinansbankesi.com/TR
Effective URL:
https://qnbfinansbankesi.com/TR/
Submission: On May 18 via automatic, source twitter_illegalFawn (May 18th 2018, 3:04:51 pm UTC)

Summary HTTP 19 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 104.24.127.204, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is qnbfinansbankesi.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on May 8th 2018. Valid for: 6 months.

This is the only time qnbfinansbankesi.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Finansbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	104.24.126.204 104.24.126.204	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 12	104.24.127.204 104.24.127.204	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	198.41.215.154 198.41.215.154	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	62.108.64.94 62.108.64.94	8831 (FINANSBAN...) (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad.)
19	3

2 104.24.126.204 (San Francisco, United States) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

qnbfinansbankesi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.24.127.204 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

qnbfinansbankesi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.41.215.154 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ssif1.globalsign.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
seal.globalsign.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 62.108.64.94 (Istanbul, Turkey)

ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR)

internetsubesi.qnbfinansbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	qnbfinansbankesi.com 3 redirects qnbfinansbankesi.com	41 KB
5	qnbfinansbank.com internetsubesi.qnbfinansbank.com	53 KB
3	globalsign.com ssif1.globalsign.com seal.globalsign.com	5 KB
19	3

	Domain	Requested by
14	qnbfinansbankesi.com	3 redirects qnbfinansbankesi.com
5	internetsubesi.qnbfinansbank.com	qnbfinansbankesi.com
2	ssif1.globalsign.com	qnbfinansbankesi.com
1	seal.globalsign.com	qnbfinansbankesi.com
19	4

This site contains links to these domains. Also see Links.

Domain
internetsubesi.qnbfinansbank.com
www.qnbfinansbank.com

Subject Issuer	Validity	Valid
sni136630.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-05-08` - `2018-11-14`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://qnbfinansbankesi.com/TR/
Frame ID: 762BBFA89BA52061F1D5A7B739DBD701
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://qnbfinansbankesi.com/TR HTTP 301
https://qnbfinansbankesi.com/TR HTTP 301
http://qnbfinansbankesi.com/TR/ HTTP 301
https://qnbfinansbankesi.com/TR/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Page Statistics

19
Requests

58 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

98 kB
Transfer

142 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://internetsubesi.qnbfinansbank.com/Login/LoginPage.aspx
Title: tıklayınız

Search URL Search Domain Scan URL

URL: https://www.qnbfinansbank.com/bankacilik/alternatif-dagitim-kanallari/internet-bankaciligi/internet-bankaciligi-kullaniminda-guvenlik.aspx
Title: buraya

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://qnbfinansbankesi.com/TR HTTP 301
https://qnbfinansbankesi.com/TR HTTP 301
http://qnbfinansbankesi.com/TR/ HTTP 301
https://qnbfinansbankesi.com/TR/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response qnbfinansbankesi.com/TR/ Redirect Chain http://qnbfinansbankesi.com/TR https://qnbfinansbankesi.com/TR http://qnbfinansbankesi.com/TR/ https://qnbfinansbankesi.com/TR/	15 KB 4 KB	128ms 128ms	Document text/html	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `e9994361f5db84baab29c86c11dfe2eb18501a3208b7620e248c9ba87b4fa00d` Request headers :method GET :authority qnbfinansbankesi.com :scheme https :path /TR/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 762BBFA89BA52061F1D5A7B739DBD701 Response headers status 200 date Fri, 18 May 2018 15:04:40 GMT content-type text/html x-powered-by PleskLin ms-author-via DAV expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 41cf37b62cf5636d-FRA content-encoding gzip Redirect headers Date Fri, 18 May 2018 15:04:40 GMT Transfer-Encoding chunked Connection keep-alive Cache-Control max-age=3600 Expires Fri, 18 May 2018 16:04:40 GMT Location https://qnbfinansbankesi.com/TR/ Server cloudflare CF-RAY 41cf37b612529718-FRA
GET H2	200	FinansbankLoginStyle.css qnbfinansbankesi.com/TR/index_files/	25 KB 3 KB	129ms 126ms	Stylesheet text/css	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://qnbfinansbankesi.com/TR/index_files/FinansbankLoginStyle.css Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `a900fda991cc346407c33cbc88ce237afc6c76d91962e49de1bbf30e1c3b9e23` Request headers :path /TR/index_files/FinansbankLoginStyle.css pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/ :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:40 GMT content-encoding gzip cf-cache-status REVALIDATED last-modified Sun, 04 Mar 2018 00:04:34 GMT server cloudflare x-powered-by PleskLin etag W/"5a9b3812-6440" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 41cf37b70d70636d-FRA expires Fri, 18 May 2018 19:04:40 GMT
GET H2	200	loginmain.css qnbfinansbankesi.com/TR/index_files/	15 KB 2 KB	109ms 107ms	Stylesheet text/css	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://qnbfinansbankesi.com/TR/index_files/loginmain.css Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `25e9a8613f27a1ef95b69fde6317e012e51168db94a6cca207a7eff6d76d69ab` Request headers :path /TR/index_files/loginmain.css pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/ :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:40 GMT content-encoding gzip cf-cache-status REVALIDATED last-modified Sun, 04 Mar 2018 00:00:58 GMT server cloudflare x-powered-by PleskLin etag W/"5a9b373a-3cdd" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 41cf37b70d72636d-FRA expires Fri, 18 May 2018 19:04:40 GMT
GET H2	200	loader.gif qnbfinansbankesi.com/TR/index_files/	7 KB 7 KB	100ms 98ms	Image image/gif	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://qnbfinansbankesi.com/TR/index_files/loader.gif Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `8f0ce7a451aca53c1c25686de641067fd9eef2c40298e847593b52079da46c4b` Request headers :path /TR/index_files/loader.gif pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/ :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:40 GMT cf-cache-status REVALIDATED last-modified Sun, 04 Mar 2018 00:01:00 GMT server cloudflare x-powered-by PleskLin etag "5a9b373c-1bbe" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 41cf37b70d73636d-FRA content-length 7102 expires Fri, 18 May 2018 19:04:40 GMT
GET S	200	siteSeal.do Show response ssif1.globalsign.com/SiteSeal/siteSeal/siteSeal/	0 95 B	290ms 290ms	Script text/html	198.41.215.154 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ssif1.globalsign.com/SiteSeal/siteSeal/siteSeal/siteSeal.do?p1=internetsubesi.qnbfinansbank.com&p2=SZ110-45&p3=image&p4=en&p5=V0023&p6=S001&p7=https Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol SPDY Server 198.41.215.154 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers status 200 date Fri, 18 May 2018 15:04:41 GMT content-encoding gzip server cloudflare cf-ray 41cf37b70dc76409-FRA expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/html
GET S	200	siteSealImage.do ssif1.globalsign.com/SiteSeal/siteSeal/siteSeal/	4 KB 4 KB	256ms 255ms	Image image/png	198.41.215.154 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://ssif1.globalsign.com/SiteSeal/siteSeal/siteSeal/siteSealImage.do?p1=internetsubesi.qnbfinansbank.com&p2=SZ110-45&p3=image&p4=en&p5=V0023&p6=S001&p7=https&deterDn= Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol SPDY Server 198.41.215.154 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `875d526ba0fe340d3643353968c5d19bfad603af7b35d25f74c15e47704e7610` Request headers Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:41 GMT via AX-CACHE-2.7:45 server cloudflare age 3358 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type image/png status 200 cf-ray 41cf37b7ce3a6409-FRA content-length 4087
GET S	200	gmogs_image_110-45_en_dblue.js Show response seal.globalsign.com/SiteSeal/	2 KB 914 B	16ms 15ms	Script application/javascript	198.41.215.154 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://seal.globalsign.com/SiteSeal/gmogs_image_110-45_en_dblue.js Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol SPDY Server 198.41.215.154 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `a05826090ec74ff3f28479211fd28065237aa75fb9c7ba2bb320c731a5e45f70` Request headers Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers cf-ray 41cf37b7ce396409-FRA date Fri, 18 May 2018 15:04:40 GMT via AX-CACHE-2.7:34 cf-cache-status HIT last-modified Tue, 24 Apr 2018 05:25:14 GMT server cloudflare etag W/"1652-1524547514000" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=43200 content-encoding gzip expires Sat, 19 May 2018 03:04:40 GMT
GET H2	200	content_title_left.png qnbfinansbankesi.com/TR/index_files/	15 KB 15 KB	94ms 93ms	Image image/png	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://qnbfinansbankesi.com/TR/index_files/content_title_left.png Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `9a2765ce8c2c1b3ab845aa9d69528351bf4f9bce5c1142479be9a5c7a7865577` Request headers :path /TR/index_files/content_title_left.png pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/ :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:40 GMT cf-cache-status REVALIDATED last-modified Sun, 04 Mar 2018 00:01:00 GMT server cloudflare x-powered-by PleskLin etag "5a9b373c-3bbe" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 41cf37b70d74636d-FRA content-length 15294 expires Fri, 18 May 2018 19:04:40 GMT
GET H2	200	content_title_right.png qnbfinansbankesi.com/TR/index_files/	1 KB 1 KB	53ms 52ms	Image image/png	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://qnbfinansbankesi.com/TR/index_files/content_title_right.png Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `4288f17db6c0ddf260f7a73a8d40ddd2dbde9b0ce30fef8b7b4844c291a4a041` Request headers :path /TR/index_files/content_title_right.png pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/ :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:40 GMT cf-cache-status REVALIDATED last-modified Sun, 04 Mar 2018 00:01:00 GMT server cloudflare x-powered-by PleskLin etag "5a9b373c-482" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 41cf37b70d76636d-FRA content-length 1154 expires Fri, 18 May 2018 19:04:40 GMT
GET H2	200	content_ok.png qnbfinansbankesi.com/TR/index_files/	1 KB 1 KB	103ms 102ms	Image image/png	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://qnbfinansbankesi.com/TR/index_files/content_ok.png Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `7f9856451b35e2bdad8f886132298558d91a43acdf686f40e18d3d95ba01eb32` Request headers :path /TR/index_files/content_ok.png pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/ :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:40 GMT cf-cache-status REVALIDATED last-modified Sun, 04 Mar 2018 00:01:00 GMT server cloudflare x-powered-by PleskLin etag "5a9b373c-428" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 41cf37b70d77636d-FRA content-length 1064 expires Fri, 18 May 2018 19:04:40 GMT
GET H2	200	guvenlik_top.png qnbfinansbankesi.com/TR/index_files/	1 KB 1 KB	106ms 105ms	Image image/png	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://qnbfinansbankesi.com/TR/index_files/guvenlik_top.png Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `1add688782519f1f33deaf5a1a2042b51a6c25db796af48796ff4eada25231e9` Request headers :path /TR/index_files/guvenlik_top.png pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/ :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:40 GMT cf-cache-status REVALIDATED last-modified Sun, 04 Mar 2018 00:01:00 GMT server cloudflare x-powered-by PleskLin etag "5a9b373c-529" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 41cf37b70d78636d-FRA content-length 1321 expires Fri, 18 May 2018 19:04:40 GMT
GET H2	200	guvenlik_bottom.png qnbfinansbankesi.com/TR/index_files/	2 KB 2 KB	118ms 116ms	Image image/png	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://qnbfinansbankesi.com/TR/index_files/guvenlik_bottom.png Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `8b0bd6f54d36ad05ec14dda8b2450a9af826ac4030f304c6efbe460a679fc6ac` Request headers :path /TR/index_files/guvenlik_bottom.png pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/ :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:40 GMT cf-cache-status REVALIDATED last-modified Sun, 04 Mar 2018 00:01:00 GMT server cloudflare x-powered-by PleskLin etag "5a9b373c-865" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 41cf37b70d79636d-FRA content-length 2149 expires Fri, 18 May 2018 19:04:40 GMT
GET H2	404	footer-bg.jpg qnbfinansbankesi.com/Content/Images/	1 KB 1 KB	85ms 85ms	Image text/html	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://qnbfinansbankesi.com/Content/Images/footer-bg.jpg?uid=508864750 Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `023234d27727597531ea8f4bb17689c0a72065cbf894fa4d5431619074fd8784` Request headers :path /Content/Images/footer-bg.jpg?uid=508864750 pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/index_files/loginmain.css :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/index_files/loginmain.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:41 GMT content-encoding gzip ms-author-via DAV cf-cache-status MISS last-modified Wed, 16 May 2018 10:42:41 GMT server cloudflare x-powered-by PleskLin expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 404 cache-control public, max-age=14400 cf-ray 41cf37b8de45636d-FRA expires Fri, 18 May 2018 19:04:41 GMT
GET H/1.1	200 OK	subcontentbackground.jpg internetsubesi.qnbfinansbank.com/Content/Images/	17 KB 17 KB	50ms 50ms	Image image/jpeg	62.108.64.94 FINANSBANK Inkila...
General Check archive.org Show headers Download Go to Show image Full URL https://internetsubesi.qnbfinansbank.com/Content/Images/subcontentbackground.jpg?uid=508864734 Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol HTTP/1.1 Server 62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR), Reverse DNS Software / Resource Hash `c63fb77054d1a2ccffdd32fcffff802e34543cc6d28fa2580e29d2c05f271f64` Request headers Referer https://qnbfinansbankesi.com/TR/index_files/FinansbankLoginStyle.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Wed, 09 May 2018 08:58:15 GMT Via Copyright Finansbank A.S. Expires Thu, 09 May 2019 08:58:15 GMT Cache-Control max-age=31536000 ,public Content-Length 17297 Connection Keep-Alive Content-Type image/jpeg
GET H/1.1	200 OK	arrow.png internetsubesi.qnbfinansbank.com/Content/Images/	1 KB 1 KB	45ms 45ms	Image image/png	62.108.64.94 FINANSBANK Inkila...
General Check archive.org Show headers Download Go to Show image Full URL https://internetsubesi.qnbfinansbank.com/Content/Images/arrow.png?uid=508864734 Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol HTTP/1.1 Server 62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR), Reverse DNS Software / Resource Hash `e6d74b1fa656995627ce5e8b0839a62b0ffd54b8de7be4f2e40eae2c92b968c8` Request headers Referer https://qnbfinansbankesi.com/TR/index_files/FinansbankLoginStyle.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Wed, 09 May 2018 08:58:15 GMT Via Copyright Finansbank A.S. Expires Thu, 09 May 2019 08:58:15 GMT Cache-Control max-age=31536000 ,public Content-Length 1095 Connection Keep-Alive Content-Type image/png
GET H/1.1	200 OK	guvenlik_middle.png internetsubesi.qnbfinansbank.com/Content/Images/	1011 B 1 KB	48ms 48ms	Image image/png	62.108.64.94 FINANSBANK Inkila...
General Check archive.org Show headers Download Go to Show image Full URL https://internetsubesi.qnbfinansbank.com/Content/Images/guvenlik_middle.png?uid=508864734 Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol HTTP/1.1 Server 62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR), Reverse DNS Software / Resource Hash `78f5f2bc9315d1c7371fb1a4d6480a9e7625bafe95e84fcda47e3552c561c02a` Request headers Referer https://qnbfinansbankesi.com/TR/index_files/FinansbankLoginStyle.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Wed, 09 May 2018 08:58:14 GMT Via Copyright Finansbank A.S. Expires Thu, 09 May 2019 08:58:14 GMT Cache-Control max-age=31536000 ,public Content-Length 1011 Connection Keep-Alive Content-Type image/png
GET H2	404	alert-icon.png qnbfinansbankesi.com/Content/Images/	1 KB 1 KB	91ms 91ms	Image text/html	104.24.127.204 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://qnbfinansbankesi.com/Content/Images/alert-icon.png?uid=508864750 Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.24.127.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PleskLin Resource Hash `023234d27727597531ea8f4bb17689c0a72065cbf894fa4d5431619074fd8784` Request headers :path /Content/Images/alert-icon.png?uid=508864750 pragma no-cache cookie __cfduid=dcf695a222514e71dfdabea06751da0a41526655880 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority qnbfinansbankesi.com referer https://qnbfinansbankesi.com/TR/index_files/loginmain.css :scheme https :method GET Referer https://qnbfinansbankesi.com/TR/index_files/loginmain.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Fri, 18 May 2018 15:04:41 GMT content-encoding gzip ms-author-via DAV cf-cache-status MISS last-modified Wed, 16 May 2018 10:42:41 GMT server cloudflare x-powered-by PleskLin expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 404 cache-control public, max-age=14400 cf-ray 41cf37b8de46636d-FRA expires Fri, 18 May 2018 19:04:41 GMT
GET H/1.1	200 OK	content_title_middle.png internetsubesi.qnbfinansbank.com/Content/Images/	940 B 1 KB	45ms 45ms	Image image/png	62.108.64.94 FINANSBANK Inkila...
General Check archive.org Show headers Download Go to Show image Full URL https://internetsubesi.qnbfinansbank.com/Content/Images/content_title_middle.png?uid=508864734 Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol HTTP/1.1 Server 62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR), Reverse DNS Software / Resource Hash `6808ca18e58479c6cbcdba51591d3bfa58f4cb75c6a23f13afa418ceec50f650` Request headers Referer https://qnbfinansbankesi.com/TR/index_files/FinansbankLoginStyle.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Fri, 18 May 2018 03:19:19 GMT Via Copyright Finansbank A.S. Expires Sat, 18 May 2019 03:19:19 GMT Cache-Control max-age=31536000 ,public Content-Length 940 Connection Keep-Alive Content-Type image/png
GET H/1.1	200 OK	header.jpg internetsubesi.qnbfinansbank.com/Content/Images/	32 KB 32 KB	46ms 46ms	Image image/jpeg	62.108.64.94 FINANSBANK Inkila...
General Check archive.org Show headers Download Go to Show image Full URL https://internetsubesi.qnbfinansbank.com/Content/Images/header.jpg?uid=508864734 Requested by Host: qnbfinansbankesi.com URL: https://qnbfinansbankesi.com/TR/ Protocol HTTP/1.1 Server 62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR), Reverse DNS Software / Resource Hash `206e053d7f227b837c7bcf4ec3a6289e1e0ba6eca6d4cd5f73a55f13d0974911` Request headers Referer https://qnbfinansbankesi.com/TR/index_files/FinansbankLoginStyle.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Wed, 09 May 2018 08:58:15 GMT Via Copyright Finansbank A.S. Expires Thu, 09 May 2019 08:58:15 GMT Cache-Control max-age=31536000 ,public Content-Length 32633 Connection Keep-Alive Content-Type image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Finansbank (Banking)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.qnbfinansbankesi.com/	1970-01-19 00:49:51	Name: __cfduid Value: dcf695a222514e71dfdabea06751da0a41526655880

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

internetsubesi.qnbfinansbank.com
qnbfinansbankesi.com
seal.globalsign.com
ssif1.globalsign.com
104.24.126.204
104.24.127.204
198.41.215.154
62.108.64.94
023234d27727597531ea8f4bb17689c0a72065cbf894fa4d5431619074fd8784
1add688782519f1f33deaf5a1a2042b51a6c25db796af48796ff4eada25231e9
206e053d7f227b837c7bcf4ec3a6289e1e0ba6eca6d4cd5f73a55f13d0974911
25e9a8613f27a1ef95b69fde6317e012e51168db94a6cca207a7eff6d76d69ab
4288f17db6c0ddf260f7a73a8d40ddd2dbde9b0ce30fef8b7b4844c291a4a041
6808ca18e58479c6cbcdba51591d3bfa58f4cb75c6a23f13afa418ceec50f650
78f5f2bc9315d1c7371fb1a4d6480a9e7625bafe95e84fcda47e3552c561c02a
7f9856451b35e2bdad8f886132298558d91a43acdf686f40e18d3d95ba01eb32
875d526ba0fe340d3643353968c5d19bfad603af7b35d25f74c15e47704e7610
8b0bd6f54d36ad05ec14dda8b2450a9af826ac4030f304c6efbe460a679fc6ac
8f0ce7a451aca53c1c25686de641067fd9eef2c40298e847593b52079da46c4b
9a2765ce8c2c1b3ab845aa9d69528351bf4f9bce5c1142479be9a5c7a7865577
a05826090ec74ff3f28479211fd28065237aa75fb9c7ba2bb320c731a5e45f70
a900fda991cc346407c33cbc88ce237afc6c76d91962e49de1bbf30e1c3b9e23
c63fb77054d1a2ccffdd32fcffff802e34543cc6d28fa2580e29d2c05f271f64
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d74b1fa656995627ce5e8b0839a62b0ffd54b8de7be4f2e40eae2c92b968c8
e9994361f5db84baab29c86c11dfe2eb18501a3208b7620e248c9ba87b4fa00d

qnbfinansbankesi.com Open in urlscan Pro 104.24.127.204 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

58 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

98 kBTransfer

142 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

1 Cookies

Indicators

qnbfinansbankesi.com Open in urlscan Pro
104.24.127.204 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

58 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

98 kB
Transfer

142 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!