urlscan.io logo urlscan.io
SecurityTrails logo

www.ziraatbddk.com Open in urlscan Pro
160.153.207.96  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.ziraatbddk.com/
Submission: On September 18 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 160.153.207.96, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is www.ziraatbddk.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 18th 2019. Valid for: 2 years.
This is the only time www.ziraatbddk.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ziraat Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 160.153.207.96 26496 (AS-26496-...)
4 194.24.224.11 31471 (FINTEK-AS)
1 2620:0:862:ed... 14907 (WIKIMEDIA)
1 148.251.128.206 24940 (HETZNER-AS)
11 5
Domain Requested by
4 bireysel.ziraatbank.com.tr www.ziraatbddk.com
1 i.hizliresim.com www.ziraatbddk.com
1 upload.wikimedia.org www.ziraatbddk.com
1 www.ziraatbddk.com
11 4

This site contains links to these domains. Also see Links.

Domain
bireysel.ziraatbank.com.tr
Subject Issuer Validity Valid
ziraatbddk.com
Go Daddy Secure Certificate Authority - G2		 2019-09-18 -
2021-09-18		 2 years crt.sh
bireysel.ziraatbank.com.tr
COMODO RSA Extended Validation Secure Server CA		 2019-03-19 -
2021-04-17		 2 years crt.sh
*.wikipedia.org
GlobalSign Organization Validation CA - SHA256 - G2		 2018-11-08 -
2019-11-22		 a year crt.sh
hizliresim.com
Let's Encrypt Authority X3		 2019-07-23 -
2019-10-21		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.ziraatbddk.com/
Frame ID: C83688DA8368A579D217A5FB8D7CEBB5
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

11
Requests

64 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

374 kB
Transfer

1141 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.ziraatbddk.com/ 		14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ziraatbddk.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.153.207.96 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS
ip-160-153-207-96.ip.secureserver.net
Software
Apache / PHP/5.6.40
Resource Hash
e06d93fac582721cf03ad7d441d2f1426fbc372db4658c560f3cfd20a674677b

Request headers

:method
GET
:authority
www.ziraatbddk.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Wed, 18 Sep 2019 22:46:08 GMT
server
Apache
x-powered-by
PHP/5.6.40
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
3727
content-type
text/html; charset=UTF-8
plugins.min.css
bireysel.ziraatbank.com.tr/ 		337 KB
63 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bireysel.ziraatbank.com.tr/plugins.min.css?v=0WnwC10Ui67Cf0vF6vDueNbrbYjKGUAdzIZoal3Akf81
Requested by
Host: www.ziraatbddk.com
URL: https://www.ziraatbddk.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
194.24.224.11 , Turkey, ASN31471 (FINTEK-AS, TR),
Reverse DNS
Software
zws /
Resource Hash
24cc27ac470b95e9aef2d3005e953f834990ade17909f6f0c44436ead2b3f4a8
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.ziraatbddk.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 18 Sep 2019 22:45:58 GMT
Via
ZB
X-Content-Type-Options
nosniff
Age
10
ntCoent-Length
345310
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
63638
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 18 Sep 2019 22:45:59 GMT
Server
zws
Cache-Control
private
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
domain
Xet-Cookie
Expires
Thu, 17 Sep 2020 22:45:59 GMT
sub.min.css
bireysel.ziraatbank.com.tr/ 		342 KB
60 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bireysel.ziraatbank.com.tr/sub.min.css?v=8brv9euGblT9sc2jpmZOjaAwF-SL4hH1YBXNzxVgYPQ1
Requested by
Host: www.ziraatbddk.com
URL: https://www.ziraatbddk.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
194.24.224.11 , Turkey, ASN31471 (FINTEK-AS, TR),
Reverse DNS
Software
zws /
Resource Hash
08fb506c25718a4fe6cccf176ea1e06a20f299860d167b65b295e50adf21434e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.ziraatbddk.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 18 Sep 2019 22:45:51 GMT
Via
ZB
X-Content-Type-Options
nosniff
Age
18
ntCoent-Length
350639
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
60912
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 18 Sep 2019 22:41:07 GMT
Server
zws
Cache-Control
private
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
domain
Xet-Cookie
Expires
Thu, 17 Sep 2020 22:41:07 GMT
jquery.js
bireysel.ziraatbank.com.tr/ 		313 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bireysel.ziraatbank.com.tr/jquery.js?v=klFRmE9kI4_JXBZiravNytTioJCyo02lcvvaiRkSsEg1
Requested by
Host: www.ziraatbddk.com
URL: https://www.ziraatbddk.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
194.24.224.11 , Turkey, ASN31471 (FINTEK-AS, TR),
Reverse DNS
Software
zws /
Resource Hash
be30d09ed15189746a1b1cd6144dae4a60d7ce05beb6f25e7422610922bff734
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.ziraatbddk.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 18 Sep 2019 22:41:41 GMT
Via
ZB
X-Content-Type-Options
nosniff
Age
268
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
114710
X-XSS-Protection
1; mode=block
Cteonnt-Length
321004
Last-Modified
Wed, 18 Sep 2019 22:41:41 GMT
Server
zws
Cache-Control
private
X-Frame-Options
SAMEORIGIN
Vary
User-Agent
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
domain
Xet-Cookie
Expires
Thu, 17 Sep 2020 22:41:41 GMT
Ziraat_Bankas%C4%B1_logo.png
upload.wikimedia.org/wikipedia/commons/6/69/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.wikimedia.org/wikipedia/commons/6/69/Ziraat_Bankas%C4%B1_logo.png
Requested by
Host: www.ziraatbddk.com
URL: https://www.ziraatbddk.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA - Wikimedia Foundation Inc., US),
Reverse DNS
Software
ATS/8.0.3 /
Resource Hash
c4b2e19f3b2bbb9be867d97cd6d1f2777a0d4189b0916c7b48f66641fcc7db1a
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.ziraatbddk.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-analytics
https=1;nocookies=1
date
Wed, 18 Sep 2019 22:46:08 GMT
age
11731
x-cache-status
hit-front
x-cache
cp3047 hit, cp3044 hit/2
status
200
content-length
30217
server-timing
cache;desc="hit-front"
x-trans-id
txe327723653f44d08baf85-005d8285dd
x-client-ip
2a01:4f8:192:5414::2
x-object-meta-sha1base36
3pjd0aa4y473ne1gwfhf5dh1dqbfn1c
timing-allow-origin
*
last-modified
Sat, 05 Oct 2013 18:31:36 GMT
server
ATS/8.0.3
etag
1e8cd9964801375f77a80cf198fe3c6c
strict-transport-security
max-age=106384710; includeSubDomains; preload
x-varnish
469266575 463139361
access-control-allow-origin
*
x-timestamp
1380997895.01793
accept-ranges
bytes
content-type
image/png
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache, X-Varnish
JVNj8n.png
i.hizliresim.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.hizliresim.com/JVNj8n.png
Requested by
Host: www.ziraatbddk.com
URL: https://www.ziraatbddk.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
148.251.128.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.206.128.251.148.clients.your-server.de
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.ziraatbddk.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
login-bg.jpg
bireysel.ziraatbank.com.tr/Content/assets/img/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bireysel.ziraatbank.com.tr/Content/assets/img/login-bg.jpg?v=20181004
Requested by
Host: www.ziraatbddk.com
URL: https://www.ziraatbddk.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
194.24.224.11 , Turkey, ASN31471 (FINTEK-AS, TR),
Reverse DNS
Software
zws /
Resource Hash
b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://bireysel.ziraatbank.com.tr/sub.min.css?v=8brv9euGblT9sc2jpmZOjaAwF-SL4hH1YBXNzxVgYPQ1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 18 Sep 2019 22:45:40 GMT
Via
ZB
X-Content-Type-Options
nosniff
Age
30
Xet-Cookie
Connection
Keep-Alive
Content-Length
106717
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 23 Jan 2019 12:18:43 GMT
Server
zws
ETag
"809643c815b3d41:0"
X-OPNET-Transaction-Trace
a2_832559a8-cd0a-43dc-8160-53bacbd8072e-6148-1303579
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/jpeg
Access-Control-Allow-Origin
domain
Cache-Control
max-age=604800
Accept-Ranges
bytes
BB78E1BCF28E9E4CC.woff2
bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/ 		0
0
D40DF048D299CA4DD.woff2
bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/ 		0
0
BB78E1BCF28E9E4CC.woff
bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/ 		0
0
D40DF048D299CA4DD.woff
bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bireysel.ziraatbank.com.tr
URL
https://bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff2
Domain
bireysel.ziraatbank.com.tr
URL
https://bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff2
Domain
bireysel.ziraatbank.com.tr
URL
https://bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff
Domain
bireysel.ziraatbank.com.tr
URL
https://bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ziraat Bank (Banking)

225 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| getInternetExplorerVersion function| ForceEqualHeightOnColumns function| GetWhichCode function| isAlphaNumericForPin function| arrangePagerRow function| FcsToCtrl function| showElement function| hideElement function| imageControl function| onFTimeOutClick function| IsValidDate function| IsValidISODate function| dummyLoading function| dummyHideLoading function| appendSpinnerCircles function| getSpinnerHtml function| GetValidationMsg function| CheckAlphaNumericCurrentPinEntry function| CheckDescription function| GetDropDownData function| FilterDropDown function| clearDropDown function| IsInvalidChar function| CheckGivenText function| GetCharacterCode function| IsValidCharacterCode function| getStepContainerData function| isCheckedBox function| hideClass function| showClass function| hideSelector function| showSelector function| alertMSG function| infoMSG function| removeAlertModalDefaults function| successMSG function| hideAlertMSG function| confirmMSG function| confirmMSGWithCallBack function| showConfirm function| hideConfirm function| isCheckedRadioBox function| changeAmountBoxCurrency function| GetSelectedRadioAttributeValue function| GetSelectedRadio function| TcknCheckDigit function| GetDatePickerDate function| GetDatePickerDateYMD function| GetAmount function| GetCustomAmount function| textBoxValue function| textBoxHaveValue function| keyToUpperCase function| toNonTRCharsWithUpperCase function| removeTurkishChars function| toTRUpperCase function| openLightBoxWithUrl function| isValidPhone function| isValidSMSNumber function| isValidPhoneNumber function| exportContent function| exportContentNoDimension function| openExportPage function| printPage function| printPageNoDimension function| printReceipt function| isValidEmail function| convertToUpperCase function| setHasFormChanges function| checkChanges function| GetGridViewSelectedItem function| GetGridViewSelectedItemAttr function| GetCustomerNoFromAccount function| isAlphanumeric function| isNumber function| isString function| isNum function| isDescription function| getCode function| CheckAlphaNumericNewPinEntry function| hasConsecutiveCharacter function| getAllMatches function| maskPanel function| maskElement function| unmaskPanel function| unmaskElement function| VknCheckDigit function| IsFutureDate function| thisBlur function| isValidIBANValue function| isValidIBAN function| isEmpty function| isWhitespace function| checkCharsFromList function| checkControlDigits function| prepareToCalcControlDigits function| convertToNumber function| mod97 function| IsAlphaNumeric function| IsNumeric function| CheckDynamicRegex function| SetDatePickerDate function| navigateTo function| navigateToPage function| RemoveCheckedBox function| DashedCheckboxClicked function| FilterBoxListGridOrg function| FilterBoxListGrid function| GetFormData function| checkPassword function| ResolveIban function| IsZiraatBankIban function| OzIsValidIban function| customGridViewSelect function| isValidIBANTR function| isMsIE function| onInputFocus function| onInputBlur function| fCountDown function| StartLoggOff function| onYesClicked function| onNoClicked function| resetCounter function| CheckForZiraatInvestmentLoginStatus function| CheckForZiraatInvestmentLoginStatusCallBack function| changeAmountBoxAmount function| changeAmount function| ControlVersion function| GetSwfVer function| DetectFlashVer function| AC_AddExtension function| AC_Generateobj function| AC_FL_RunContent function| AC_GetArgs function| disableFlash function| enableFlash function| javaScriptFlicker function| flashFlicker function| showFlicker function| showFlickerTable function| toggleFlickerVisibility function| getFlickerWidth function| resizeFlicker function| resizeFlickerWH function| loadFlickerCookie function| showFlickerActions function| flickerOpenHelper function| flickerSpeedFaster function| flickerSpeedSlower function| calculateMsFromClockSpeed function| showFlickerBackground function| getFlickerCookieValue function| setFlickerCookieValue function| str_repeat function| sprintf function| luhnCalc function| xorCalc function| getASCIIHexFormatForSecOPTICCharacterSet function| getASCIIHexFormatForZKACharacterSet function| normalizeNonASCIIElements function| containsNonDigits function| getLS function| getLbdex function| getHalfByteDezValue function| getXorDataSecOPTIC function| secOPTICFlicker function| getXorDataV14Stuzza function| stuzzaHHD14Flicker function| getXorDataV14 function| hhd14Flicker function| getXorDataV101 function| hhd101Flicker function| AsyncPost function| FrameOutUrl function| TrySettingScrollPosition function| TryShowIframe function| CheckNewTab function| SetNewTabID object| Browser object| ieBrowser object| touchBrowser boolean| isMobile boolean| isMobileRecourse boolean| is_chrome boolean| is_firefox object| validMessageList object| bindedClickFunctions function| delayThis string| whitespaceall string| whitespace string| letters string| digits function| FilterBoxListGridDbn object| selectedCheckBoxes boolean| fTimeoutShowedOnce object| regexHasRepeatedCharacter object| regexHasLetter object| regexHasDigit object| regexBirthDay object| regexBirthDayYear number| birthDayMinYear string| characterAlphabet object| characterAlphabetValues boolean| isIE boolean| isWin boolean| isOpera number| requiredMajorVersion number| requiredMinorVersion number| requiredRevision boolean| globalFlickerPath undefined| globalFlickerCode undefined| globalClockSpeed boolean| globalHasFlash boolean| globalFlashDisabled object| globalTimerSettings function| $ function| jQuery function| dragula function| _ function| moment function| Cookies function| CloseAlertMsg object| VeriBranch

0 Cookies