tumteknoloji.com Open in urlscan Pro
65.108.5.22 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tumteknoloji.com/wp-content/plugins/alternatives
Effective URL:
https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPL...
Submission: On October 02 via api (October 2nd 2021, 5:16:14 pm UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 65.108.5.22, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is tumteknoloji.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 2nd 2021. Valid for: 3 months.

This is the only time tumteknoloji.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3 10	65.108.5.22 65.108.5.22	24940 (HETZNER-AS) (HETZNER-AS)
2	104.16.18.94 104.16.18.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	3

10 65.108.5.22 (Helsinki, Finland) 3 redirects

ASN24940 (HETZNER-AS, DE)
PTR: tr.hostingkontrol.com

tumteknoloji.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.tumteknoloji.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.18.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	tumteknoloji.com 3 redirects tumteknoloji.com www.tumteknoloji.com	78 KB
2	cloudflare.com cdnjs.cloudflare.com	69 KB
10	2

	Domain	Requested by
9	tumteknoloji.com	3 redirects tumteknoloji.com
2	cdnjs.cloudflare.com	tumteknoloji.com
1	www.tumteknoloji.com	tumteknoloji.com
10	3

This site contains no links.

Subject Issuer	Validity	Valid
tumteknoloji.com cPanel, Inc. Certification Authority	`2021-10-02` - `2021-12-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Frame ID: CE904707E518D31287C779518021869D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://tumteknoloji.com/wp-content/plugins/alternatives HTTP 301
https://tumteknoloji.com/wp-content/plugins/alternatives/ HTTP 302
https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5Rs... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

162 kB
Transfer

549 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tumteknoloji.com/wp-content/plugins/alternatives HTTP 301
https://tumteknoloji.com/wp-content/plugins/alternatives/ HTTP 302
https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://tumteknoloji.com/css/jquery.mobile.css?v=19.12.00 HTTP 301
https://www.tumteknoloji.com/css/jquery.mobile.css?v=19.12.00

Request Chain 8

https://tumteknoloji.com/wp-content/plugins/alternatives/javascript/myriad.woff2 HTTP 301
https://www.tumteknoloji.com/wp-content/plugins/alternatives/javascript/myriad.woff2

10 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request indexs.php Show response
tumteknoloji.com/wp-content/plugins/alternatives/
Redirect Chain

https://tumteknoloji.com/wp-content/plugins/alternatives
https://tumteknoloji.com/wp-content/plugins/alternatives/
https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC

9 KB
3 KB

85ms
85ms

Document
text/html

65.108.5.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.108.5.22 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: tr.hostingkontrol.com
Software: LiteSpeed / PHP/7.2.34
Resource Hash: af32dd61a7a818af56fba7005751bf84c5137b7f952ae9bba83b566374ed33ff

Request headers

:method: GET
:authority: tumteknoloji.com
:scheme: https
:path: /wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
cookie: PHPSESSID=52dbbdec9ec6a809879ef1b1d5ee2cc5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

x-powered-by: PHP/7.2.34
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Sat, 02 Oct 2021 17:16:10 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Redirect headers

x-powered-by: PHP/7.2.34
set-cookie: PHPSESSID=52dbbdec9ec6a809879ef1b1d5ee2cc5; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 02 Oct 2021 17:16:09 GMT
server: LiteSpeed

GET
H3 200 style.css
tumteknoloji.com/wp-content/plugins/alternatives/css/ 4 KB
964 B 27ms
27ms Stylesheet
text/css 65.108.5.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tumteknoloji.com/wp-content/plugins/alternatives/css/style.css
Requested by: Host: tumteknoloji.com
URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.108.5.22 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: tr.hostingkontrol.com
Software: LiteSpeed /
Resource Hash: 86faeab09e16d426a818bb33e89eb231d3c005905ecfa88e11365e50768e3b1c

Request headers

:path: /wp-content/plugins/alternatives/css/style.css
pragma: no-cache
cookie: PHPSESSID=52dbbdec9ec6a809879ef1b1d5ee2cc5
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tumteknoloji.com
referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 17:16:10 GMT
content-encoding: br
last-modified: Mon, 28 Oct 2019 09:43:22 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 872
expires: Sat, 09 Oct 2021 17:16:10 GMT

GET
H2

404

jquery.mobile.css
www.tumteknoloji.com/css/
Redirect Chain

https://tumteknoloji.com/css/jquery.mobile.css?v=19.12.00
https://www.tumteknoloji.com/css/jquery.mobile.css?v=19.12.00

0
0

224ms
210ms

Stylesheet
text/html

65.108.5.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tumteknoloji.com/css/jquery.mobile.css?v=19.12.00
Requested by: Host: tumteknoloji.com
URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.108.5.22 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: tr.hostingkontrol.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tumteknoloji.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

date: Sat, 02 Oct 2021 17:16:10 GMT
server: LiteSpeed
x-powered-by: PHP/7.2.34
content-type: text/html; charset=UTF-8
location: https://www.tumteknoloji.com/css/jquery.mobile.css?v=19.12.00
cache-control: no-cache, must-revalidate, max-age=0
content-length: 0
x-redirect-by: WordPress
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3 200 desktop-tablet.combined.css
tumteknoloji.com/wp-content/plugins/alternatives/css/ 192 KB
30 KB 31ms
29ms Stylesheet
text/css 65.108.5.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tumteknoloji.com/wp-content/plugins/alternatives/css/desktop-tablet.combined.css
Requested by: Host: tumteknoloji.com
URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.108.5.22 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: tr.hostingkontrol.com
Software: LiteSpeed /
Resource Hash: 1f3fd405c64b807d88a6f32a0b972c38e9ca66f3380ca051d7c8038c5b96b880

Request headers

:path: /wp-content/plugins/alternatives/css/desktop-tablet.combined.css
pragma: no-cache
cookie: PHPSESSID=52dbbdec9ec6a809879ef1b1d5ee2cc5
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tumteknoloji.com
referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 17:16:10 GMT
content-encoding: br
last-modified: Mon, 28 Oct 2019 09:43:22 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 30773
expires: Sat, 09 Oct 2021 17:16:10 GMT

GET
H3 200 archer.css
tumteknoloji.com/wp-content/plugins/alternatives/css/ 21 KB
16 KB 46ms
45ms Stylesheet
text/css 65.108.5.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tumteknoloji.com/wp-content/plugins/alternatives/css/archer.css
Requested by: Host: tumteknoloji.com
URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.108.5.22 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: tr.hostingkontrol.com
Software: LiteSpeed /
Resource Hash: addf96fe07895d750d00834b2cf4e66bd6cfb25364a40bde81c8464e00698947

Request headers

:path: /wp-content/plugins/alternatives/css/archer.css
pragma: no-cache
cookie: PHPSESSID=52dbbdec9ec6a809879ef1b1d5ee2cc5
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: tumteknoloji.com
referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 17:16:10 GMT
content-encoding: br
last-modified: Mon, 28 Oct 2019 09:43:22 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 16405
expires: Sat, 09 Oct 2021 17:16:10 GMT

GET
H3 200 masthead-img-logo.svg
tumteknoloji.com/wp-content/plugins/alternatives/images/ 6 KB
2 KB 54ms
54ms Image
image/svg+xml 65.108.5.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tumteknoloji.com/wp-content/plugins/alternatives/images/masthead-img-logo.svg
Requested by: Host: tumteknoloji.com
URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.108.5.22 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: tr.hostingkontrol.com
Software: LiteSpeed /
Resource Hash: 5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe

Request headers

:path: /wp-content/plugins/alternatives/images/masthead-img-logo.svg
pragma: no-cache
cookie: PHPSESSID=52dbbdec9ec6a809879ef1b1d5ee2cc5
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: tumteknoloji.com
referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 17:16:10 GMT
content-encoding: br
last-modified: Wed, 27 Nov 2019 11:59:36 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2196
expires: Sat, 09 Oct 2021 17:16:10 GMT

GET
H2 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ 256 KB
64 KB 42ms
19ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js

Requested by

Host: tumteknoloji.com
URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tumteknoloji.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 17:16:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 469706
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 64839
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-40023"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7fhM9tYQ%2BVfIBuR3LYWc31KVR2afNzE8geC%2FaGLBctqL9vf1IU0VgLi5P1iS1tooIMfoNNno3M4qjKV3RFO5z4bUFF5LmNZjPaDyiU8H%2BmO60BZooo2sTG18cFGBKnMRUMt89Hn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 697f93b3293621a5-DUS
expires: Thu, 22 Sep 2022 17:16:10 GMT

GET
H2 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 20 KB
5 KB 53ms
30ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tumteknoloji.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 17:16:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 468030
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4517
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-4e98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJb%2FwkXHTyeVjH%2B0q9jyNmudSAcnGq8fZo%2FocGxgUYNQTyFt7YMVtXcViqSA%2BYdDkVZeAqvSROcZBl229JNnaMvs%2B8QWbZ%2Buq72NKYJo8vdS8GXqCR243zh%2ByYPMmTbnuBZ1IFBV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 697f93b3293721a5-DUS
expires: Thu, 22 Sep 2022 17:16:10 GMT

GET
DATA 200
OK truncated
/ 428 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET

myriad.woff2
www.tumteknoloji.com/wp-content/plugins/alternatives/javascript/
Redirect Chain

https://tumteknoloji.com/wp-content/plugins/alternatives/javascript/myriad.woff2
https://www.tumteknoloji.com/wp-content/plugins/alternatives/javascript/myriad.woff2

0
0

GET
DATA 200
OK truncated
/ 16 KB
16 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e96b46a59ee68d66d600ccd8ce06ac4144a225e5125a8ad23ddaf024e09d71eb

Request headers

Referer
Origin: https://tumteknoloji.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: application/x-font-woff

GET
H3 200 awe.woff
tumteknoloji.com/wp-content/plugins/alternatives/javascript/ 25 KB
25 KB 27ms
26ms Font
font/woff 65.108.5.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tumteknoloji.com/wp-content/plugins/alternatives/javascript/awe.woff
Requested by: Host: tumteknoloji.com
URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.108.5.22 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: tr.hostingkontrol.com
Software: LiteSpeed /
Resource Hash: 8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef

Request headers

sec-fetch-mode: cors
origin: https://tumteknoloji.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: PHPSESSID=52dbbdec9ec6a809879ef1b1d5ee2cc5
:path: /wp-content/plugins/alternatives/javascript/awe.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: tumteknoloji.com
referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC
Origin: https://tumteknoloji.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 17:16:11 GMT
last-modified: Mon, 09 Dec 2019 12:07:20 GMT
server: LiteSpeed
content-type: font/woff
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 25244
expires: Sat, 09 Oct 2021 17:16:11 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.tumteknoloji.com
URL: https://www.tumteknoloji.com/wp-content/plugins/alternatives/javascript/myriad.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			tumteknoloji.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 52dbbdec9ec6a809879ef1b1d5ee2cc5

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.tumteknoloji.com/css/jquery.mobile.css?v=19.12.00 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://tumteknoloji.com/wp-content/plugins/alternatives/indexs.php?sslmode=true&access_token=HBkx5RseYr8RPoNMR0O4ZxROVPLn0GjgsPDFELBJhv2o5QCsFx8bApKq6YPun7kdQP0JOsA3dpb1Z2QC Message: Access to font at 'https://www.tumteknoloji.com/wp-content/plugins/alternatives/javascript/myriad.woff2' (redirected from 'https://tumteknoloji.com/wp-content/plugins/alternatives/javascript/myriad.woff2') from origin 'https://tumteknoloji.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.tumteknoloji.com/wp-content/plugins/alternatives/javascript/myriad.woff2 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
tumteknoloji.com
www.tumteknoloji.com
www.tumteknoloji.com
104.16.18.94
65.108.5.22
03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3
1f3fd405c64b807d88a6f32a0b972c38e9ca66f3380ca051d7c8038c5b96b880
5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
86faeab09e16d426a818bb33e89eb231d3c005905ecfa88e11365e50768e3b1c
8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef
addf96fe07895d750d00834b2cf4e66bd6cfb25364a40bde81c8464e00698947
af32dd61a7a818af56fba7005751bf84c5137b7f952ae9bba83b566374ed33ff
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
e96b46a59ee68d66d600ccd8ce06ac4144a225e5125a8ad23ddaf024e09d71eb

tumteknoloji.com Open in urlscan Pro 65.108.5.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

90 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

162 kBTransfer

549 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

tumteknoloji.com Open in urlscan Pro
65.108.5.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

162 kB
Transfer

549 kB
Size

1
Cookies

10 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!