online-halkbireysel.com
Open in
urlscan Pro
104.27.148.113
Malicious Activity!
Public Scan
Submitted URL: http://online-halkbireysel.com/InternetBankingHost/HostLogin
Effective URL: https://online-halkbireysel.com/InternetBankingHost/HostLogin
Submission: On April 03 via automatic, source twitter_illegalFawn
Effective URL: https://online-halkbireysel.com/InternetBankingHost/HostLogin
Submission: On April 03 via automatic, source twitter_illegalFawn
Summary
This website contacted 4 IPs
in 2 countries
across 2 domains to perform 35 HTTP transactions.
The main IP is 104.27.148.113, located in
San Francisco, United States and
belongs to CLOUDFLARENET - Cloudflare, Inc., US.
The main domain is online-halkbireysel.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on April 2nd 2018. Valid for: 6 months.
This is the only time online-halkbireysel.com was scanned on urlscan.io!
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on April 2nd 2018. Valid for: 6 months.
This is the only time online-halkbireysel.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Halkbank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 104.27.149.113 104.27.149.113 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 33 | 104.27.148.113 104.27.148.113 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
| 1 | 67.202.94.93 67.202.94.93 | 32748 (STEADFAST) (STEADFAST - Steadfast) | |
| 35 | 4 |
1
104.27.149.113
(San Francisco, United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| online-halkbireysel.com |
33
104.27.148.113
(San Francisco, United States)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| online-halkbireysel.com |
1
67.202.94.93
(Chicago, United States)
ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us
ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us
| whos.amung.us |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 34 |
online-halkbireysel.com
1 redirects
online-halkbireysel.com |
1 MB |
| 2 |
amung.us
widgets.amung.us whos.amung.us |
3 KB |
| 35 | 2 |
| Domain | Requested by | |
|---|---|---|
| 34 | online-halkbireysel.com |
1 redirects
online-halkbireysel.com
|
| 1 | whos.amung.us |
widgets.amung.us
|
| 1 | widgets.amung.us |
online-halkbireysel.com
|
| 35 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.halkbankkobi.com.tr |
| www.parafcard.com.tr |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni207145.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-04-02 - 2018-10-09 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://online-halkbireysel.com/InternetBankingHost/HostLogin
Frame ID: 29045BA4144AAC46A10133BDCBA397DF
Requests: 36 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://online-halkbireysel.com/InternetBankingHost/HostLogin
HTTP 301
https://online-halkbireysel.com/InternetBankingHost/HostLogin Page URL
Detected technologies
Highcharts
(JavaScript Graphics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^Highcharts$/i
AngularJS
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^angular$/i
Mustache
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^Mustache$/i
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /cloudflare/i
Moment.js
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^moment$/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^jQuery$/i
Twitter Bootstrap () Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: http://www.halkbankkobi.com.tr/
Title: A’dan Z’ye KOBİ’ye dair herşey halkbankkobi.com.tr’de! Detaylar için tıklayınız
Title: A’dan Z’ye KOBİ’ye dair herşey halkbankkobi.com.tr’de! Detaylar için tıklayınız
Search URL Search Domain Scan URL
URL: http://www.parafcard.com.tr/
Title: Paraf Card Kredi Kartı Dünyasında Ayrıcalıklar Bu Paraf’ta!
Title: Paraf Card Kredi Kartı Dünyasında Ayrıcalıklar Bu Paraf’ta!
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://online-halkbireysel.com/InternetBankingHost/HostLogin
HTTP 301
https://online-halkbireysel.com/InternetBankingHost/HostLogin Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
35 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
HostLogin
online-halkbireysel.com/InternetBankingHost/ Redirect Chain
|
23 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
online-halkbireysel.com//skin/sa/css/ |
138 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
production.min.css
online-halkbireysel.com//skin/sa/css/ |
210 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
production-plugins.min.css
online-halkbireysel.com//skin/sa/css/ |
138 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
skins.min.css
online-halkbireysel.com//skin/sa/css/ |
472 KB 71 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
veribranch-all.css
online-halkbireysel.com//skin/sa/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
receipt.css
online-halkbireysel.com//skin/sa/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
plugins-all.css
online-halkbireysel.com//skin/css/ |
70 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hblogo2.svg
online-halkbireysel.com//skin/img/ |
20 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HB_lock.png
online-halkbireysel.com//skin/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HB_lock-white.png
online-halkbireysel.com//skin/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-all.js
online-halkbireysel.com//skin/js/ |
472 KB 101 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular-all.js
online-halkbireysel.com//skin/js/ |
614 KB 131 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
plugins-all.js
online-halkbireysel.com//skin/js/ |
1 MB 232 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
highcharts-all.js
online-halkbireysel.com//skin/js/ |
343 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dataTables-all.js
online-halkbireysel.com//skin/js/ |
236 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vb-all.js
online-halkbireysel.com//skin/js/ |
137 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
veribranch.directives.js
online-halkbireysel.com//skin/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login-app-all.js
online-halkbireysel.com//skin/js/ |
20 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sa-all.js
online-halkbireysel.com//skin/js/ |
305 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
small.js
widgets.amung.us/ |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
blank.gif
online-halkbireysel.com//skin/sa/img/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
paraf.svg
online-halkbireysel.com//skin/sa/img/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
GUVENLIK.png
online-halkbireysel.com//skin/sa/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login-mmm.svg
online-halkbireysel.com//skin/sa/img/icons/svg/white/ |
1 KB 1018 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg.jpg
online-halkbireysel.com//skin/sa/img/ |
322 KB 323 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
white-arrow.png
online-halkbireysel.com//skin/sa/img/ |
219 B 664 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto-v18-latin_latin-ext-regular.woff2
online-halkbireysel.com//skin/sa/fonts/Roboto/ |
21 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fontawesome-webfont.woff2
online-halkbireysel.com//skin/sa/fonts/ |
63 KB 63 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto-v18-latin_latin-ext-700.woff2
online-halkbireysel.com//skin/sa/fonts/Roboto/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto-v18-latin_latin-ext-500.woff2
online-halkbireysel.com//skin/sa/fonts/Roboto/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Gotham-Bold.woff
online-halkbireysel.com//skin/sa/fonts/gotham/ |
11 KB 12 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto-v18-latin_latin-ext-italic.woff2
online-halkbireysel.com//skin/sa/fonts/Roboto/ |
23 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
DownArrowWhite.png
online-halkbireysel.com//skin/sa/img/Halkbank/ |
188 B 514 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
/
whos.amung.us/pingjs/ |
30 B 163 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Halkbank (Banking)120 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _wau function| $ function| jQuery object| angular object| WAU_ren function| WAU_small function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_cps function| docReady function| Swiper function| msieversion function| removeBtn function| initializeSearchButton function| resizeQuestion function| resize function| tabPos function| tabLiSar function| detailButtons function| eventActiveClass function| calendarFirstClick function| activateCell function| IconEdit function| resizeDragCol function| BlockBackspace function| clickIE function| clickNS function| TokenTypeChanged function| RedirectToSecurityLevelUpdateQuestions function| PostQuestionForm function| CheckJquery boolean| mobil boolean| ie number| mobilG undefined| cc_question_sections undefined| question_steps string| pageTitle object| BG object| header object| HtmlPanel object| item object| back_to_top function| _ function| JSZip function| moment function| Sortable function| $script object| Mustache function| Dropzone function| Tour object| rangy string| textAngular object| amplify object| Highcharts object| HighchartsAdapter function| TableTools function| ResponsiveDatatablesHelper object| ZeroClipboard_TableTools function| __extends object| veribranch function| VB object| VeriBranch object| System object| app function| __decorate object| root boolean| debugState string| debugStyle string| debugStyle_green string| debugStyle_red string| debugStyle_warning string| debugStyle_success string| debugStyle_error number| throttle_delay number| menu_speed boolean| menu_accordion boolean| enableJarvisWidgets boolean| localStorageJarvisWidgets boolean| sortableJarvisWidgets boolean| enableMobileWidgets boolean| fastClick object| boxList object| showList object| nameList object| idList object| chatbox_config object| ignore_key_elms boolean| voice_command boolean| voice_command_auto string| voice_command_lang boolean| voice_localStorage object| commands function| FastClick function| runAllForms function| runAllCharts function| setup_widgets_desktop function| setup_widgets_mobile function| loadScript function| checkURL function| loadURL function| drawBreadCrumb function| pageSetUp function| getParam function| calc_navbar_height function| navbar_height object| shortcut_dropdown object| bread_crumb boolean| topmenu string| thisDevice boolean| ismobile object| jsArray object| initApp undefined| gMapsLoaded object| x string| x1 string| x2 object| Tynt1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .online-halkbireysel.com/ | Name: __cfduid Value: d7d5addc37f197e9edd84417b156ab2851522756282 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
online-halkbireysel.com
whos.amung.us
widgets.amung.us
104.27.148.113
104.27.149.113
185.225.208.133
67.202.94.93
0b703cc97ee3e674ea878105829684f5a96a5446946b8e1feb6d1a219a8cf750
150515bdd6a0afb734c18307eba842fe07df15ed730aa5ed22d18959947e7e1f
1f03b3082883c94de09ea4c0b38092a45f2f7ca60c14889818a3e19057da34b8
2c56c9bbd605eaa21945498ea1e28d8d3030319dd57a9e22afa7732789cf30ce
325edb684e74b81d6691f759acedbe60b0e9cba0eda3cac585e7f1a2326d92f3
33924ac593fafdd560c2fb9a7b58377fcd785bcf49a80422aba05b9ae479095e
38240fa84cf5f6324484dc415b37ec46628bedc4df6347b99b2363549eaec1ba
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
4bcd56a6d5033882b6f672b5832611c7f166101849b37c0963387b2d9e6d1cbf
4ce1b2cf7ca8079968036304a82db60fb203089f5264fcfcb6825e64aa46dd19
50fd99c7ba443da1d3f8455af419e9a623c7a87013c82580129c7461a9804f27
54f2cc06d33614cde82182ddb6adaf77cff61302b234114c35544ddad28e8b6f
5ad8c384c7e36293ffd28fc05d9261539907c2d1b45372548f9a7b86f0dec7bd
5dce1529451ca28870b87a2f034cd462558d3830f99e8ac3c22a3a3445191a4d
614ecf3adfe278c9a3923c23c0ebd274e267194b22fea4e741d16ae4fec5b413
6abda10c69ad170f0f2f6acb4e46d558015b970dfe07aacddd36162b96660480
75db49aaab6a2ad3ac3a3da5599e0542a7b08901c309d5c5f466fd353766a6fa
7937ef1c860d6f68add3a04c81d4616693ac69f477dd81fb288660052ecce080
82c38966befbc04ee41e9940c4188dfbe185f581436a82625ac901358a6317a7
8cefb7307a8a5c9d26cab8f927199cb39ad6d16406411c0d0476e3a6bf041b1d
8e28d20a53e80ddee0d821da6558113262812bab4d801c3902e740e24d765e4b
929c9acb73530a412324d05d604ddec6eaab1c86a40d8ef59e3003b9e899040b
9313b826be1e50da9e240b43b515c91214bc72d506b20d1dddbeeca6ebdd1bee
9470ae058f702584ebb4478bc012930c52025e5f6a5deae8f739abf99dada3c0
958a97b989edf9578051bca84e3962f31ba5d3c8d8c137f0bfefdce5f6ddf36e
bdd63f5568743c7211e4c530a9544fa294f11db49b2a76bbc44c02b8259b6913
c6a9da998ff4b8b121020abd635868f6430d83167f1b7cb5899185f5022ec4a0
c9659f21da82f202dc8409f3292f52b775793d94c0e5f69e6bdadfb5591a3028
cc8c5b8fdc333b4e97cd8d17ff9ea1a5feaa973973f0101be4dbf7d0d70dfc48
ccbef6fde11449370ccec521a1b6d089030367a5b5aa75bf950925077286db1d
d0759263025ff6b8f33da27562e5f1fa2194294bd70a26240fa13fe3b97ccf4d
d0afee8133cf8a8d0d7e15c787bb7dc6f8e6cddf54fb9c63da7cb78565aed6e5
d99b45196231f269fa69f0a33afee53819256e00bcad490b88d090c27687169e
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
f9bc132980c62433dfd76631f5a602fd1bf318141d67ebb6b70b4d3cc92555b0
fa895aad80366bcd0abb6c52554f13e33cf99a494bb6a539c52aeb2b03a53dd2