sporcununagahalkbabasi.vip Open in urlscan Pro
92.205.172.44 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sporcununagahalkbabasi.vip/
Submission: On September 15 via api (September 15th 2024, 9:51:17 am UTC) from TR — Scanned from FR

Summary HTTP 33 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 33 HTTP transactions. The main IP is 92.205.172.44, located in France and belongs to GODADDY-SXB, DE. The main domain is sporcununagahalkbabasi.vip.
TLS certificate: Issued by R11 on September 13th 2024. Valid for: 3 months.

This is the only time sporcununagahalkbabasi.vip was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Halkbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
25	92.205.172.44 92.205.172.44	21499 (GODADDY-SXB) (GODADDY-SXB)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
1 2	23.53.42.160 23.53.42.160	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:470... 2a02:26f0:4700::17d4:6ec8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a02:26f0:480... 2a02:26f0:480:58c::228b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
33	5

25 92.205.172.44 (France)

ASN21499 (GODADDY-SXB, DE)
PTR: 44.172.205.92.host.secureserver.net

sporcununagahalkbabasi.vip	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.53.42.160 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-42-160.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:4700::17d4:6ec8 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:58c::228b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

csp.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	sporcununagahalkbabasi.vip sporcununagahalkbabasi.vip	415 KB
6	secureserver.net events.api.secureserver.net — Cisco Umbrella Rank: 13374 csp.secureserver.net — Cisco Umbrella Rank: 13439	580 B
2	wsimg.com 1 redirects img1.wsimg.com — Cisco Umbrella Rank: 10397	21 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 808	31 KB
33	4

	Domain	Requested by
25	sporcununagahalkbabasi.vip	sporcununagahalkbabasi.vip code.jquery.com
4	csp.secureserver.net	img1.wsimg.com
2	events.api.secureserver.net	img1.wsimg.com
2	img1.wsimg.com	1 redirects sporcununagahalkbabasi.vip
1	code.jquery.com	sporcununagahalkbabasi.vip
33	5

This site contains links to these domains. Also see Links.

Domain
www.halkbank.com.tr
www.halkbankkobi.com.tr
www.parafcard.com.tr

Subject Issuer	Validity	Valid
sporcununabsda342bdasiaraba.com R11	`2024-09-13` - `2024-12-12`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2024-07-15` - `2025-08-16`	a year	crt.sh
*.secureserver.net Starfield Secure Certificate Authority - G2	`2023-10-10` - `2024-11-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sporcununagahalkbabasi.vip/
Frame ID: 5355D31424355294F2C5E17FB52308A7
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Halkbank İnternet Şubesi

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<(?:div|html)[^>]+ng-app=

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

33
Requests

97 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

4
Countries

467 kB
Transfer

1561 kB
Size

3
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: http://www.halkbank.com.tr/

Search URL Search Domain Scan URL

URL: https://www.halkbank.com.tr/tr/dijital-bankacilik/internet-bankaciligi/halkbank-internet-subesi/guvenlik.html
Title: Güvenliğiniz için Halkbank İnternet Şubesi girişlerinde; cep telefonu numarası, marka ve modeli bilgileriniz istenmez. Detaylı bilgi için tıklayınız

Search URL Search Domain Scan URL

URL: http://www.halkbankkobi.com.tr/
Title: A’dan Z’ye KOBİ’ye dair her şey halkbankkobi.com.tr’de! Detaylar için tıklayınız

Search URL Search Domain Scan URL

URL: https://www.halkbank.com.tr/tr/dijital-bankacilik/dialog/dialog/nasil-uye-olabilirim.html
Title: Hızlı ve güvenli bankacılığın yeni numarası: 0850 222 0 400 Halkbank Dialog 0850 222 0 401 Halkbank KOBİ Dialog

Search URL Search Domain Scan URL

URL: https://www.halkbank.com.tr/tr/sikca-sorulan-sorular.html
Title: Sıkça Sorulan Sorular

Search URL Search Domain Scan URL

URL: https://www.halkbank.com.tr/tr/sube-atm-arama.html
Title: ATM ve Şubeler

Search URL Search Domain Scan URL

URL: https://www.halkbank.com.tr/tr/dijital-bankacilik/internet-bankaciligi/halkbank-internet-subesi/planli-kesintiler.html
Title: Duyurular

Search URL Search Domain Scan URL

URL: https://www.halkbank.com.tr/tr/musteri-haklari/mutlu-musteri-merkezi.html
Title: Mutlu Müşteri Merkezi Halkbank olarak siz değerli müşterilerimizin taleplerini önemsiyoruz.

Search URL Search Domain Scan URL

URL: http://www.parafcard.com.tr/
Title: Paraf Card Kredi Kartı Dünyasında Ayrıcalıklar Bu Paraf’ta!

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js

33 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
sporcununagahalkbabasi.vip/ 41 KB
7 KB 114ms
49ms Document
text/html 92.205.172.44
GODADDY-SXB

General

Domain/Path	Expires	Name / Value
.sporcununagahalkbabasi.vip/	1970-01-21 08:18:49	Name: _tccl_visitor Value: 16cac438-9f65-4ddb-831e-c6689ec06264
.sporcununagahalkbabasi.vip/	1970-01-20 23:33:15	Name: _tccl_visit Value: 16cac438-9f65-4ddb-831e-c6689ec06264
.sporcununagahalkbabasi.vip/	1970-01-20 23:33:15	Name: _scc_session Value: pc=1&C_TOUCH=2024-09-15T09:51:11.741Z

Source	Level	URL Text
network	error	URL: https://sporcununagahalkbabasi.vip/InternetBankingHost/Features/wwwroot/statics/js/vb-all.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://sporcununagahalkbabasi.vip/(Line 269) Message: A input tag was parsed inside of a <select> which caused a </select> to be inserted before this tag. This is not valid HTML and the behavior may be changed in future versions of chrome.
network	error	URL: https://sporcununagahalkbabasi.vip/InternetBankingHost/Features/wwwroot/VeriBranch.Web/Modules/veribranch.directives.js Message: Failed to load resource: the server responded with a status of 404 ()
recommendation	warning	URL: https://sporcununagahalkbabasi.vip/ Message: [DOM] Found 2 elements with non-unique id #PasswordField: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	warning	URL: https://sporcununagahalkbabasi.vip/ Message: [DOM] Found 2 elements with non-unique id #Username: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://sporcununagahalkbabasi.vip/ Message: [DOM] Password forms should have (optionally hidden) username fields for accessibility: (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://sporcununagahalkbabasi.vip/ Message: [DOM] Password forms should have (optionally hidden) username fields for accessibility: (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://sporcununagahalkbabasi.vip/img/favicon/2favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

sporcununagahalkbabasi.vip Open in urlscan Pro 92.205.172.44 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

33 Requests

97 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

5 IPs

4 Countries

467 kBTransfer

1561 kBSize

3 Cookies

9 Outgoing links

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

sporcununagahalkbabasi.vip Open in urlscan Pro
92.205.172.44 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

97 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

4
Countries

467 kB
Transfer

1561 kB
Size

3
Cookies

33 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!