845342-34325.com Open in urlscan Pro
92.205.144.130 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qe...
Submission: On November 21 via api (November 21st 2024, 3:14:51 am UTC) from TR — Scanned from FR

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 92.205.144.130, located in Strasbourg, France and belongs to GODADDY-SXB Host Europe GmbH, DE. The main domain is 845342-34325.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on November 21st 2024. Valid for: 3 months.

This is the only time 845342-34325.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ziraat Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
16	92.205.144.130 92.205.144.130	21499 (GODADDY-S...) (GODADDY-SXB Host Europe GmbH)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
17	2

16 92.205.144.130 (Strasbourg, France)

ASN21499 (GODADDY-SXB Host Europe GmbH, DE)

845342-34325.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	845342-34325.com 845342-34325.com	403 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	31 KB
17	2

	Domain	Requested by
16	845342-34325.com	845342-34325.com code.jquery.com
1	code.jquery.com	845342-34325.com
17	2

This site contains no links.

Subject Issuer	Validity	Valid
845342-34325.com ZeroSSL RSA Domain Secure Site CA	`2024-11-21` - `2025-02-19`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ
Frame ID: AFDBF721D26379D2B6DF996478AFCC47
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hoş Geldiniz | Ziraat Bankası İnternet Bankacılığı

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

434 kB
Transfer

1422 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response 845342-34325.com/	171 KB 14 KB	144ms 48ms	Document text/html	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / PHP/8.2.24 Resource Hash `0bbdb5e9a60935f82903d27b0f1c817b793790b3105333e754ea1d3dc9ae7c2f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers content-encoding br content-length 14121 content-type text/html; charset=UTF-8 date Thu, 21 Nov 2024 03:14:47 GMT server Apache vary Accept-Encoding x-powered-by PHP/8.2.24
GET H2	200	plugins.min.css 845342-34325.com/Content/assets/bundle/css/	341 KB 49 KB	53ms 52ms	Stylesheet text/css	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/Content/assets/bundle/css/plugins.min.css Requested by Host: 845342-34325.com URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `ee81740f6cc74f3e18b1a459058b371b76febbc1ae8b6365783f17a046212719` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Response headers content-encoding br etag "de243b-555ae-614d7bbf23200-br" accept-ranges bytes content-length 50135 date Thu, 21 Nov 2024 03:14:47 GMT last-modified Sat, 30 Mar 2024 02:44:24 GMT vary Accept-Encoding server Apache content-type text/css
GET H2	200	sub.min.css 845342-34325.com/Content/assets/bundle/css/	541 KB 62 KB	86ms 86ms	Stylesheet text/css	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/Content/assets/bundle/css/sub.min.css Requested by Host: 845342-34325.com URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `50b033e053c9707c86314ed31c05d31fd1768ede279d4b676de687d6b19ca122` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Response headers content-encoding br etag "de243c-8753c-61659c13a7c80-br" accept-ranges bytes date Thu, 21 Nov 2024 03:14:47 GMT last-modified Thu, 18 Apr 2024 07:16:50 GMT vary Accept-Encoding server Apache content-type text/css
GET H2	200	jquery-3.6.4.min.js Show response code.jquery.com/	88 KB 31 KB	79ms 23ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.4.min.js Requested by Host: 845342-34325.com URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://845342-34325.com/ Response headers content-encoding gzip etag W/"28feccc0-15ec3" age 2397428 x-cache HIT, HIT date Thu, 21 Nov 2024 03:14:47 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding x-cache-hits 180, 55910 last-modified Fri, 18 Oct 1991 12:00:00 GMT x-served-by cache-lga21953-LGA, cache-lcy-eglc8600029-LCY cache-control public, max-age=31536000, stale-while-revalidate=604800 x-timer S1732158887.336981,VS0,VE0 via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 31011 server nginx
GET H2	200	phone.png 845342-34325.com/Content/assets/img/	8 KB 8 KB	38ms 37ms	Image image/png	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Show image Full URL https://845342-34325.com/Content/assets/img/phone.png Requested by Host: 845342-34325.com URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `ecd0bd452254e541bd3e0f90384daf729c71bac57dcd6506ce531b82e91a6077` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Response headers accept-ranges bytes content-length 8378 etag "de2454-20ba-614d7c44a6d00" date Thu, 21 Nov 2024 03:14:47 GMT last-modified Sat, 30 Mar 2024 02:46:44 GMT content-type image/png server Apache
GET H2	200	phone.png 845342-34325.com/Content/assets/img/login/	10 KB 10 KB	39ms 38ms	Image image/png	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Show image Full URL https://845342-34325.com/Content/assets/img/login/phone.png Requested by Host: 845342-34325.com URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `75e159dc563cef2d81dfc676edd0562791341ffc58e8fb9d377011d4fe0977ae` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Response headers accept-ranges bytes content-length 9783 etag "de2452-2637-614d7c337c480" date Thu, 21 Nov 2024 03:14:47 GMT last-modified Sat, 30 Mar 2024 02:46:26 GMT content-type image/png server Apache
GET H2	200	comodo-logo.png 845342-34325.com/Content/assets/img/	6 KB 6 KB	40ms 39ms	Image image/png	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Show image Full URL https://845342-34325.com/Content/assets/img/comodo-logo.png Requested by Host: 845342-34325.com URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `7bd1ce5e91f7fa685fe3ec37c7f79c27a49f3ae067afce596fa46bb5b2d90d89` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Response headers accept-ranges bytes content-length 6295 etag "de244f-1897-614d7c3b1d680" date Thu, 21 Nov 2024 03:14:47 GMT last-modified Sat, 30 Mar 2024 02:46:34 GMT content-type image/png server Apache
GET H2	200	script.js Show response 845342-34325.com/client-side/	4 KB 1 KB	37ms 36ms	Script application/javascript	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/client-side/script.js Requested by Host: 845342-34325.com URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `48fe486c966f67eb339455520669739be9ba20981a01e2589b50a4e38bbda816` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Response headers content-encoding br etag "de2435-105a-616caeb785280-br" accept-ranges bytes content-length 1124 date Thu, 21 Nov 2024 03:14:47 GMT last-modified Tue, 23 Apr 2024 22:17:30 GMT vary Accept-Encoding server Apache content-type application/javascript
GET H2	200	login-bg.jpg 845342-34325.com/Content/assets/img/	104 KB 104 KB	37ms 37ms	Image image/jpeg	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Show image Full URL https://845342-34325.com/Content/assets/img/login-bg.jpg?v=20181004 Requested by Host: 845342-34325.com URL: https://845342-34325.com/Content/assets/bundle/css/sub.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://845342-34325.com/Content/assets/bundle/css/sub.min.css Response headers accept-ranges bytes content-length 106717 etag "de2453-1a0dd-614d7c3eedf80" date Thu, 21 Nov 2024 03:14:47 GMT last-modified Sat, 30 Mar 2024 02:46:38 GMT content-type image/jpeg server Apache
GET H2	200	BB78E1BCF28E9E4CC.woff2 845342-34325.com/Content/assets/css/webfonts/new/	13 KB 13 KB	50ms 49ms	Font font/woff2	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff2 Requested by Host: 845342-34325.com URL: https://845342-34325.com/Content/assets/bundle/css/sub.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `2f9071e4de731c949bee363cc182a5b88e61caa7cffbfd3ccf7321ca11327544` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://845342-34325.com Referer https://845342-34325.com/Content/assets/bundle/css/sub.min.css Response headers content-encoding br etag "de244a-349c-614d7c079dd00-br" accept-ranges bytes content-length 13469 date Thu, 21 Nov 2024 03:14:47 GMT last-modified Sat, 30 Mar 2024 02:45:40 GMT vary Accept-Encoding server Apache content-type font/woff2
GET H2	200	icomoon.woff2 845342-34325.com/Content/assets/css/fonts/	98 KB 98 KB	51ms 50ms	Font font/woff2	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/Content/assets/css/fonts/icomoon.woff2 Requested by Host: 845342-34325.com URL: https://845342-34325.com/Content/assets/bundle/css/sub.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `4eb0a95d46a2a21d2a033af489807a56e8669c172839474ed2ab8865ee40994f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://845342-34325.com Referer https://845342-34325.com/Content/assets/bundle/css/sub.min.css Response headers content-encoding br etag "de2447-186a0-614d7be548c00-br" accept-ranges bytes content-length 100005 date Thu, 21 Nov 2024 03:14:47 GMT last-modified Sat, 30 Mar 2024 02:45:04 GMT vary Accept-Encoding server Apache content-type font/woff2
GET H2	200	D40DF048D299CA4DD.woff2 845342-34325.com/Content/assets/css/webfonts/new/	13 KB 13 KB	38ms 38ms	Font font/woff2	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff2 Requested by Host: 845342-34325.com URL: https://845342-34325.com/Content/assets/bundle/css/sub.min.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `87066901222869bbc18ab6d6620daa3aeac78dad94f88233f14ff68bae4cb472` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://845342-34325.com Referer https://845342-34325.com/Content/assets/bundle/css/sub.min.css Response headers content-encoding br etag "de244b-34a4-614d7c0b6e600-br" accept-ranges bytes content-length 13476 date Thu, 21 Nov 2024 03:14:47 GMT last-modified Sat, 30 Mar 2024 02:45:44 GMT vary Accept-Encoding server Apache content-type font/woff2
POST H2	500	process.php Show response 845342-34325.com/	0 132 B	45ms 43ms	XHR text/html	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/process.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.4.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / PHP/8.2.24 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept / Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br pragma no-cache expires Thu, 19 Nov 1981 08:52:00 GMT content-length 1 date Thu, 21 Nov 2024 03:14:47 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/8.2.24 vary Accept-Encoding server Apache
GET H2	200	touch_icon.png 845342-34325.com/Content/assets/img/	24 KB 24 KB	36ms 36ms	Other image/png	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/Content/assets/img/touch_icon.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / Resource Hash `3f57f2ca6d11bb33c055ec016ce0b3c7816097de2bdbdca444b11f0ba90bf166` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ Response headers accept-ranges bytes content-length 24678 etag "de2455-6066-6151061478100" date Thu, 21 Nov 2024 03:14:47 GMT last-modified Mon, 01 Apr 2024 22:19:16 GMT content-type image/png server Apache
POST H2	200	process.php Show response 845342-34325.com/	0 33 B	45ms 44ms	XHR text/html	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/process.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.4.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / PHP/8.2.24 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept / Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br pragma no-cache expires Thu, 19 Nov 1981 08:52:00 GMT content-length 1 date Thu, 21 Nov 2024 03:14:50 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/8.2.24 vary Accept-Encoding server Apache
POST H2	500	process.php Show response 845342-34325.com/	0 56 B	44ms 42ms	XHR text/html	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/process.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.4.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / PHP/8.2.24 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept / Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br pragma no-cache expires Thu, 19 Nov 1981 08:52:00 GMT content-length 1 date Thu, 21 Nov 2024 03:14:50 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/8.2.24 vary Accept-Encoding server Apache
POST H2	200	status.php Show response 845342-34325.com/	7 B 44 B	42ms 42ms	XHR text/html	92.205.144.130 GODADDY-SXB Host ...
General Check archive.org Show headers Download Go to Full URL https://845342-34325.com/status.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.4.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 92.205.144.130 Strasbourg, France, ASN21499 (GODADDY-SXB Host Europe GmbH, DE), Reverse DNS Software Apache / PHP/8.2.24 Resource Hash `8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae` Request headers Referer https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept / Response headers cache-control no-store, no-cache, must-revalidate content-encoding br pragma no-cache expires Thu, 19 Nov 1981 08:52:00 GMT content-length 11 date Thu, 21 Nov 2024 03:14:50 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/8.2.24 vary Accept-Encoding server Apache

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ziraat Bank (Banking)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			845342-34325.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: id7pi24q3v9mbmngvh88ac01jl

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://845342-34325.com/?fbclid=IwY2xjawGrg1dleHRuA2FlbQEwAGFkaWQBqxT1XKUA7wEdnky1VMKROzRuNnK6w9Oz1hvhJbAfEMBNjg0YEf71Qef9wwrahDUMxA4P_aem_ve-G45e_aR6pp7M6IBMILQ(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://845342-34325.com/process.php Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://845342-34325.com/process.php Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

845342-34325.com
code.jquery.com
2a04:4e42:600::649
92.205.144.130
0bbdb5e9a60935f82903d27b0f1c817b793790b3105333e754ea1d3dc9ae7c2f
2f9071e4de731c949bee363cc182a5b88e61caa7cffbfd3ccf7321ca11327544
3f57f2ca6d11bb33c055ec016ce0b3c7816097de2bdbdca444b11f0ba90bf166
48fe486c966f67eb339455520669739be9ba20981a01e2589b50a4e38bbda816
4eb0a95d46a2a21d2a033af489807a56e8669c172839474ed2ab8865ee40994f
50b033e053c9707c86314ed31c05d31fd1768ede279d4b676de687d6b19ca122
75e159dc563cef2d81dfc676edd0562791341ffc58e8fb9d377011d4fe0977ae
7bd1ce5e91f7fa685fe3ec37c7f79c27a49f3ae067afce596fa46bb5b2d90d89
87066901222869bbc18ab6d6620daa3aeac78dad94f88233f14ff68bae4cb472
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecd0bd452254e541bd3e0f90384daf729c71bac57dcd6506ce531b82e91a6077
ee81740f6cc74f3e18b1a459058b371b76febbc1ae8b6365783f17a046212719

845342-34325.com Open in urlscan Pro 92.205.144.130 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

434 kBTransfer

1422 kBSize

1 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

21 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

845342-34325.com Open in urlscan Pro
92.205.144.130 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

434 kB
Transfer

1422 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!