kmpnyak.sa.com Open in urlscan Pro
185.148.241.49 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kmpnyak.sa.com/akbankkredilog/
Submission: On May 17 via api (May 17th 2024, 9:51:39 am UTC) from TR — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 20 HTTP transactions. The main IP is 185.148.241.49, located in Turkey and belongs to POYRAZ, TR. The main domain is kmpnyak.sa.com.
TLS certificate: Issued by R3 on May 12th 2024. Valid for: 3 months.

This is the only time kmpnyak.sa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AKBank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	185.148.241.49 185.148.241.49	210574 (POYRAZ) (POYRAZ)
11	217.169.192.95 217.169.192.95	12794 (AKNET-AKBANK) (AKNET-AKBANK)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
20	5

2 185.148.241.49 (Turkey)

ASN210574 (POYRAZ, TR)
PTR: hostmaster.poyrazhosting.com.tr

kmpnyak.sa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 217.169.192.95 (Istanbul, Turkey)

ASN12794 (AKNET-AKBANK, TR)

mobilsube.akbank.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	akbank.com.tr mobilsube.akbank.com.tr	198 KB
2	gstatic.com fonts.gstatic.com	14 KB
2	sa.com kmpnyak.sa.com	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	1 KB
20	4

	Domain	Requested by
11	mobilsube.akbank.com.tr	kmpnyak.sa.com mobilsube.akbank.com.tr
2	fonts.gstatic.com	fonts.googleapis.com
2	kmpnyak.sa.com
1	fonts.googleapis.com	kmpnyak.sa.com
20	4

This site contains no links.

Subject Issuer	Validity	Valid
kmpnyak.sa.com R3	`2024-05-12` - `2024-08-10`	3 months	crt.sh
mobilsube.akbank.com.tr DigiCert EV RSA CA G2	`2023-07-06` - `2024-07-19`	a year	crt.sh
upload.video.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://kmpnyak.sa.com/akbankkredilog/
Frame ID: C088E9AF70E4EC8EF77B4198AC4637C6
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Akbank Mobil - Hoşçakalın!

Page Statistics

20
Requests

80 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

215 kB
Transfer

827 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
kmpnyak.sa.com/akbankkredilog/ 13 KB
3 KB 267ms
71ms Document
text/html 185.148.241.49
POYRAZ

General

Check archive.org

Show headers Download Go to

Full URL: https://kmpnyak.sa.com/akbankkredilog/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.148.241.49 , Turkey, ASN210574 (POYRAZ, TR),
Reverse DNS: hostmaster.poyrazhosting.com.tr
Software: nginx / PHP/8.2.19 PleskLin
Resource Hash: f58b42201afb622578bddb81faafb940de38896f556a747085dcef256ca3a1b3

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-length: 2412
content-type: text/html; charset=UTF-8
date: Fri, 17 May 2024 09:51:34 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.19 PleskLin

GET
H/1.1 200
OK akbankdirekt-core.min.css
mobilsube.akbank.com.tr/content/core/styles/ 3 KB
1 KB 289ms
59ms Stylesheet
text/css 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://mobilsube.akbank.com.tr/content/core/styles/akbankdirekt-core.min.css?v=1.1.11

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

0020f426b58b7a2e17edf6c0c634b326cdd3213f28e2d820bffde65b71af7bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:33 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:42 GMT
ETag: "08f42becaf6d91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 583

GET
H/1.1 200
OK akbankdirekt-core-plugins.min.css
mobilsube.akbank.com.tr/content/core/styles/ 169 KB
23 KB 290ms
61ms Stylesheet
text/css 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://mobilsube.akbank.com.tr/content/core/styles/akbankdirekt-core-plugins.min.css?v=1.0.34

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

727146d6b88e62ba4d16326d4030fc9eb5b6f8fa1a402050c483c65646bc9b84

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:33 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:42 GMT
ETag: "08f42becaf6d91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 23224

GET
H/1.1 200
OK akbankdirekt-parts.mobile.min.css
mobilsube.akbank.com.tr/content/core/styles/ 118 KB
19 KB 294ms
66ms Stylesheet
text/css 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://mobilsube.akbank.com.tr/content/core/styles/akbankdirekt-parts.mobile.min.css?v=1.0.12

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

555d1ec5e214c237a60b9e415998f91740509751b92f20991a2035d4beff7bb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:33 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:42 GMT
ETag: "08f42becaf6d91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 19301

GET
H/1.1 200
OK application-styles-mobile.min.css
mobilsube.akbank.com.tr/content/application/styles/dist/css/ 384 KB
40 KB 292ms
63ms Stylesheet
text/css 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://mobilsube.akbank.com.tr/content/application/styles/dist/css/application-styles-mobile.min.css?1.0.11

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

b61039d24fadb6002ff4373f9fe3c23fbca29ada827b533feb81de1b2dfeff40

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:33 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:40 GMT
ETag: "06211bdcaf6d91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 40337

GET
H/1.1 200
OK custom.css
mobilsube.akbank.com.tr/content/core/scripts/icheck/css/skins/square/ 2 KB
1 KB 287ms
58ms Stylesheet
text/css 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://mobilsube.akbank.com.tr/content/core/scripts/icheck/css/skins/square/custom.css

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

7aa5dddd813a6afd7761be946a3d02fcfb94eb32f0386cfccb3333b3e78716e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:33 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:42 GMT
ETag: "08f42becaf6d91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 649

GET
H/1.1 200
OK grey.css
mobilsube.akbank.com.tr/content/core/scripts/icheck/css/skins/square/ 2 KB
1 KB 293ms
64ms Stylesheet
text/css 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://mobilsube.akbank.com.tr/content/core/scripts/icheck/css/skins/square/grey.css

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

b4b85e4c92787cb96cef904b2561a8241848a152a6c3f562bc5f7a5f18fca105

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:33 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:42 GMT
ETag: "08f42becaf6d91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 611

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
1 KB 37ms
16ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3f6e8efb65dff0486271d787d60be7d84387c203bebd36159794e6e2c28c31f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 May 2024 09:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 May 2024 09:25:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 May 2024 09:51:34 GMT

GET
H/1.1 200
OK dt-w.svg
mobilsube.akbank.com.tr/content/application/images/icon-set/ 1 KB
1 KB 59ms
57ms Image
image/svg+xml 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mobilsube.akbank.com.tr/content/application/images/icon-set/dt-w.svg

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

964fff1c15ab3b40b4d11112de8e1b4196c5beed95e1bcd9457f4b0c22c00af6

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:35 GMT
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:40 GMT
ETag: "06211bdcaf6d91:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 1039

GET
H/1.1 200
OK standart_logo.svg
mobilsube.akbank.com.tr/content/application/images/ 2 KB
2 KB 62ms
60ms Image
image/svg+xml 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mobilsube.akbank.com.tr/content/application/images/standart_logo.svg

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

988fdb5c83c68e79b83feb2df8fe1c479e81ad461c748a62b07f9cf978cbd884

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:35 GMT
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:40 GMT
ETag: "06211bdcaf6d91:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 1919

GET
H/1.1 200
OK back.png
mobilsube.akbank.com.tr/content/application/images/icons/ 3 KB
3 KB 61ms
59ms Image
image/png 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mobilsube.akbank.com.tr/content/application/images/icons/back.png

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

5f12f2b5d7caf1911870d6af0a2d4b05d5af358efd1ff6552fcf6bcdae877193

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:35 GMT
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:40 GMT
ETag: "06211bdcaf6d91:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 2770

GET
H/1.1 200
OK close.png
mobilsube.akbank.com.tr/content/application/images/icons/ 1 KB
2 KB 58ms
58ms Image
image/png 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mobilsube.akbank.com.tr/content/application/images/icons/close.png

Requested by

Host: kmpnyak.sa.com
URL: https://kmpnyak.sa.com/akbankkredilog/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

e554a202fdd94beb03a593f6e30c3aa2df7a65a8230ba8db9d88638189f8c652

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:35 GMT
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:40 GMT
ETag: "06211bdcaf6d91:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 1209

GET
H/1.1 200
OK sprite-icons-46d76763.svg
mobilsube.akbank.com.tr/content/application/images/icons/sprite-icons/ 103 KB
103 KB 64ms
64ms Image
image/svg+xml 217.169.192.95
AKNET-AKBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mobilsube.akbank.com.tr/content/application/images/icons/sprite-icons/sprite-icons-46d76763.svg

Requested by

Host: mobilsube.akbank.com.tr
URL: https://mobilsube.akbank.com.tr/content/application/styles/dist/css/application-styles-mobile.min.css?1.0.11

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

217.169.192.95 Istanbul, Turkey, ASN12794 (AKNET-AKBANK, TR),

Reverse DNS

Software

Resource Hash

c105b2fef80a493a634169507e58968440ca4d74b267e8a0f3a0e31828f44950

Security Headers

Name	Value
Strict-Transport-Security	max-age=4294967294
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mobilsube.akbank.com.tr/content/application/styles/dist/css/application-styles-mobile.min.css?1.0.11
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 17 May 2024 09:51:35 GMT
Strict-Transport-Security: max-age=4294967294
Last-Modified: Wed, 04 Oct 2023 13:57:40 GMT
ETag: "06211bdcaf6d91:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 105354

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://kmpnyak.sa.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 14:28:49 GMT
x-content-type-options: nosniff
age: 242566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 May 2025 14:28:49 GMT

GET OpenSans-Regular.woff
mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Regular/ 0
0

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2
fonts.gstatic.com/s/poppins/v21/ 5 KB
5 KB 31ms
9ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26fd27fb6bb1dc4c64a687124cc328a5ed13d89155dbfcd218eda64a45835174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://kmpnyak.sa.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 14:52:18 GMT
x-content-type-options: nosniff
age: 500357
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5484
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:01:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 May 2025 14:52:18 GMT

GET OpenSans-Light.woff
mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Light/ 0
0

GET OpenSans-Regular.ttf
mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Regular/ 0
0

GET OpenSans-Light.ttf
mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Light/ 0
0

GET
H2 404 favicon.ico
kmpnyak.sa.com/ 808 B
500 B 62ms
62ms Other
text/html 185.148.241.49
POYRAZ

General

Check archive.org

Show headers Download Go to

Full URL: https://kmpnyak.sa.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.148.241.49 , Turkey, ASN210574 (POYRAZ, TR),
Reverse DNS: hostmaster.poyrazhosting.com.tr
Software: nginx /
Resource Hash: b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kmpnyak.sa.com/akbankkredilog/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 17 May 2024 09:51:35 GMT
content-encoding: br
last-modified: Sun, 12 May 2024 10:57:04 GMT
server: nginx
etag: W/"328-6183fa111c445"
content-type: text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mobilsube.akbank.com.tr
URL: https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Regular/OpenSans-Regular.woff

Domain: mobilsube.akbank.com.tr
URL: https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Light/OpenSans-Light.woff

Domain: mobilsube.akbank.com.tr
URL: https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Regular/OpenSans-Regular.ttf

Domain: mobilsube.akbank.com.tr
URL: https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Light/OpenSans-Light.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AKBank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateTC function| validateTel function| validatePassword

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://kmpnyak.sa.com/akbankkredilog/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
javascript	error	URL: https://kmpnyak.sa.com/akbankkredilog/ Message: Access to font at 'https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Regular/OpenSans-Regular.woff' from origin 'https://kmpnyak.sa.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Regular/OpenSans-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://kmpnyak.sa.com/akbankkredilog/ Message: Access to font at 'https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Light/OpenSans-Light.woff' from origin 'https://kmpnyak.sa.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Light/OpenSans-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://kmpnyak.sa.com/akbankkredilog/ Message: Access to font at 'https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Regular/OpenSans-Regular.ttf' from origin 'https://kmpnyak.sa.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Regular/OpenSans-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://kmpnyak.sa.com/akbankkredilog/ Message: Access to font at 'https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Light/OpenSans-Light.ttf' from origin 'https://kmpnyak.sa.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://mobilsube.akbank.com.tr/content/core/fonts/OpenSans/Light/OpenSans-Light.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://kmpnyak.sa.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
kmpnyak.sa.com
mobilsube.akbank.com.tr
mobilsube.akbank.com.tr
185.148.241.49
217.169.192.95
2a00:1450:4001:802::2003
2a00:1450:4001:808::200a
0020f426b58b7a2e17edf6c0c634b326cdd3213f28e2d820bffde65b71af7bb3
26fd27fb6bb1dc4c64a687124cc328a5ed13d89155dbfcd218eda64a45835174
3f6e8efb65dff0486271d787d60be7d84387c203bebd36159794e6e2c28c31f3
555d1ec5e214c237a60b9e415998f91740509751b92f20991a2035d4beff7bb6
5f12f2b5d7caf1911870d6af0a2d4b05d5af358efd1ff6552fcf6bcdae877193
727146d6b88e62ba4d16326d4030fc9eb5b6f8fa1a402050c483c65646bc9b84
7aa5dddd813a6afd7761be946a3d02fcfb94eb32f0386cfccb3333b3e78716e3
964fff1c15ab3b40b4d11112de8e1b4196c5beed95e1bcd9457f4b0c22c00af6
988fdb5c83c68e79b83feb2df8fe1c479e81ad461c748a62b07f9cf978cbd884
b4b85e4c92787cb96cef904b2561a8241848a152a6c3f562bc5f7a5f18fca105
b61039d24fadb6002ff4373f9fe3c23fbca29ada827b533feb81de1b2dfeff40
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
c105b2fef80a493a634169507e58968440ca4d74b267e8a0f3a0e31828f44950
e554a202fdd94beb03a593f6e30c3aa2df7a65a8230ba8db9d88638189f8c652
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f58b42201afb622578bddb81faafb940de38896f556a747085dcef256ca3a1b3

kmpnyak.sa.com Open in urlscan Pro 185.148.241.49 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

20 Requests

80 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

215 kBTransfer

827 kBSize

0 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

10 Console Messages

Indicators

kmpnyak.sa.com Open in urlscan Pro
185.148.241.49 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

80 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

215 kB
Transfer

827 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!