sporcununagahalkbabasi.vip
Open in
urlscan Pro
92.205.172.44
Malicious Activity!
Public Scan
Submission: On September 14 via api from TR — Scanned from FR
Summary
TLS certificate: Issued by R11 on September 13th 2024. Valid for: 3 months.
This is the only time sporcununagahalkbabasi.vip was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Halkbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
25 | 92.205.172.44 92.205.172.44 | 21499 (GODADDY-SXB) (GODADDY-SXB) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 2 | 23.53.42.160 23.53.42.160 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:350... 2a02:26f0:3500:18::1724:a292 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 2a02:26f0:350... 2a02:26f0:3500:899::228b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
33 | 5 |
ASN21499 (GODADDY-SXB, DE)
PTR: 44.172.205.92.host.secureserver.net
sporcununagahalkbabasi.vip |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-42-160.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN20940 (AKAMAI-ASN1, NL)
events.api.secureserver.net |
ASN20940 (AKAMAI-ASN1, NL)
csp.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
sporcununagahalkbabasi.vip
sporcununagahalkbabasi.vip |
415 KB |
6 |
secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 13374 csp.secureserver.net — Cisco Umbrella Rank: 13439 |
580 B |
2 |
wsimg.com
1 redirects
img1.wsimg.com — Cisco Umbrella Rank: 10397 |
21 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 808 |
31 KB |
33 | 4 |
Domain | Requested by | |
---|---|---|
25 | sporcununagahalkbabasi.vip |
sporcununagahalkbabasi.vip
code.jquery.com |
4 | csp.secureserver.net |
img1.wsimg.com
|
2 | events.api.secureserver.net |
img1.wsimg.com
|
2 | img1.wsimg.com |
1 redirects
sporcununagahalkbabasi.vip
|
1 | code.jquery.com |
sporcununagahalkbabasi.vip
|
33 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.halkbank.com.tr |
www.halkbankkobi.com.tr |
www.parafcard.com.tr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sporcununabsda342bdasiaraba.com R11 |
2024-09-13 - 2024-12-12 |
3 months | crt.sh |
*.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
*.api.secureserver.net Starfield Secure Certificate Authority - G2 |
2024-07-15 - 2025-08-16 |
a year | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2023-10-10 - 2024-11-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sporcununagahalkbabasi.vip/
Frame ID: F3BAC358B24DED0A0937D083959FAD10
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
Halkbank İnternet ŞubesiDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- <(?:div|html)[^>]+ng-app=
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Güvenliğiniz için Halkbank İnternet Şubesi girişlerinde; cep telefonu numarası, marka ve modeli bilgileriniz istenmez. Detaylı bilgi için tıklayınız
Search URL Search Domain Scan URL
Title: A’dan Z’ye KOBİ’ye dair her şey halkbankkobi.com.tr’de! Detaylar için tıklayınız
Search URL Search Domain Scan URL
Title: Hızlı ve güvenli bankacılığın yeni numarası: 0850 222 0 400 Halkbank Dialog 0850 222 0 401 Halkbank KOBİ Dialog
Search URL Search Domain Scan URL
Title: Sıkça Sorulan Sorular
Search URL Search Domain Scan URL
Title: ATM ve Şubeler
Search URL Search Domain Scan URL
Title: Duyurular
Search URL Search Domain Scan URL
Title: Mutlu Müşteri Merkezi Halkbank olarak siz değerli müşterilerimizin taleplerini önemsiyoruz.
Search URL Search Domain Scan URL
Title: Paraf Card Kredi Kartı Dünyasında Ayrıcalıklar Bu Paraf’ta!
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
- https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sporcununagahalkbabasi.vip/ |
41 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
sporcununagahalkbabasi.vip/css/ |
139 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
production.min.css
sporcununagahalkbabasi.vip/css/ |
210 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
production-plugins.min.css
sporcununagahalkbabasi.vip/css/ |
138 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
skins.min.css
sporcununagahalkbabasi.vip/css/ |
510 KB 70 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
veribranch-all.css
sporcununagahalkbabasi.vip/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
receipt.css
sporcununagahalkbabasi.vip/css/ |
3 KB 821 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
plugins-all.css
sporcununagahalkbabasi.vip/css/ |
70 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HALKBANK_logo2.svg
sporcununagahalkbabasi.vip/img/HALKBANK/ |
7 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HB_lock.png
sporcununagahalkbabasi.vip/img/ |
515 B 599 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HB_lock-white.png
sporcununagahalkbabasi.vip/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vb-all.js
sporcununagahalkbabasi.vip/InternetBankingHost/Features/wwwroot/statics/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
veribranch.directives.js
sporcununagahalkbabasi.vip/InternetBankingHost/Features/wwwroot/VeriBranch.Web/Modules/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.4.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scc-c2.min.js
img1.wsimg.com/signals/js/clients/scc-c2/ Redirect Chain
|
105 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blank.gif
sporcununagahalkbabasi.vip/img/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bghbnew.jpg
sporcununagahalkbabasi.vip/img/ |
156 KB 156 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
white-arrow.png
sporcununagahalkbabasi.vip/img/ |
219 B 293 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-mmm.svg
sporcununagahalkbabasi.vip/img/icons/svg/white/ |
1 KB 611 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GUVENLIK.png
sporcununagahalkbabasi.vip/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paraf.png
sporcununagahalkbabasi.vip/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
sporcununagahalkbabasi.vip/fonts/ |
63 KB 63 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Gotham-Bold.woff
sporcununagahalkbabasi.vip/fonts/gotham/ |
11 KB 11 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
text-security-disc.woff2
sporcununagahalkbabasi.vip/fonts/ |
2 KB 2 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
datach.php
sporcununagahalkbabasi.vip/ |
0 30 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 290 B |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 290 B |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2favicon.ico
sporcununagahalkbabasi.vip/img/favicon/ |
315 B 343 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
datach.php
sporcununagahalkbabasi.vip/ |
0 53 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Halkbank (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| fraudNetInitiateEvent function| fraudNetValidateEvent function| $ function| jQuery function| gonder object| _trfd object| _tcclInternal object| _expDataLayer object| _signalsDataLayer object| scc-c2 object| _trfq3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.sporcununagahalkbabasi.vip/ | Name: _tccl_visitor Value: 4fb8d21c-18a0-4714-9278-1c8fd59384fc |
|
.sporcununagahalkbabasi.vip/ | Name: _tccl_visit Value: 4fb8d21c-18a0-4714-9278-1c8fd59384fc |
|
.sporcununagahalkbabasi.vip/ | Name: _scc_session Value: pc=1&C_TOUCH=2024-09-14T18:51:11.198Z |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
csp.secureserver.net
events.api.secureserver.net
img1.wsimg.com
sporcununagahalkbabasi.vip
23.53.42.160
2a02:26f0:3500:18::1724:a292
2a02:26f0:3500:899::228b
2a04:4e42:600::649
92.205.172.44
150515bdd6a0afb734c18307eba842fe07df15ed730aa5ed22d18959947e7e1f
30d27974c7405f868704074ad6dcc835ab2f0f2a6439a45d7fbd1cd4296bda4a
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
50fd99c7ba443da1d3f8455af419e9a623c7a87013c82580129c7461a9804f27
5dce1529451ca28870b87a2f034cd462558d3830f99e8ac3c22a3a3445191a4d
5f753839283d4a8841cbd7707282dcfc9e2a65d116316955a3d6751a5fb30594
7163dd1bbf810606e4aadbf9b921ed07d1d21790fe027d620c6ba54aa17f141c
919b3693b2c106c684bf530443ee2af0360f7f51d96d7fc556be5cd03942d6bc
929c9acb73530a412324d05d604ddec6eaab1c86a40d8ef59e3003b9e899040b
9313b826be1e50da9e240b43b515c91214bc72d506b20d1dddbeeca6ebdd1bee
964636a5b67ebc123f6593ab8cad228a53c4df0b6a3f9d31511a19a90fedfd2f
9dd630e7cbf1a068b89a5a134e248ff63f2d452081bf86684aeb4b7f73712b76
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
aa927bb0806b182d355c9923570e63aa7520a4680c781ba57de94cb6a3d6c15c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b62dcddfb2f73bb87e8a1b62ce426ae15009df2a879e4fcf01c88262c0ca169f
c6a9da998ff4b8b121020abd635868f6430d83167f1b7cb5899185f5022ec4a0
cc8c5b8fdc333b4e97cd8d17ff9ea1a5feaa973973f0101be4dbf7d0d70dfc48
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
db4ea83ae0197510659f29dcf93c0b4916d6c7c890b05774f2558ad02ce39a6c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e508fd78ced65cdc73d8f5c5b8ca8e2f67e940c59f65906823f020ede1b34c4c
f96b5148857695bb23d076c0ddb526d7bea257bcefe320708546680243806b1a
fa38abaaeab332d2bc134bbc7103cfa06611249c6164c530938bed7f13c25b8c
fa895aad80366bcd0abb6c52554f13e33cf99a494bb6a539c52aeb2b03a53dd2