www.paslanmazlazerkesim.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 94.102.2.29, located in Turkey and belongs to NETINTERNET Netinternet Bilisim Teknolojileri AS, TR. The main domain is www.paslanmazlazerkesim.com.

This is the only time www.paslanmazlazerkesim.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Promerica (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	94.102.2.29 94.102.2.29	51559 (NETINTERN...) (NETINTERNET Netinternet Bilisim Teknolojileri AS)
5	185.150.190.236 185.150.190.236	23470 (RELIABLESITE) (RELIABLESITE)
7	2

2 94.102.2.29 (Turkey)

ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR)
PTR: server.onculbilisim.com

www.paslanmazlazerkesim.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.150.190.236 (United States)

ASN23470 (RELIABLESITE, US)

i.postimg.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	postimg.cc i.postimg.cc — Cisco Umbrella Rank: 18734	179 KB
2	paslanmazlazerkesim.com www.paslanmazlazerkesim.com	5 KB
7	2

	Domain	Requested by
5	i.postimg.cc	www.paslanmazlazerkesim.com
2	www.paslanmazlazerkesim.com	www.paslanmazlazerkesim.com
7	2

This site contains no links.

Subject Issuer	Validity	Valid
postimg.cc R3	`2023-02-18` - `2023-05-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://www.paslanmazlazerkesim.com/
Frame ID: 0A063C7D0D5F871E1759C04FD9A3C90E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ingreso

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

184 kB
Transfer

182 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.paslanmazlazerkesim.com/	3 KB 3 KB	1766ms 235ms	Document text/html	94.102.2.29 NETINTERNET Netin...
General Check archive.org Show headers Download Go to Full URL http://www.paslanmazlazerkesim.com/ Protocol HTTP/1.1 Server 94.102.2.29 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR), Reverse DNS server.onculbilisim.com Software Apache / Resource Hash `bb593fe694abd98174b4d55f04e09b9dad7061b9fd546656b1cc032730d13abf` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Mon, 06 Mar 2023 04:42:20 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	estm.css www.paslanmazlazerkesim.com/	2 KB 2 KB	168ms 160ms	Stylesheet text/css	94.102.2.29 NETINTERNET Netin...
General Check archive.org Show headers Download Go to Full URL http://www.paslanmazlazerkesim.com/estm.css Requested by Host: www.paslanmazlazerkesim.com URL: http://www.paslanmazlazerkesim.com/ Protocol HTTP/1.1 Server 94.102.2.29 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR), Reverse DNS server.onculbilisim.com Software Apache / Resource Hash `8c581c5544cbde0c7910a2f94884c1a86c1db491771eb8f7c48d5ef0a35dac9e` Request headers accept-language en-US,en;q=0.9 Referer http://www.paslanmazlazerkesim.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Mon, 06 Mar 2023 04:42:20 GMT Last-Modified Mon, 30 Jan 2023 22:14:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1764
GET H2	200	dfg.png i.postimg.cc/0NCMW4xv/	6 KB 7 KB	536ms 27ms	Image image/png	185.150.190.236 RELIABLESITE
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/0NCMW4xv/dfg.png Requested by Host: www.paslanmazlazerkesim.com URL: http://www.paslanmazlazerkesim.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.150.190.236 , United States, ASN23470 (RELIABLESITE, US), Reverse DNS Software nginx / Resource Hash `1f0887a6e4393210fc638a21f17c11395de55115f71ea74a951acb81db62a490` Request headers accept-language en-US,en;q=0.9 Referer http://www.paslanmazlazerkesim.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 06 Mar 2023 04:42:21 GMT last-modified Tue, 31 Jan 2023 02:28:29 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 6422 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	sdf.png i.postimg.cc/C1BWm3Tr/	147 KB 148 KB	490ms 28ms	Image image/png	185.150.190.236 RELIABLESITE
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/C1BWm3Tr/sdf.png Requested by Host: www.paslanmazlazerkesim.com URL: http://www.paslanmazlazerkesim.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.150.190.236 , United States, ASN23470 (RELIABLESITE, US), Reverse DNS Software nginx / Resource Hash `cf866badc1e7fe07559a50bf94dca6154e1697fde6419e71cd2599c3ff21dc65` Request headers accept-language en-US,en;q=0.9 Referer http://www.paslanmazlazerkesim.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 06 Mar 2023 04:42:21 GMT last-modified Tue, 31 Jan 2023 02:52:13 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 150863 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	fdgsdf.png i.postimg.cc/fL6qRCqV/	8 KB 8 KB	491ms 29ms	Image image/png	185.150.190.236 RELIABLESITE
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/fL6qRCqV/fdgsdf.png Requested by Host: www.paslanmazlazerkesim.com URL: http://www.paslanmazlazerkesim.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.150.190.236 , United States, ASN23470 (RELIABLESITE, US), Reverse DNS Software nginx / Resource Hash `e7946d07342f078430600557c16ffb071735e772052619a8f8abb36e05d17554` Request headers accept-language en-US,en;q=0.9 Referer http://www.paslanmazlazerkesim.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 06 Mar 2023 04:42:21 GMT last-modified Tue, 31 Jan 2023 03:56:56 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 7851 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	sfdgdf.png i.postimg.cc/5y251CbX/	9 KB 9 KB	496ms 39ms	Image image/png	185.150.190.236 RELIABLESITE
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/5y251CbX/sfdgdf.png Requested by Host: www.paslanmazlazerkesim.com URL: http://www.paslanmazlazerkesim.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.150.190.236 , United States, ASN23470 (RELIABLESITE, US), Reverse DNS Software nginx / Resource Hash `5b76d52d46ca868333cd3a30e805efd9a7634c068b4becad24bdf3ea58afd539` Request headers accept-language en-US,en;q=0.9 Referer http://www.paslanmazlazerkesim.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 06 Mar 2023 04:42:21 GMT last-modified Tue, 31 Jan 2023 04:15:10 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 9188 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	rfg.png i.postimg.cc/Y2g9d977/	7 KB 8 KB	496ms 40ms	Image image/png	185.150.190.236 RELIABLESITE
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/Y2g9d977/rfg.png Requested by Host: www.paslanmazlazerkesim.com URL: http://www.paslanmazlazerkesim.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.150.190.236 , United States, ASN23470 (RELIABLESITE, US), Reverse DNS Software nginx / Resource Hash `ea0a7ccc525822a0d9149c3278a9aab563337055f4a346e422367e068fcfc323` Request headers accept-language en-US,en;q=0.9 Referer http://www.paslanmazlazerkesim.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 06 Mar 2023 04:42:21 GMT last-modified Tue, 31 Jan 2023 04:56:53 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 7498 expires Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Promerica (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i.postimg.cc
www.paslanmazlazerkesim.com
185.150.190.236
94.102.2.29
1f0887a6e4393210fc638a21f17c11395de55115f71ea74a951acb81db62a490
5b76d52d46ca868333cd3a30e805efd9a7634c068b4becad24bdf3ea58afd539
8c581c5544cbde0c7910a2f94884c1a86c1db491771eb8f7c48d5ef0a35dac9e
bb593fe694abd98174b4d55f04e09b9dad7061b9fd546656b1cc032730d13abf
cf866badc1e7fe07559a50bf94dca6154e1697fde6419e71cd2599c3ff21dc65
e7946d07342f078430600557c16ffb071735e772052619a8f8abb36e05d17554
ea0a7ccc525822a0d9149c3278a9aab563337055f4a346e422367e068fcfc323

www.paslanmazlazerkesim.com Open in urlscan Pro 94.102.2.29 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

7 Requests

71 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

184 kBTransfer

182 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

www.paslanmazlazerkesim.com Open in urlscan Pro
94.102.2.29 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

184 kB
Transfer

182 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!