www.aluwave.com.tr Open in urlscan Pro
89.252.183.243 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html
Submission: On December 20 via manual (December 20th 2024, 7:26:55 pm UTC) from NO — Scanned from NO

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 89.252.183.243, located in Turkey and belongs to guzelhosting GNET Internet Telekomunikasyon A.S., TR. The main domain is www.aluwave.com.tr.
TLS certificate: Issued by R10 on November 12th 2024. Valid for: 3 months.

This is the only time www.aluwave.com.tr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address		AS Autonomous System
10	89.252.183.243 89.252.183.243		42846 (guzelhost...) (guzelhosting GNET Internet Telekomunikasyon A.S.)
10	1

10 89.252.183.243 (Turkey)

ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR)
PTR: 243zdc3xe.guzel.net.tr

www.aluwave.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	aluwave.com.tr www.aluwave.com.tr	137 KB
10	1

	Domain	Requested by
10	www.aluwave.com.tr	www.aluwave.com.tr
10	1

This site contains no links.

Subject Issuer	Validity	Valid
aluwave.com.tr R10	`2024-11-12` - `2025-02-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html
Frame ID: CB83587F436F9031916CB0E0B23620FE
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Godkjenn

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

137 kB
Transfer

390 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/	3 KB 1 KB	750ms 232ms	Document text/html	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `03a2ac27ba5805b363000395f1192b83bd1bfe72858d0c90cd3d9dd5526679f5` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Linux" Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 850 content-type text/html date Fri, 20 Dec 2024 19:26:50 GMT last-modified Sun, 23 Jun 2024 11:27:42 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	bootstrap.min.css www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/bootstrap/css/	156 KB 21 KB	268ms 267ms	Stylesheet text/css	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/bootstrap/css/bootstrap.min.css Requested by Host: www.aluwave.com.tr URL: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=604800 content-encoding br expires Fri, 27 Dec 2024 19:26:50 GMT accept-ranges bytes content-length 21301 date Fri, 20 Dec 2024 19:26:50 GMT content-type text/css last-modified Sun, 23 Jun 2024 11:22:27 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	Login-Form-Clean.css www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/css/	1 KB 441 B	269ms 269ms	Stylesheet text/css	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/css/Login-Form-Clean.css Requested by Host: www.aluwave.com.tr URL: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `c0c1fca804bcf79a4564b545fc719f69653e15c16f71e7c988584cc06c5e0a73` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=604800 content-encoding br expires Fri, 27 Dec 2024 19:26:50 GMT accept-ranges bytes content-length 408 date Fri, 20 Dec 2024 19:26:50 GMT content-type text/css last-modified Sun, 23 Jun 2024 11:22:27 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	styles.css www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/css/	213 B 135 B	269ms 268ms	Stylesheet text/css	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/css/styles.css Requested by Host: www.aluwave.com.tr URL: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `406e5f75aa05e02a0d3bde82469661e9bd6e770fcdddf5e1659bec30e25a60b3` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=604800 content-encoding br expires Fri, 27 Dec 2024 19:26:50 GMT accept-ranges bytes content-length 103 date Fri, 20 Dec 2024 19:26:50 GMT content-type text/css last-modified Sun, 23 Jun 2024 11:22:27 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	95f3a80b-ceb5-4afb-9e0a-d1611744ba4d-w_960_h_960.jpg www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/img/	17 KB 17 KB	334ms 334ms	Image image/jpeg	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Show image Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/img/95f3a80b-ceb5-4afb-9e0a-d1611744ba4d-w_960_h_960.jpg Requested by Host: www.aluwave.com.tr URL: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `81431d7e78cbe7d8ff0b386d95d73a0d2a1a4128cabf49b9aafa06cfd0f61755` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=604800 expires Fri, 27 Dec 2024 19:26:50 GMT accept-ranges bytes content-length 17716 date Fri, 20 Dec 2024 19:26:50 GMT content-type image/jpeg last-modified Sun, 23 Jun 2024 11:22:27 GMT server LiteSpeed
GET H2	200	BNID.svg www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/img/	2 KB 749 B	335ms 335ms	Image image/svg+xml	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Show image Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/img/BNID.svg Requested by Host: www.aluwave.com.tr URL: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=604800 content-encoding br expires Fri, 27 Dec 2024 19:26:50 GMT accept-ranges bytes content-length 704 date Fri, 20 Dec 2024 19:26:50 GMT content-type image/svg+xml last-modified Sun, 23 Jun 2024 11:22:27 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	369c26_b396f2977e5a40839e2fc77a6f9aac2b~mv2.gif www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/img/	45 KB 45 KB	326ms 326ms	Image image/gif	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Show image Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/img/369c26_b396f2977e5a40839e2fc77a6f9aac2b~mv2.gif Requested by Host: www.aluwave.com.tr URL: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `be09957b988dd42f4fe1655f4869cb79027e5e70a6c211db9a3caa0ac48806ff` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=604800 expires Fri, 27 Dec 2024 19:26:50 GMT accept-ranges bytes content-length 46309 date Fri, 20 Dec 2024 19:26:50 GMT content-type image/gif last-modified Sun, 23 Jun 2024 11:22:27 GMT server LiteSpeed
GET H2	200	jquery.min.js Show response www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/js/	86 KB 29 KB	260ms 259ms	Script text/javascript	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/js/jquery.min.js Requested by Host: www.aluwave.com.tr URL: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding br accept-ranges bytes content-length 30047 date Fri, 20 Dec 2024 19:26:50 GMT content-type text/javascript last-modified Sun, 23 Jun 2024 11:22:27 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	bootstrap.min.js Show response www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/bootstrap/js/	79 KB 21 KB	389ms 388ms	Script text/javascript	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/bootstrap/js/bootstrap.min.js Requested by Host: www.aluwave.com.tr URL: https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding br accept-ranges bytes content-length 21842 date Fri, 20 Dec 2024 19:26:50 GMT content-type text/javascript last-modified Sun, 23 Jun 2024 11:22:27 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	favicon-32x32.png www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/img/	662 B 747 B	149ms 149ms	Other image/png	89.252.183.243 guzelhosting GNET...
General Check archive.org Show headers Download Go to Full URL https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/assets/img/favicon-32x32.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.252.183.243 , Turkey, ASN42846 (guzelhosting GNET Internet Telekomunikasyon A.S., TR), Reverse DNS 243zdc3xe.guzel.net.tr Software LiteSpeed / Resource Hash `88f7110ceee5618fe59660d48211eee569130180cedc6be47d106bc357b9c9aa` Request headers sec-ch-ua-platform "Linux" Referer https://www.aluwave.com.tr/idporten/skatt.skatteetaten/minside/AUTORISERE/index.html User-Agent Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.88 Mobile Safari/537.36 sec-ch-ua "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=604800 expires Fri, 27 Dec 2024 19:26:51 GMT accept-ranges bytes content-length 662 date Fri, 20 Dec 2024 19:26:51 GMT content-type image/png last-modified Sun, 23 Jun 2024 11:22:27 GMT server LiteSpeed

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| bootstrap

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.aluwave.com.tr
89.252.183.243
03a2ac27ba5805b363000395f1192b83bd1bfe72858d0c90cd3d9dd5526679f5
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
406e5f75aa05e02a0d3bde82469661e9bd6e770fcdddf5e1659bec30e25a60b3
81431d7e78cbe7d8ff0b386d95d73a0d2a1a4128cabf49b9aafa06cfd0f61755
88f7110ceee5618fe59660d48211eee569130180cedc6be47d106bc357b9c9aa
b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88
be09957b988dd42f4fe1655f4869cb79027e5e70a6c211db9a3caa0ac48806ff
c0c1fca804bcf79a4564b545fc719f69653e15c16f71e7c988584cc06c5e0a73

www.aluwave.com.tr Open in urlscan Pro 89.252.183.243 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

137 kBTransfer

390 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

www.aluwave.com.tr Open in urlscan Pro
89.252.183.243 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

137 kB
Transfer

390 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!