hmnkatilim.akr2024basvur.xyz Open in urlscan Pro
2606:4700:3033::ac43:d4c1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hmnkatilim.akr2024basvur.xyz/index.php?fbclid=IwZXh0bgNhZW0BMAABHX7QorFSWCzh8_TcBInvkxY_JxTRiGkPrp4_4j6CmYOAh8Ei72_HwYKqhw_ae...
Submission: On September 07 via api (September 7th 2024, 12:46:09 pm UTC) from TR — Scanned from DE

Summary HTTP 3 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3033::ac43:d4c1, located in United States and belongs to CLOUDFLARENET, US. The main domain is hmnkatilim.akr2024basvur.xyz.
TLS certificate: Issued by WE1 on September 7th 2024. Valid for: 3 months.

This is the only time hmnkatilim.akr2024basvur.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Denizbank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
3	2606:4700:303... 2606:4700:3033::ac43:d4c1		13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2

3 2606:4700:3033::ac43:d4c1 (United States)

ASN13335 (CLOUDFLARENET, US)

hmnkatilim.akr2024basvur.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	akr2024basvur.xyz hmnkatilim.akr2024basvur.xyz	933 KB
3	1

	Domain	Requested by
3	hmnkatilim.akr2024basvur.xyz
3	1

This site contains links to these domains. Also see Links.

Domain
www.denizbank.com

Subject Issuer	Validity	Valid
akr2024basvur.xyz WE1	`2024-09-07` - `2024-12-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hmnkatilim.akr2024basvur.xyz/index.php?fbclid=IwZXh0bgNhZW0BMAABHX7QorFSWCzh8_TcBInvkxY_JxTRiGkPrp4_4j6CmYOAh8Ei72_HwYKqhw_aem_4SiX3yZSE9H71uBAWDfFWA
Frame ID: 39DE70C1E9A154F89A515F87B0DAE0D3
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1119 kB
Transfer

3197 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.denizbank.com/dijital-bankacilik/guvenlik
Title: İnternet Güvenliği

Search URL Search Domain Scan URL

URL: https://www.denizbank.com/internet-bankaciligi/
Title: Yardım ve Öneriler

Search URL Search Domain Scan URL

URL: https://www.denizbank.com/dijital-bankacilik/internet-bankaciligi
Title: İşlem Limitleri ve Saatleri

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
12 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request index.php Show response hmnkatilim.akr2024basvur.xyz/	2 MB 932 KB	664ms 623ms	Document text/html	2606:4700:3033::ac43:d4c1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hmnkatilim.akr2024basvur.xyz/index.php?fbclid=IwZXh0bgNhZW0BMAABHX7QorFSWCzh8_TcBInvkxY_JxTRiGkPrp4_4j6CmYOAh8Ei72_HwYKqhw_aem_4SiX3yZSE9H71uBAWDfFWA Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:d4c1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.3.11 PleskLin Resource Hash `3acf0f99e8aed17d84db7720ede7f2bf7502aa887c7bba76a4c0404ffb335716` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 8bf6cc9679589225-FRA content-encoding br content-type text/html; charset=UTF-8 date Sat, 07 Sep 2024 12:46:01 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6WI%2F5IyrvqyNinA7%2BvZr1Oy95KJK%2BUZe6Mc0LERgxXF%2FwVeuvXgITZRt2gkdl%2B0q%2B%2Ff8mNaJmld3ew9%2BSm3LlHlSXSH%2Ff2av2UYltmgIiWEejsqFlIFZLJ8aHPW%2BemW%2F4oXStOYEUleAHUn9ja675efS2fXDKTMViDi"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" x-powered-by PHP/8.3.11 PleskLin
GET H3	200	speculation hmnkatilim.akr2024basvur.xyz/cdn-cgi/	128 B 596 B	14ms 14ms	Other application/speculationrules+json	2606:4700:3033::ac43:d4c1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hmnkatilim.akr2024basvur.xyz/cdn-cgi/speculation Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:d4c1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d` Request headers Referer https://hmnkatilim.akr2024basvur.xyz/index.php?fbclid=IwZXh0bgNhZW0BMAABHX7QorFSWCzh8_TcBInvkxY_JxTRiGkPrp4_4j6CmYOAh8Ei72_HwYKqhw_aem_4SiX3yZSE9H71uBAWDfFWA Origin https://hmnkatilim.akr2024basvur.xyz User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sat, 07 Sep 2024 12:46:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VThONzoXvxb1651UbEZb268A9%2F4GzHe01OkxDhXmg%2B4wlU8ds%2FGnV32V%2B56ENZ7NprA8KM7RpPlQ6lycVl%2F%2FuvFmd00acqYPQRL10z9gCwfIScqYZHTzCqTXjJG3REqVZj3IgedH1NbntunCBq7Fun6AOG5Ee40B6DNN"}],"group":"cf-nel","max_age":604800} content-type application/speculationrules+json access-control-allow-origin https://hmnkatilim.akr2024basvur.xyz cf-ray 8bf6cc9a5bf29225-FRA alt-svc h3=":443"; ma=86400 content-length 128
GET DATA	200 OK	truncated /	37 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4d54a976b6fa75c73ec219bf5ca96537d46c387c138842fe3d76be0d9e111e0a` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	12 KB 12 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `be3979aa66ab98b74f4c323b1c194cba444de65913e489d5786e0c7fd8f310c0` Request headers Referer Origin https://hmnkatilim.akr2024basvur.xyz User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	176 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3da913d79fff46cfe4d58d56e141cfcb31865606284507f7a530db69394330fb` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d5b36f08a46e0a0ef81b828bb9d05df63f1f7391521d238b82c5c3ce31782b05` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	351 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4ddc3efda8ec5711a176a8c8e9e34cdefa4f8ca43deeaa98e1324a0385e5adad` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	12 KB 12 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a085c2f1e7df8cdded779fa68b0ce2e0d31d3352ed8d8238cb540f35fa20cf0d` Request headers Referer Origin https://hmnkatilim.akr2024basvur.xyz User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	148 KB 148 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `94a465998fa218c8818e3e07f1978e5e037eb39d1d40a58a48e54ae1b297e934` Request headers Referer Origin https://hmnkatilim.akr2024basvur.xyz User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type application/octet-stream
GET DATA	200 OK	truncated /	38 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `74ded04044e0ea5035452097608c57828b228d0201feda6055c58029fff87f29` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	8 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `54e92ad9930ef375b8f4e1a1fe7fe5c86d43d7ad00a955c5df818e26489049b8` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `59c1a112d5d610c1399aa46d5b549c5aad1e4b283aaf785545e818d053f25378` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1b74331ad061c583ad54561f95596a8481b95d863a431fc4daf3a9ee7d151975` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	12 KB 12 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b582e5e36135cfe697ec9cfbb06ff7407a7d89a9e4a1287cfdd905cc3f9669e5` Request headers Referer Origin https://hmnkatilim.akr2024basvur.xyz User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff2
GET H3	404	favicon.ico hmnkatilim.akr2024basvur.xyz/	808 B 910 B	243ms 243ms	Other text/html	2606:4700:3033::ac43:d4c1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hmnkatilim.akr2024basvur.xyz/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:d4c1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers Referer https://hmnkatilim.akr2024basvur.xyz/index.php?fbclid=IwZXh0bgNhZW0BMAABHX7QorFSWCzh8_TcBInvkxY_JxTRiGkPrp4_4j6CmYOAh8Ei72_HwYKqhw_aem_4SiX3yZSE9H71uBAWDfFWA User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sat, 07 Sep 2024 12:46:02 GMT content-encoding br cf-cache-status MISS last-modified Tue, 03 Sep 2024 04:43:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iqC%2FyAj7kLOuBdhlPe37fhOfkC%2F3bNVOuY7KYeoMJ1utlO2mqMUw9J2A0keSeZz%2FCLHY1V0d8BEKpcaZ%2B46CkDIgqZesCsnM8Kq%2BsVw%2FedacymHleQSAdOqOFf%2FWTBU%2FtHInkhlp2i%2BhipiKUYBGY5mm0SII1l4G895r"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 8bf6cc9d4ddc9225-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Denizbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| savepage_ShadowLoader

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			hmnkatilim.akr2024basvur.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: ciemp8dq1jil9k0975vcv2ai93

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://hmnkatilim.akr2024basvur.xyz/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hmnkatilim.akr2024basvur.xyz
2606:4700:3033::ac43:d4c1
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
1b74331ad061c583ad54561f95596a8481b95d863a431fc4daf3a9ee7d151975
3acf0f99e8aed17d84db7720ede7f2bf7502aa887c7bba76a4c0404ffb335716
3da913d79fff46cfe4d58d56e141cfcb31865606284507f7a530db69394330fb
4d54a976b6fa75c73ec219bf5ca96537d46c387c138842fe3d76be0d9e111e0a
4ddc3efda8ec5711a176a8c8e9e34cdefa4f8ca43deeaa98e1324a0385e5adad
54e92ad9930ef375b8f4e1a1fe7fe5c86d43d7ad00a955c5df818e26489049b8
59c1a112d5d610c1399aa46d5b549c5aad1e4b283aaf785545e818d053f25378
74ded04044e0ea5035452097608c57828b228d0201feda6055c58029fff87f29
94a465998fa218c8818e3e07f1978e5e037eb39d1d40a58a48e54ae1b297e934
a085c2f1e7df8cdded779fa68b0ce2e0d31d3352ed8d8238cb540f35fa20cf0d
b582e5e36135cfe697ec9cfbb06ff7407a7d89a9e4a1287cfdd905cc3f9669e5
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
be3979aa66ab98b74f4c323b1c194cba444de65913e489d5786e0c7fd8f310c0
d5b36f08a46e0a0ef81b828bb9d05df63f1f7391521d238b82c5c3ce31782b05

hmnkatilim.akr2024basvur.xyz Open in urlscan Pro 2606:4700:3033::ac43:d4c1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

1119 kBTransfer

3197 kBSize

1 Cookies

3 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

hmnkatilim.akr2024basvur.xyz Open in urlscan Pro
2606:4700:3033::ac43:d4c1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1119 kB
Transfer

3197 kB
Size

1
Cookies

3 HTTP transactions
12 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!