mail.ziraatmobilnetbankacilik.com Open in urlscan Pro
23.254.231.212  Malicious Activity! Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response mail.ziraatmobilnetbankacilik.com/	14 KB 15 KB	606ms 544ms	Document text/html	23.254.231.212 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL http://mail.ziraatmobilnetbankacilik.com/ Protocol HTTP/1.1 Server 23.254.231.212 Seattle, United States, ASN54290 (HOSTWINDS, US), Reverse DNS client-23-254-231-212.hostwindsdns.com Software Apache / Resource Hash e3bf343713911357c3c457a1d429cbc18ef9a1af8af4a4d947916b506affa2b4 Request headers Host mail.ziraatmobilnetbankacilik.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 19 Feb 2020 10:45:15 GMT Server Apache Upgrade h2,h2c Connection Upgrade, Keep-Alive Vary Accept-Encoding Keep-Alive timeout=5, max=1000 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	plugins.min.css bireysel.ziraatbank.com.tr/	337 KB 63 KB	385ms 71ms	Stylesheet text/css	194.24.224.11 FINTEK-AS
General Check archive.org Show headers Download Go to Full URL https://bireysel.ziraatbank.com.tr/plugins.min.css?v=0WnwC10Ui67Cf0vF6vDueNbrbYjKGUAdzIZoal3Akf81 Requested by Host: mail.ziraatmobilnetbankacilik.com URL: http://mail.ziraatmobilnetbankacilik.com/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 194.24.224.11 , Turkey, ASN31471 (FINTEK-AS, TR), Reverse DNS Software zws / Resource Hash 24cc27ac470b95e9aef2d3005e953f834990ade17909f6f0c44436ead2b3f4a8 Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://mail.ziraatmobilnetbankacilik.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Wed, 19 Feb 2020 10:41:09 GMT Via ZB X-Content-Type-Options nosniff Age 248 ntCoent-Length 345310 Xet-Cookie Connection Keep-Alive Content-Encoding gzip Vary User-Agent Content-Length 63668 X-XSS-Protection 1; mode=block Last-Modified Wed, 19 Feb 2020 10:36:28 GMT Server zws X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=16070400; includeSubDomains Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin domain Cache-Control private Expires Thu, 18 Feb 2021 10:36:28 GMT
GET H/1.1	200 OK	sub.min.css bireysel.ziraatbank.com.tr/	344 KB 60 KB	396ms 79ms	Stylesheet text/css	194.24.224.11 FINTEK-AS
General Check archive.org Show headers Download Go to Full URL https://bireysel.ziraatbank.com.tr/sub.min.css?v=8brv9euGblT9sc2jpmZOjaAwF-SL4hH1YBXNzxVgYPQ1 Requested by Host: mail.ziraatmobilnetbankacilik.com URL: http://mail.ziraatmobilnetbankacilik.com/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 194.24.224.11 , Turkey, ASN31471 (FINTEK-AS, TR), Reverse DNS Software zws / Resource Hash 91ea659154730a9b8166936080fed6c675294117075e9cef967ede83d6d0e60c Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://mail.ziraatmobilnetbankacilik.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Pragma no-cache Date Wed, 19 Feb 2020 10:45:15 GMT Content-Encoding gzip X-Content-Type-Options nosniff Server zws X-Frame-Options SAMEORIGIN Content-Type text/css; charset=utf-8 Access-Control-Allow-Origin domain Cteonnt-Length 352008 Cache-Control no-cache Transfer-Encoding chunked Strict-Transport-Security max-age=16070400; includeSubDomains X-XSS-Protection 1; mode=block Expires -1
GET H/1.1	200 OK	jquery.js Show response bireysel.ziraatbank.com.tr/	313 KB 112 KB	391ms 75ms	Script text/javascript	194.24.224.11 FINTEK-AS
General Check archive.org Show headers Download Go to Full URL https://bireysel.ziraatbank.com.tr/jquery.js?v=klFRmE9kI4_JXBZiravNytTioJCyo02lcvvaiRkSsEg1 Requested by Host: mail.ziraatmobilnetbankacilik.com URL: http://mail.ziraatmobilnetbankacilik.com/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 194.24.224.11 , Turkey, ASN31471 (FINTEK-AS, TR), Reverse DNS Software zws / Resource Hash be30d09ed15189746a1b1cd6144dae4a60d7ce05beb6f25e7422610922bff734 Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://mail.ziraatmobilnetbankacilik.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Wed, 19 Feb 2020 10:41:14 GMT Via ZB X-Content-Type-Options nosniff Age 243 Xet-Cookie Connection Keep-Alive Content-Encoding gzip Vary User-Agent Content-Length 114441 X-XSS-Protection 1; mode=block Cteonnt-Length 321004 Last-Modified Wed, 19 Feb 2020 10:41:14 GMT Server zws X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=16070400; includeSubDomains Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin domain Cache-Control private Expires Thu, 18 Feb 2021 10:41:14 GMT
GET H2	200	Ziraat_Bankas%C4%B1_logo.png upload.wikimedia.org/wikipedia/commons/6/69/	30 KB 30 KB	49ms 13ms	Image image/png	2620:0:862:ed1a::2:b WIKIMEDIA
General Check archive.org Show headers Download Go to Show image Full URL https://upload.wikimedia.org/wikipedia/commons/6/69/Ziraat_Bankas%C4%B1_logo.png Requested by Host: mail.ziraatmobilnetbankacilik.com URL: http://mail.ziraatmobilnetbankacilik.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305 Server 2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US), Reverse DNS Software ATS/8.0.5 / Resource Hash c4b2e19f3b2bbb9be867d97cd6d1f2777a0d4189b0916c7b48f66641fcc7db1a Security Headers Name Value Strict-Transport-Security max-age=106384710; includeSubDomains; preload Request headers Referer http://mail.ziraatmobilnetbankacilik.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Tue, 18 Feb 2020 15:14:15 GMT content-type image/png x-trans-id tx35594faa3db147058aa1c-005e4bff47 age 70261 x-cache-status hit-front x-cache cp3057 hit, cp3059 hit/89 status 200 server-timing cache;desc="hit-front" content-length 30217 x-client-ip 2a01:4f8:192:5414::2 x-object-meta-sha1base36 3pjd0aa4y473ne1gwfhf5dh1dqbfn1c last-modified Sat, 05 Oct 2013 18:31:36 GMT server ATS/8.0.5 etag 1e8cd9964801375f77a80cf198fe3c6c strict-transport-security max-age=106384710; includeSubDomains; preload x-varnish 790910978 535462531 access-control-allow-origin * x-timestamp 1380997895.01793 x-ats-timestamp 1582056792 accept-ranges bytes timing-allow-origin * access-control-expose-headers Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache, X-Varnish
GET H2	200	JVNj8n.png i.hizliresim.com/	79 KB 80 KB	57ms 22ms	Image image/png	2606:4700:3038::681f:8b9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://i.hizliresim.com/JVNj8n.png Requested by Host: mail.ziraatmobilnetbankacilik.com URL: http://mail.ziraatmobilnetbankacilik.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3038::681f:8b9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7c423a06f809fc76252d38f60dc84401b1270c23555b233c778c5e6ad11e528f Request headers Referer http://mail.ziraatmobilnetbankacilik.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 10:45:15 GMT cf-cache-status HIT age 19189 status 200 x-amz-request-id 91FA9895CE7FE921 x-amz-id-2 +Wo2iHJYxMhwi+O+QHXTa54evLATMB5RRkxoqiOs6HkIwVhkw6ngE9IHjV1Ry60FQVqO/y/pJYNB last-modified Fri, 13 Sep 2019 11:05:51 GMT server cloudflare etag W/"3e8bd768ae14d63027b7de5dc2e274f0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=604800 cf-ray 5677a6751d94d6bd-FRA expires Wed, 26 Feb 2020 05:25:26 GMT
GET H/1.1	200 OK	login-bg.jpg bireysel.ziraatbank.com.tr/Content/assets/img/	104 KB 105 KB	78ms 78ms	Image image/jpeg	194.24.224.11 FINTEK-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bireysel.ziraatbank.com.tr/Content/assets/img/login-bg.jpg?v=20181004 Requested by Host: mail.ziraatmobilnetbankacilik.com URL: http://mail.ziraatmobilnetbankacilik.com/ Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 194.24.224.11 , Turkey, ASN31471 (FINTEK-AS, TR), Reverse DNS Software zws / Resource Hash b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82 Security Headers Name Value Strict-Transport-Security max-age=16070400; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://bireysel.ziraatbank.com.tr/sub.min.css?v=8brv9euGblT9sc2jpmZOjaAwF-SL4hH1YBXNzxVgYPQ1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Wed, 19 Feb 2020 10:44:50 GMT Via ZB X-Content-Type-Options nosniff Age 26 Connection Keep-Alive Content-Length 106717 X-XSS-Protection 1; mode=block Last-Modified Wed, 23 Jan 2019 12:19:13 GMT Server zws Cache-Control max-age=604800 ETag "bf413da15b3d41:0" X-OPNET-Transaction-Trace a2_a57094b3-819b-4b55-acca-6522626d686e-4872-615611 X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=16070400; includeSubDomains Content-Type image/jpeg Access-Control-Allow-Origin domain Xet-Cookie Accept-Ranges bytes
GET		BB78E1BCF28E9E4CC.woff2 bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/	0 0
GET		D40DF048D299CA4DD.woff2 bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/	0 0
GET		BB78E1BCF28E9E4CC.woff bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/	0 0
GET		D40DF048D299CA4DD.woff bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

bireysel.ziraatbank.com.tr

URL

https://bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff2

Domain

bireysel.ziraatbank.com.tr

URL

https://bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff2

Domain

bireysel.ziraatbank.com.tr

URL

https://bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff

Domain

bireysel.ziraatbank.com.tr

URL

https://bireysel.ziraatbank.com.tr/Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ziraat Bank (Banking)

225 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| getInternetExplorerVersion function| ForceEqualHeightOnColumns function| GetWhichCode function| isAlphaNumericForPin function| arrangePagerRow function| FcsToCtrl function| showElement function| hideElement function| imageControl function| onFTimeOutClick function| IsValidDate function| IsValidISODate function| dummyLoading function| dummyHideLoading function| appendSpinnerCircles function| getSpinnerHtml function| GetValidationMsg function| CheckAlphaNumericCurrentPinEntry function| CheckDescription function| GetDropDownData function| FilterDropDown function| clearDropDown function| IsInvalidChar function| CheckGivenText function| GetCharacterCode function| IsValidCharacterCode function| getStepContainerData function| isCheckedBox function| hideClass function| showClass function| hideSelector function| showSelector function| alertMSG function| infoMSG function| removeAlertModalDefaults function| successMSG function| hideAlertMSG function| confirmMSG function| confirmMSGWithCallBack function| showConfirm function| hideConfirm function| isCheckedRadioBox function| changeAmountBoxCurrency function| GetSelectedRadioAttributeValue function| GetSelectedRadio function| TcknCheckDigit function| GetDatePickerDate function| GetDatePickerDateYMD function| GetAmount function| GetCustomAmount function| textBoxValue function| textBoxHaveValue function| keyToUpperCase function| toNonTRCharsWithUpperCase function| removeTurkishChars function| toTRUpperCase function| openLightBoxWithUrl function| isValidPhone function| isValidSMSNumber function| isValidPhoneNumber function| exportContent function| exportContentNoDimension function| openExportPage function| printPage function| printPageNoDimension function| printReceipt function| isValidEmail function| convertToUpperCase function| setHasFormChanges function| checkChanges function| GetGridViewSelectedItem function| GetGridViewSelectedItemAttr function| GetCustomerNoFromAccount function| isAlphanumeric function| isNumber function| isString function| isNum function| isDescription function| getCode function| CheckAlphaNumericNewPinEntry function| hasConsecutiveCharacter function| getAllMatches function| maskPanel function| maskElement function| unmaskPanel function| unmaskElement function| VknCheckDigit function| IsFutureDate function| thisBlur function| isValidIBANValue function| isValidIBAN function| isEmpty function| isWhitespace function| checkCharsFromList function| checkControlDigits function| prepareToCalcControlDigits function| convertToNumber function| mod97 function| IsAlphaNumeric function| IsNumeric function| CheckDynamicRegex function| SetDatePickerDate function| navigateTo function| navigateToPage function| RemoveCheckedBox function| DashedCheckboxClicked function| FilterBoxListGridOrg function| FilterBoxListGrid function| GetFormData function| checkPassword function| ResolveIban function| IsZiraatBankIban function| OzIsValidIban function| customGridViewSelect function| isValidIBANTR function| isMsIE function| onInputFocus function| onInputBlur function| fCountDown function| StartLoggOff function| onYesClicked function| onNoClicked function| resetCounter function| CheckForZiraatInvestmentLoginStatus function| CheckForZiraatInvestmentLoginStatusCallBack function| changeAmountBoxAmount function| changeAmount function| ControlVersion function| GetSwfVer function| DetectFlashVer function| AC_AddExtension function| AC_Generateobj function| AC_FL_RunContent function| AC_GetArgs function| disableFlash function| enableFlash function| javaScriptFlicker function| flashFlicker function| showFlicker function| showFlickerTable function| toggleFlickerVisibility function| getFlickerWidth function| resizeFlicker function| resizeFlickerWH function| loadFlickerCookie function| showFlickerActions function| flickerOpenHelper function| flickerSpeedFaster function| flickerSpeedSlower function| calculateMsFromClockSpeed function| showFlickerBackground function| getFlickerCookieValue function| setFlickerCookieValue function| str_repeat function| sprintf function| luhnCalc function| xorCalc function| getASCIIHexFormatForSecOPTICCharacterSet function| getASCIIHexFormatForZKACharacterSet function| normalizeNonASCIIElements function| containsNonDigits function| getLS function| getLbdex function| getHalfByteDezValue function| getXorDataSecOPTIC function| secOPTICFlicker function| getXorDataV14Stuzza function| stuzzaHHD14Flicker function| getXorDataV14 function| hhd14Flicker function| getXorDataV101 function| hhd101Flicker function| AsyncPost function| FrameOutUrl function| TrySettingScrollPosition function| TryShowIframe function| CheckNewTab function| SetNewTabID object| Browser object| ieBrowser object| touchBrowser boolean| isMobile boolean| isMobileRecourse boolean| is_chrome boolean| is_firefox object| validMessageList object| bindedClickFunctions function| delayThis string| whitespaceall string| whitespace string| letters string| digits function| FilterBoxListGridDbn object| selectedCheckBoxes boolean| fTimeoutShowedOnce object| regexHasRepeatedCharacter object| regexHasLetter object| regexHasDigit object| regexBirthDay object| regexBirthDayYear number| birthDayMinYear string| characterAlphabet object| characterAlphabetValues boolean| isIE boolean| isWin boolean| isOpera number| requiredMajorVersion number| requiredMinorVersion number| requiredRevision boolean| globalFlickerPath undefined| globalFlickerCode undefined| globalClockSpeed boolean| globalHasFlash boolean| globalFlashDisabled object| globalTimerSettings function| $ function| jQuery function| dragula function| _ function| moment function| Cookies function| CloseAlertMsg object| VeriBranch

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bireysel.ziraatbank.com.tr
i.hizliresim.com
mail.ziraatmobilnetbankacilik.com
upload.wikimedia.org
bireysel.ziraatbank.com.tr
194.24.224.11
23.254.231.212
2606:4700:3038::681f:8b9
2620:0:862:ed1a::2:b
24cc27ac470b95e9aef2d3005e953f834990ade17909f6f0c44436ead2b3f4a8
7c423a06f809fc76252d38f60dc84401b1270c23555b233c778c5e6ad11e528f
91ea659154730a9b8166936080fed6c675294117075e9cef967ede83d6d0e60c
b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82
be30d09ed15189746a1b1cd6144dae4a60d7ce05beb6f25e7422610922bff734
c4b2e19f3b2bbb9be867d97cd6d1f2777a0d4189b0916c7b48f66641fcc7db1a
e3bf343713911357c3c457a1d429cbc18ef9a1af8af4a4d947916b506affa2b4