qbfinasmasserati.cloud Open in urlscan Pro
81.161.238.86  Malicious Activity! Public Scan

Submitted URL: http://qbfinasmasserati.cloud/
Effective URL: https://qbfinasmasserati.cloud/
Submission: On November 01 via api from QA — Scanned from NL

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 16 HTTP transactions. The main IP is 81.161.238.86, located in Amsterdam, Netherlands and belongs to NYBULA, US. The main domain is qbfinasmasserati.cloud.
TLS certificate: Issued by R11 on October 31st 2024. Valid for: 3 months.
This is the only time qbfinasmasserati.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Finansbank (Banking)

Domain & IP information

IP Address AS Autonomous System
9 81.161.238.86 401116 (NYBULA)
2 157.240.0.6 32934 (FACEBOOK)
3 6 62.108.64.94 8831 (FINANSBAN...)
2 2a03:2880:f17... 32934 (FACEBOOK)
16 4
Apex Domain
Subdomains
Transfer
9 qbfinasmasserati.cloud
qbfinasmasserati.cloud
75 KB
3 qnb.com.tr
internetsubesi.qnb.com.tr
20 KB
3 qnbfinansbank.com
internetsubesi.qnbfinansbank.com
747 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
3 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
75 KB
16 5
Domain Requested by
9 qbfinasmasserati.cloud qbfinasmasserati.cloud
3 internetsubesi.qnb.com.tr qbfinasmasserati.cloud
3 internetsubesi.qnbfinansbank.com 3 redirects
2 www.facebook.com qbfinasmasserati.cloud
2 connect.facebook.net qbfinasmasserati.cloud
connect.facebook.net
16 5

This site contains no links.

Subject Issuer Validity Valid
qbfinasmasserati.cloud
R11
2024-10-31 -
2025-01-29
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-08-10 -
2024-11-08
3 months crt.sh

This page contains 1 frames:

Primary Page: https://qbfinasmasserati.cloud/
Frame ID: 09F47B1E31F48AC68E7008422C26C94E
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

QNB Finansbank

Page URL History Show full URLs

  1. http://qbfinasmasserati.cloud/ HTTP 307
    https://qbfinasmasserati.cloud/ Page URL

Detected technologies

Overall confidence: 75%
Detected patterns
  • <[^>]+[^\w-]x-data[^\w-][^<]+

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

16
Requests

81 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

174 kB
Transfer

463 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://qbfinasmasserati.cloud/ HTTP 307
    https://qbfinasmasserati.cloud/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://internetsubesi.qnbfinansbank.com/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717 HTTP 301
  • https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717
Request Chain 7
  • https://internetsubesi.qnbfinansbank.com/Content/Images/arrow.png?uid=-1097359843 HTTP 301
  • https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843
Request Chain 8
  • https://internetsubesi.qnbfinansbank.com/Content/Images/footer-bg.jpg?uid=-1097359859 HTTP 301
  • https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
qbfinasmasserati.cloud/
Redirect Chain
  • http://qbfinasmasserati.cloud/
  • https://qbfinasmasserati.cloud/
12 KB
4 KB
Document
General
Full URL
https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PHP/8.3.13 PleskLin
Resource Hash
43889196986883de2433217a54a3bb946027228a641c5a2453bd5cec7232dc10

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
4092
content-type
text/html; charset=UTF-8
date
Fri, 01 Nov 2024 05:33:10 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.3.13 PleskLin

Redirect headers

Location
https://qbfinasmasserati.cloud/
Non-Authoritative-Reason
HttpsUpgrades
app.css
qbfinasmasserati.cloud/dist/
27 KB
5 KB
Stylesheet
General
Full URL
https://qbfinasmasserati.cloud/dist/app.css
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
20d9ea589226c7ae817f5bb0ac00f6d9c5a3c862bbfdf81978080f90de0d61c4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

content-encoding
br
date
Fri, 01 Nov 2024 05:33:10 GMT
etag
W/"66e0d60e-6bbe"
content-type
text/css
last-modified
Tue, 10 Sep 2024 23:28:14 GMT
server
nginx
x-powered-by
PleskLin
qr_disabled.png
qbfinasmasserati.cloud/dist/
39 KB
39 KB
Image
General
Full URL
https://qbfinasmasserati.cloud/dist/qr_disabled.png
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
323524115e60df7e7e094de9388e553bf8f7e87c8ef934d50ad1b99841c735e6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

etag
"66e0d60e-9bb2"
accept-ranges
bytes
content-length
39858
date
Fri, 01 Nov 2024 05:33:10 GMT
content-type
image/png
last-modified
Tue, 10 Sep 2024 23:28:14 GMT
server
nginx
x-powered-by
PleskLin
captcha-refresh.jpg
qbfinasmasserati.cloud/dist/
5 KB
6 KB
Image
General
Full URL
https://qbfinasmasserati.cloud/dist/captcha-refresh.jpg
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
6722e1471c13f7e3365469775fe0a6c39b1df6a5b4f6dff08b4f113ab545a163

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

etag
"66e0d60e-15b7"
accept-ranges
bytes
content-length
5559
date
Fri, 01 Nov 2024 05:33:10 GMT
content-type
image/jpeg
last-modified
Tue, 10 Sep 2024 23:28:14 GMT
server
nginx
x-powered-by
PleskLin
siteSealImage.png
qbfinasmasserati.cloud/dist/
4 KB
4 KB
Image
General
Full URL
https://qbfinasmasserati.cloud/dist/siteSealImage.png
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
875d526ba0fe340d3643353968c5d19bfad603af7b35d25f74c15e47704e7610

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

etag
"66e0d60e-ff7"
accept-ranges
bytes
content-length
4087
date
Fri, 01 Nov 2024 05:33:10 GMT
content-type
image/png
last-modified
Tue, 10 Sep 2024 23:28:14 GMT
server
nginx
x-powered-by
PleskLin
cdn.min.js
qbfinasmasserati.cloud/dist/
44 KB
15 KB
Script
General
Full URL
https://qbfinasmasserati.cloud/dist/cdn.min.js
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
358d9afbb1ab5befa2f48061a30776e5bcd7707f410a606ba985f98bc3b1c034

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

content-encoding
br
date
Fri, 01 Nov 2024 05:33:10 GMT
etag
W/"66e0d60e-ae73"
content-type
text/javascript
last-modified
Tue, 10 Sep 2024 23:28:14 GMT
server
nginx
x-powered-by
PleskLin
fbevents.js
connect.facebook.net/en_US/
239 KB
61 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
b1b27d92de22d509ebd21de47d14975728928e881bd6c9d1695cc5d38f2942bd
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-0QYzWxTt' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 05:33:10 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-0QYzWxTt' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=23, mss=1232, tbw=4454, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
agIBLsioFKaTcfXH7ihf2xAa8XvzBBGbIwyPB2NNJA5zqV1a6aupq16E2BTS5u3r/NB4hbTxuXasT0A0LbHv2A==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62068
x-xss-protection
0
origin-agent-cluster
?1
kusakli_web.png
internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/
Redirect Chain
  • https://internetsubesi.qnbfinansbank.com/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717
  • https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717
12 KB
13 KB
Image
General
Full URL
https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/dist/app.css
Protocol
HTTP/1.1
Server
62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR),
Reverse DNS
Software
/
Resource Hash
20f8ed2bf854270b68617662902cf145554cd87ba4ff29d800879978bbb2d92a
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Strict-Transport-Security max-age=3600
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

Strict-Transport-Security
max-age=3600
Content-Security-Policy
frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Cache-Control
max-age=31536000,public
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Eirxpes
Sat, 01 Nov 2025 05:33:11 GMT
Access-Control-Allow-Origin
*
Cheac-Control
public
X-UA-Compatible
IE=11; IE=10; IE=9; IE=8; IE=7
X-XSS-Protection
1; mode=block
Date
Fri, 01 Nov 2024 05:33:10 GMT
Content-Type
image/png
content-length
11980

Redirect headers

Location
https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717
arrow.png
internetsubesi.qnb.com.tr/Content/Images/
Redirect Chain
  • https://internetsubesi.qnbfinansbank.com/Content/Images/arrow.png?uid=-1097359843
  • https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843
1 KB
2 KB
Image
General
Full URL
https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/dist/app.css
Protocol
HTTP/1.1
Server
62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR),
Reverse DNS
Software
/
Resource Hash
e6d74b1fa656995627ce5e8b0839a62b0ffd54b8de7be4f2e40eae2c92b968c8
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Strict-Transport-Security max-age=3600
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

Strict-Transport-Security
max-age=3600
Content-Security-Policy
frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Cache-Control
max-age=31536000,public
Connection
Keep-Alive
Via
NS-CACHE-10.0: 80
Expires
Sat, 01 Nov 2025 05:20:12 GMT
Access-Control-Allow-Origin
*
Content-Length
1095
X-UA-Compatible
IE=11; IE=10; IE=9; IE=8; IE=7
Date
Fri, 01 Nov 2024 05:20:12 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png

Redirect headers

Location
https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843
footer-bg.jpg
internetsubesi.qnb.com.tr/Content/Images/
Redirect Chain
  • https://internetsubesi.qnbfinansbank.com/Content/Images/footer-bg.jpg?uid=-1097359859
  • https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859
5 KB
6 KB
Image
General
Full URL
https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/dist/app.css
Protocol
HTTP/1.1
Server
62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR),
Reverse DNS
Software
/
Resource Hash
2d3d0ffc095f087278741a02ec1348d656e1647d3ca54960d30022adfb0e9154
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Strict-Transport-Security max-age=3600
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

Strict-Transport-Security
max-age=3600
Content-Security-Policy
frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Cache-Control
max-age=31536000,public
Connection
Keep-Alive
Via
NS-CACHE-10.0: 80
Expires
Sat, 01 Nov 2025 05:27:57 GMT
Access-Control-Allow-Origin
*
Content-Length
4762
X-UA-Compatible
IE=11; IE=10; IE=9; IE=8; IE=7
Date
Fri, 01 Nov 2024 05:27:57 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/jpeg

Redirect headers

Location
https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859
visitor.php
qbfinasmasserati.cloud/
0
0
Fetch
General
Full URL
https://qbfinasmasserati.cloud/visitor.php
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PHP/8.3.13, PleskLin
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://qbfinasmasserati.cloud/

Response headers

content-length
0
date
Fri, 01 Nov 2024 05:33:11 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/8.3.13, PleskLin
server
nginx
2321930754822951
connect.facebook.net/signals/config/
75 KB
15 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/2321930754822951?v=2.9.175&r=stable&domain=qbfinasmasserati.cloud&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
fa28a03d11f1be0eaddd3cf1bc0a51675a4765172ef2e4b51e6168f1e205a3ab
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-Yq5pVew4' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 05:33:11 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-Yq5pVew4' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=24, rtx=0, c=77, mss=1232, tbw=70865, tp=68, tpl=0, uplat=50, ullat=0
pragma
public
x-fb-debug
GZTVCM+tLFfyQP/OOL1GTudznKgmbI/AefiwHKbpAS1Orq2s9uL6o2gvJc9+9icum0/VOsqrY8sbdHHA78Cp8Q==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=2321930754822951&ev=PageView&dl=https%3A%2F%2Fqbfinasmasserati.cloud%2F&rl=&if=false&ts=1730439191209&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=12318&fbp=fb.1.1730439191200.652996198317328797&cs_est=true&ler=empty&cdl=API_unavailable&it=1730439191050&coo=false&rqm=GET
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=10, mss=1297, tbw=2910, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Fri, 01 Nov 2024 05:33:11 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=2321930754822951&ev=PageView&dl=https%3A%2F%2Fqbfinasmasserati.cloud%2F&rl=&if=false&ts=1730439191209&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=12318&fbp=fb.1.1730439191200.652996198317328797&cs_est=true&ler=empty&cdl=API_unavailable&it=1730439191050&coo=false&rqm=FGET
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7432179734309164281"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 05:33:11 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
IQkSLwOSnMS8BQ9Op1N7r2eIKP17NMIVwAbhtxNnqXdKhfW3Eb/ME5AVxLDKLTHvs5dbH9h5BT1o92J4i1UsRA==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7432179734309164281", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=24, rtx=0, c=10, mss=1297, tbw=3228, tp=-1, tpl=-1, uplat=152, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
favicon.ico
qbfinasmasserati.cloud/
1 KB
2 KB
Other
General
Full URL
https://qbfinasmasserati.cloud/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
4bfe49d3b1df3bae612101031651e1ee81c7e1b0b3bbe7da526e8e9765661173

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://qbfinasmasserati.cloud/

Response headers

etag
"66e0af06-57e"
accept-ranges
bytes
content-length
1406
date
Fri, 01 Nov 2024 05:33:11 GMT
content-type
image/vnd.microsoft.icon
last-modified
Tue, 10 Sep 2024 20:41:42 GMT
server
nginx
x-powered-by
PleskLin
visitor.php
qbfinasmasserati.cloud/
0
0
Fetch
General
Full URL
https://qbfinasmasserati.cloud/visitor.php
Requested by
Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software
nginx / PHP/8.3.13, PleskLin
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://qbfinasmasserati.cloud/

Response headers

content-length
0
date
Fri, 01 Nov 2024 05:33:14 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/8.3.13, PleskLin
server
nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Finansbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| fbq function| _fbq object| Alpine

2 Cookies

Domain/Path Name / Value
qbfinasmasserati.cloud/ Name: PHPSESSID
Value: u6t90vauit8fciqv28hgpapmab
.qbfinasmasserati.cloud/ Name: _fbp
Value: fb.1.1730439191200.652996198317328797