qbfinasmasserati.cloud Open in urlscan Pro
81.161.238.86 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://qbfinasmasserati.cloud/
Effective URL:
https://qbfinasmasserati.cloud/
Submission: On November 01 via api (November 1st 2024, 5:33:15 am UTC) from QA — Scanned from NL

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 16 HTTP transactions. The main IP is 81.161.238.86, located in Amsterdam, Netherlands and belongs to NYBULA, US. The main domain is qbfinasmasserati.cloud.
TLS certificate: Issued by R11 on October 31st 2024. Valid for: 3 months.

This is the only time qbfinasmasserati.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Finansbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
9	81.161.238.86 81.161.238.86	401116 (NYBULA) (NYBULA)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
3 6	62.108.64.94 62.108.64.94	8831 (FINANSBAN...) (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad.)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
16	4

9 81.161.238.86 (Amsterdam, Netherlands)

ASN401116 (NYBULA, US)

qbfinasmasserati.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 62.108.64.94 (Istanbul, Turkey) 3 redirects

ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR)

internetsubesi.qnbfinansbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
internetsubesi.qnb.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	qbfinasmasserati.cloud qbfinasmasserati.cloud	75 KB
3	qnb.com.tr internetsubesi.qnb.com.tr	20 KB
3	qnbfinansbank.com 3 redirects internetsubesi.qnbfinansbank.com	747 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	75 KB
16	5

	Domain	Requested by
9	qbfinasmasserati.cloud	qbfinasmasserati.cloud
3	internetsubesi.qnb.com.tr	qbfinasmasserati.cloud
3	internetsubesi.qnbfinansbank.com	3 redirects
2	www.facebook.com	qbfinasmasserati.cloud
2	connect.facebook.net	qbfinasmasserati.cloud connect.facebook.net
16	5

This site contains no links.

Subject Issuer	Validity	Valid
qbfinasmasserati.cloud R11	`2024-10-31` - `2025-01-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-10` - `2024-11-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://qbfinasmasserati.cloud/
Frame ID: 09F47B1E31F48AC68E7008422C26C94E
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

QNB Finansbank

Page URL History Show full URLs

http://qbfinasmasserati.cloud/ HTTP 307
https://qbfinasmasserati.cloud/ Page URL

Detected technologies

Alpine.js (JavaScript frameworks) Expand

Overall confidence: 75%
Detected patterns

<[^>]+[^\w-]x-data[^\w-][^<]+

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

16
Requests

81 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

174 kB
Transfer

463 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://qbfinasmasserati.cloud/ HTTP 307
https://qbfinasmasserati.cloud/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://internetsubesi.qnbfinansbank.com/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717 HTTP 301
https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717

Request Chain 7

https://internetsubesi.qnbfinansbank.com/Content/Images/arrow.png?uid=-1097359843 HTTP 301
https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843

Request Chain 8

https://internetsubesi.qnbfinansbank.com/Content/Images/footer-bg.jpg?uid=-1097359859 HTTP 301
https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
qbfinasmasserati.cloud/
Redirect Chain

http://qbfinasmasserati.cloud/
https://qbfinasmasserati.cloud/

12 KB
4 KB

175ms
92ms

Document
text/html

81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to

Full URL: https://qbfinasmasserati.cloud/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PHP/8.3.13 PleskLin
Resource Hash: 43889196986883de2433217a54a3bb946027228a641c5a2453bd5cec7232dc10

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 4092
content-type: text/html; charset=UTF-8
date: Fri, 01 Nov 2024 05:33:10 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.3.13 PleskLin

Redirect headers

Location: https://qbfinasmasserati.cloud/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 app.css
qbfinasmasserati.cloud/dist/ 27 KB
5 KB 139ms
133ms Stylesheet
text/css 81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to

Full URL: https://qbfinasmasserati.cloud/dist/app.css
Requested by: Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 20d9ea589226c7ae817f5bb0ac00f6d9c5a3c862bbfdf81978080f90de0d61c4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

content-encoding: br
date: Fri, 01 Nov 2024 05:33:10 GMT
etag: W/"66e0d60e-6bbe"
content-type: text/css
last-modified: Tue, 10 Sep 2024 23:28:14 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 qr_disabled.png
qbfinasmasserati.cloud/dist/ 39 KB
39 KB 80ms
73ms Image
image/png 81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qbfinasmasserati.cloud/dist/qr_disabled.png
Requested by: Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 323524115e60df7e7e094de9388e553bf8f7e87c8ef934d50ad1b99841c735e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

etag: "66e0d60e-9bb2"
accept-ranges: bytes
content-length: 39858
date: Fri, 01 Nov 2024 05:33:10 GMT
content-type: image/png
last-modified: Tue, 10 Sep 2024 23:28:14 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 captcha-refresh.jpg
qbfinasmasserati.cloud/dist/ 5 KB
6 KB 136ms
129ms Image
image/jpeg 81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qbfinasmasserati.cloud/dist/captcha-refresh.jpg
Requested by: Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 6722e1471c13f7e3365469775fe0a6c39b1df6a5b4f6dff08b4f113ab545a163

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

etag: "66e0d60e-15b7"
accept-ranges: bytes
content-length: 5559
date: Fri, 01 Nov 2024 05:33:10 GMT
content-type: image/jpeg
last-modified: Tue, 10 Sep 2024 23:28:14 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 siteSealImage.png
qbfinasmasserati.cloud/dist/ 4 KB
4 KB 79ms
43ms Image
image/png 81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qbfinasmasserati.cloud/dist/siteSealImage.png
Requested by: Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 875d526ba0fe340d3643353968c5d19bfad603af7b35d25f74c15e47704e7610

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

etag: "66e0d60e-ff7"
accept-ranges: bytes
content-length: 4087
date: Fri, 01 Nov 2024 05:33:10 GMT
content-type: image/png
last-modified: Tue, 10 Sep 2024 23:28:14 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 cdn.min.js Show response
qbfinasmasserati.cloud/dist/ 44 KB
15 KB 103ms
52ms Script
text/javascript 81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to

Full URL: https://qbfinasmasserati.cloud/dist/cdn.min.js
Requested by: Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 358d9afbb1ab5befa2f48061a30776e5bcd7707f410a606ba985f98bc3b1c034

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

content-encoding: br
date: Fri, 01 Nov 2024 05:33:10 GMT
etag: W/"66e0d60e-ae73"
content-type: text/javascript
last-modified: Tue, 10 Sep 2024 23:28:14 GMT
server: nginx
x-powered-by: PleskLin

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 113ms
36ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

b1b27d92de22d509ebd21de47d14975728928e881bd6c9d1695cc5d38f2942bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-0QYzWxTt' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 05:33:10 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-0QYzWxTt' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=28, rtx=0, c=23, mss=1232, tbw=4454, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: agIBLsioFKaTcfXH7ihf2xAa8XvzBBGbIwyPB2NNJA5zqV1a6aupq16E2BTS5u3r/NB4hbTxuXasT0A0LbHv2A==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62068
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H/1.1

200
OK

kusakli_web.png
internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/
Redirect Chain

https://internetsubesi.qnbfinansbank.com/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717
https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717

12 KB
13 KB

238ms
86ms

Image
image/png

62.108.64.94
FINANSBANK Inkila...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717

Requested by

Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/dist/app.css

Protocol

HTTP/1.1

Server

62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR),

Reverse DNS

Software

Resource Hash

20f8ed2bf854270b68617662902cf145554cd87ba4ff29d800879978bbb2d92a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com .googletagmanager.com .google-analytics.com .googleapis.com .facebook.net .yandex.ru .twitter.com .ads-twitter.com .googleadservices.com .qnbfinansbank.com .finansbank.com.tr https://.turkiye.gov.tr https://.qnbfi.com .doubleclick.net .google.com https://tagmanager.google.com *.qnb.com.tr
Strict-Transport-Security	max-age=3600
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

Strict-Transport-Security: max-age=3600
Content-Security-Policy: frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Cache-Control: max-age=31536000,public
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Eirxpes: Sat, 01 Nov 2025 05:33:11 GMT
Access-Control-Allow-Origin: *
Cheac-Control: public
X-UA-Compatible: IE=11; IE=10; IE=9; IE=8; IE=7
X-XSS-Protection: 1; mode=block
Date: Fri, 01 Nov 2024 05:33:10 GMT
Content-Type: image/png
content-length: 11980

Redirect headers

Location: https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717

GET
H/1.1

200
OK

arrow.png
internetsubesi.qnb.com.tr/Content/Images/
Redirect Chain

https://internetsubesi.qnbfinansbank.com/Content/Images/arrow.png?uid=-1097359843
https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843

1 KB
2 KB

369ms
78ms

Image
image/png

62.108.64.94
FINANSBANK Inkila...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843

Requested by

Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/dist/app.css

Protocol

HTTP/1.1

Server

62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR),

Reverse DNS

Software

Resource Hash

e6d74b1fa656995627ce5e8b0839a62b0ffd54b8de7be4f2e40eae2c92b968c8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com .googletagmanager.com .google-analytics.com .googleapis.com .facebook.net .yandex.ru .twitter.com .ads-twitter.com .googleadservices.com .qnbfinansbank.com .finansbank.com.tr https://.turkiye.gov.tr https://.qnbfi.com .doubleclick.net .google.com https://tagmanager.google.com *.qnb.com.tr
Strict-Transport-Security	max-age=3600
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

Strict-Transport-Security: max-age=3600
Content-Security-Policy: frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Cache-Control: max-age=31536000,public
Connection: Keep-Alive
Via: NS-CACHE-10.0: 80
Expires: Sat, 01 Nov 2025 05:20:12 GMT
Access-Control-Allow-Origin: *
Content-Length: 1095
X-UA-Compatible: IE=11; IE=10; IE=9; IE=8; IE=7
Date: Fri, 01 Nov 2024 05:20:12 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png

Redirect headers

Location: https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843

GET
H/1.1

200
OK

footer-bg.jpg
internetsubesi.qnb.com.tr/Content/Images/
Redirect Chain

https://internetsubesi.qnbfinansbank.com/Content/Images/footer-bg.jpg?uid=-1097359859
https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859

5 KB
6 KB

374ms
81ms

Image
image/jpeg

62.108.64.94
FINANSBANK Inkila...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859

Requested by

Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/dist/app.css

Protocol

HTTP/1.1

Server

62.108.64.94 Istanbul, Turkey, ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR),

Reverse DNS

Software

Resource Hash

2d3d0ffc095f087278741a02ec1348d656e1647d3ca54960d30022adfb0e9154

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com .googletagmanager.com .google-analytics.com .googleapis.com .facebook.net .yandex.ru .twitter.com .ads-twitter.com .googleadservices.com .qnbfinansbank.com .finansbank.com.tr https://.turkiye.gov.tr https://.qnbfi.com .doubleclick.net .google.com https://tagmanager.google.com *.qnb.com.tr
Strict-Transport-Security	max-age=3600
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

Strict-Transport-Security: max-age=3600
Content-Security-Policy: frame-ancestors https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.yandex.ru *.twitter.com *.ads-twitter.com *.googleadservices.com *.qnbfinansbank.com *.finansbank.com.tr https://*.turkiye.gov.tr https://*.qnbfi.com *.doubleclick.net *.google.com https://tagmanager.google.com *.qnb.com.tr
Cache-Control: max-age=31536000,public
Connection: Keep-Alive
Via: NS-CACHE-10.0: 80
Expires: Sat, 01 Nov 2025 05:27:57 GMT
Access-Control-Allow-Origin: *
Content-Length: 4762
X-UA-Compatible: IE=11; IE=10; IE=9; IE=8; IE=7
Date: Fri, 01 Nov 2024 05:27:57 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/jpeg

Redirect headers

Location: https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859

POST
H2 200 visitor.php
qbfinasmasserati.cloud/ 0
0 54ms
51ms Fetch
text/html 81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to

Full URL: https://qbfinasmasserati.cloud/visitor.php
Requested by: Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PHP/8.3.13, PleskLin
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://qbfinasmasserati.cloud/

Response headers

content-length: 0
date: Fri, 01 Nov 2024 05:33:11 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.13, PleskLin
server: nginx

GET
H3 200 2321930754822951 Show response
connect.facebook.net/signals/config/ 75 KB
15 KB 112ms
111ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2321930754822951?v=2.9.175&r=stable&domain=qbfinasmasserati.cloud&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

fa28a03d11f1be0eaddd3cf1bc0a51675a4765172ef2e4b51e6168f1e205a3ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-Yq5pVew4' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 05:33:11 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-Yq5pVew4' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=24, rtx=0, c=77, mss=1232, tbw=70865, tp=68, tpl=0, uplat=50, ullat=0
pragma: public
x-fb-debug: GZTVCM+tLFfyQP/OOL1GTudznKgmbI/AefiwHKbpAS1Orq2s9uL6o2gvJc9+9icum0/VOsqrY8sbdHHA78Cp8Q==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 88ms
32ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2321930754822951&ev=PageView&dl=https%3A%2F%2Fqbfinasmasserati.cloud%2F&rl=&if=false&ts=1730439191209&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=12318&fbp=fb.1.1730439191200.652996198317328797&cs_est=true&ler=empty&cdl=API_unavailable&it=1730439191050&coo=false&rqm=GET

Requested by

Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=10, mss=1297, tbw=2910, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 01 Nov 2024 05:33:11 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 288ms
232ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=2321930754822951&ev=PageView&dl=https%3A%2F%2Fqbfinasmasserati.cloud%2F&rl=&if=false&ts=1730439191209&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=12318&fbp=fb.1.1730439191200.652996198317328797&cs_est=true&ler=empty&cdl=API_unavailable&it=1730439191050&coo=false&rqm=FGET

Requested by

Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src 'report-sample' .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7432179734309164281"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 05:33:11 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: IQkSLwOSnMS8BQ9Op1N7r2eIKP17NMIVwAbhtxNnqXdKhfW3Eb/ME5AVxLDKLTHvs5dbH9h5BT1o92J4i1UsRA==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7432179734309164281", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=24, rtx=0, c=10, mss=1297, tbw=3228, tp=-1, tpl=-1, uplat=152, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 favicon.ico
qbfinasmasserati.cloud/ 1 KB
2 KB 45ms
45ms Other
image/vnd.microsoft.icon 81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to

Full URL: https://qbfinasmasserati.cloud/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 4bfe49d3b1df3bae612101031651e1ee81c7e1b0b3bbe7da526e8e9765661173

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://qbfinasmasserati.cloud/

Response headers

etag: "66e0af06-57e"
accept-ranges: bytes
content-length: 1406
date: Fri, 01 Nov 2024 05:33:11 GMT
content-type: image/vnd.microsoft.icon
last-modified: Tue, 10 Sep 2024 20:41:42 GMT
server: nginx
x-powered-by: PleskLin

POST
H2 200 visitor.php
qbfinasmasserati.cloud/ 0
0 36ms
35ms Fetch
text/html 81.161.238.86
NYBULA

General

Check archive.org

Show headers Download Go to

Full URL: https://qbfinasmasserati.cloud/visitor.php
Requested by: Host: qbfinasmasserati.cloud
URL: https://qbfinasmasserati.cloud/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.161.238.86 Amsterdam, Netherlands, ASN401116 (NYBULA, US),
Reverse DNS
Software: nginx / PHP/8.3.13, PleskLin
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://qbfinasmasserati.cloud/

Response headers

content-length: 0
date: Fri, 01 Nov 2024 05:33:14 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.13, PleskLin
server: nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Finansbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| fbq function| _fbq object| Alpine

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			qbfinasmasserati.cloud/	1969-12-31 23:59:59	Name: PHPSESSID Value: u6t90vauit8fciqv28hgpapmab
			.qbfinasmasserati.cloud/	1970-01-21 02:50:15	Name: _fbp Value: fb.1.1730439191200.652996198317328797

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
internetsubesi.qnb.com.tr
internetsubesi.qnbfinansbank.com
qbfinasmasserati.cloud
www.facebook.com
157.240.0.6
2a03:2880:f177:185:face:b00c:0:25de
62.108.64.94
81.161.238.86
20d9ea589226c7ae817f5bb0ac00f6d9c5a3c862bbfdf81978080f90de0d61c4
20f8ed2bf854270b68617662902cf145554cd87ba4ff29d800879978bbb2d92a
2d3d0ffc095f087278741a02ec1348d656e1647d3ca54960d30022adfb0e9154
323524115e60df7e7e094de9388e553bf8f7e87c8ef934d50ad1b99841c735e6
358d9afbb1ab5befa2f48061a30776e5bcd7707f410a606ba985f98bc3b1c034
43889196986883de2433217a54a3bb946027228a641c5a2453bd5cec7232dc10
4bfe49d3b1df3bae612101031651e1ee81c7e1b0b3bbe7da526e8e9765661173
6722e1471c13f7e3365469775fe0a6c39b1df6a5b4f6dff08b4f113ab545a163
875d526ba0fe340d3643353968c5d19bfad603af7b35d25f74c15e47704e7610
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b1b27d92de22d509ebd21de47d14975728928e881bd6c9d1695cc5d38f2942bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d74b1fa656995627ce5e8b0839a62b0ffd54b8de7be4f2e40eae2c92b968c8
fa28a03d11f1be0eaddd3cf1bc0a51675a4765172ef2e4b51e6168f1e205a3ab

qbfinasmasserati.cloud Open in urlscan Pro 81.161.238.86 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

81 %HTTPS

25 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

174 kBTransfer

463 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

Indicators

qbfinasmasserati.cloud Open in urlscan Pro
81.161.238.86 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

81 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

174 kB
Transfer

463 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!