qbfinasmasserati.cloud
Open in
urlscan Pro
81.161.238.86
Malicious Activity!
Public Scan
Effective URL: https://qbfinasmasserati.cloud/
Submission: On November 01 via api from QA — Scanned from NL
Summary
TLS certificate: Issued by R11 on October 31st 2024. Valid for: 3 months.
This is the only time qbfinasmasserati.cloud was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Finansbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 81.161.238.86 81.161.238.86 | 401116 (NYBULA) (NYBULA) | |
2 | 157.240.0.6 157.240.0.6 | 32934 (FACEBOOK) (FACEBOOK) | |
3 6 | 62.108.64.94 62.108.64.94 | 8831 (FINANSBAN...) (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad.) | |
2 | 2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
16 | 4 |
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net
connect.facebook.net |
ASN8831 (FINANSBANK Inkilap Mahallesi Dr. Fazil Kucuk Cad., TR)
internetsubesi.qnbfinansbank.com | |
internetsubesi.qnb.com.tr |
ASN32934 (FACEBOOK, US)
www.facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
qbfinasmasserati.cloud
qbfinasmasserati.cloud |
75 KB |
3 |
qnb.com.tr
internetsubesi.qnb.com.tr |
20 KB |
3 |
qnbfinansbank.com
3 redirects
internetsubesi.qnbfinansbank.com |
747 B |
2 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 113 |
3 KB |
2 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180 |
75 KB |
16 | 5 |
Domain | Requested by | |
---|---|---|
9 | qbfinasmasserati.cloud |
qbfinasmasserati.cloud
|
3 | internetsubesi.qnb.com.tr |
qbfinasmasserati.cloud
|
3 | internetsubesi.qnbfinansbank.com | 3 redirects |
2 | www.facebook.com |
qbfinasmasserati.cloud
|
2 | connect.facebook.net |
qbfinasmasserati.cloud
connect.facebook.net |
16 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
qbfinasmasserati.cloud R11 |
2024-10-31 - 2025-01-29 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2024-08-10 - 2024-11-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://qbfinasmasserati.cloud/
Frame ID: 09F47B1E31F48AC68E7008422C26C94E
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
QNB FinansbankPage URL History Show full URLs
-
http://qbfinasmasserati.cloud/
HTTP 307
https://qbfinasmasserati.cloud/ Page URL
Detected technologies
Alpine.js (JavaScript frameworks) ExpandDetected patterns
- <[^>]+[^\w-]x-data[^\w-][^<]+
Facebook (Widgets) Expand
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://qbfinasmasserati.cloud/
HTTP 307
https://qbfinasmasserati.cloud/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://internetsubesi.qnbfinansbank.com/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717 HTTP 301
- https://internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/kusakli_web.png?uid=703680717
- https://internetsubesi.qnbfinansbank.com/Content/Images/arrow.png?uid=-1097359843 HTTP 301
- https://internetsubesi.qnb.com.tr/Content/Images/arrow.png?uid=-1097359843
- https://internetsubesi.qnbfinansbank.com/Content/Images/footer-bg.jpg?uid=-1097359859 HTTP 301
- https://internetsubesi.qnb.com.tr/Content/Images/footer-bg.jpg?uid=-1097359859
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
qbfinasmasserati.cloud/ Redirect Chain
|
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
qbfinasmasserati.cloud/dist/ |
27 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qr_disabled.png
qbfinasmasserati.cloud/dist/ |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
captcha-refresh.jpg
qbfinasmasserati.cloud/dist/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
siteSealImage.png
qbfinasmasserati.cloud/dist/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdn.min.js
qbfinasmasserati.cloud/dist/ |
44 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fbevents.js
connect.facebook.net/en_US/ |
239 KB 61 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kusakli_web.png
internetsubesi.qnb.com.tr/Content/Images/ResponsiveLogin/ Redirect Chain
|
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow.png
internetsubesi.qnb.com.tr/Content/Images/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-bg.jpg
internetsubesi.qnb.com.tr/Content/Images/ Redirect Chain
|
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visitor.php
qbfinasmasserati.cloud/ |
0 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2321930754822951
connect.facebook.net/signals/config/ |
75 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
0 274 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ |
67 B 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
qbfinasmasserati.cloud/ |
1 KB 2 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visitor.php
qbfinasmasserati.cloud/ |
0 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Finansbank (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| fbq function| _fbq object| Alpine2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
qbfinasmasserati.cloud/ | Name: PHPSESSID Value: u6t90vauit8fciqv28hgpapmab |
|
.qbfinasmasserati.cloud/ | Name: _fbp Value: fb.1.1730439191200.652996198317328797 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.facebook.net
internetsubesi.qnb.com.tr
internetsubesi.qnbfinansbank.com
qbfinasmasserati.cloud
www.facebook.com
157.240.0.6
2a03:2880:f177:185:face:b00c:0:25de
62.108.64.94
81.161.238.86
20d9ea589226c7ae817f5bb0ac00f6d9c5a3c862bbfdf81978080f90de0d61c4
20f8ed2bf854270b68617662902cf145554cd87ba4ff29d800879978bbb2d92a
2d3d0ffc095f087278741a02ec1348d656e1647d3ca54960d30022adfb0e9154
323524115e60df7e7e094de9388e553bf8f7e87c8ef934d50ad1b99841c735e6
358d9afbb1ab5befa2f48061a30776e5bcd7707f410a606ba985f98bc3b1c034
43889196986883de2433217a54a3bb946027228a641c5a2453bd5cec7232dc10
4bfe49d3b1df3bae612101031651e1ee81c7e1b0b3bbe7da526e8e9765661173
6722e1471c13f7e3365469775fe0a6c39b1df6a5b4f6dff08b4f113ab545a163
875d526ba0fe340d3643353968c5d19bfad603af7b35d25f74c15e47704e7610
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b1b27d92de22d509ebd21de47d14975728928e881bd6c9d1695cc5d38f2942bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d74b1fa656995627ce5e8b0839a62b0ffd54b8de7be4f2e40eae2c92b968c8
fa28a03d11f1be0eaddd3cf1bc0a51675a4765172ef2e4b51e6168f1e205a3ab