iccpu.pro Open in urlscan Pro
2606:4700:3036::ac43:a69f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://iccpu.pro/home
Submission Tags: @phish_report
Submission: On November 12 via api (November 12th 2024, 6:04:50 pm UTC) from FI — Scanned from FI

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3036::ac43:a69f, located in United States and belongs to CLOUDFLARENET, US. The main domain is iccpu.pro.
TLS certificate: Issued by WE1 on October 9th 2024. Valid for: 3 months.

This is the only time iccpu.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ziraat Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3	2606:4700:303... 2606:4700:3036::ac43:a69f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
6	172.67.166.159 172.67.166.159	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
13	5

3 2606:4700:3036::ac43:a69f (United States)

ASN13335 (CLOUDFLARENET, US)

iccpu.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.166.159 (United States)

ASN13335 (CLOUDFLARENET, US)

iccpu.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	iccpu.pro iccpu.pro	164 KB
2	gstatic.com fonts.gstatic.com	31 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 791	30 KB
13	4

	Domain	Requested by
9	iccpu.pro	iccpu.pro code.jquery.com
2	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	iccpu.pro
1	code.jquery.com	iccpu.pro
13	4

This site contains no links.

Subject Issuer	Validity	Valid
iccpu.pro WE1	`2024-10-09` - `2025-01-07`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://iccpu.pro/home
Frame ID: 77A0C8F046F88DC3215765D383C8F000
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hoş Geldiniz | Ziraat Bankası İnternet Bankacılığı

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

226 kB
Transfer

284 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request home Show response
iccpu.pro/ 2 KB
2 KB 423ms
237ms Document
text/html 2606:4700:3036::ac43:a69f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iccpu.pro/home
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:a69f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.30
Resource Hash: 926e59e3217d0eb5276435a7ba596470b2699b2aa1a98e932d13515a1aa6a628

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8e187233fb440248-CDG
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Tue, 12 Nov 2024 18:04:43 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vw6G8VGoMetGl8UxHJtDMiVxtkgiVsb2PKOHyidOHsI2%2BvkIKVlzrey8nVef%2FHW2wJxC4nE0pk5ZTqmSIPx6Z21XFxSJdyfvAMcW4ctpuAFFDMYJUoSdU0mupcN3RbOUZ1ft%2FdQfv4U%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=76152&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3996&recv_bytes=2402&delivery_rate=53066&cwnd=149&unsent_bytes=0&cid=fdb5614dc75c6c89&ts=246&x=0"
x-powered-by: PHP/8.0.30

GET
H2 200 style.css
iccpu.pro/assets/css/ 2 KB
1 KB 243ms
240ms Stylesheet
text/css 2606:4700:3036::ac43:a69f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iccpu.pro/assets/css/style.css
Requested by: Host: iccpu.pro
URL: https://iccpu.pro/home
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:a69f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81d25d8b44a7fbc3dfe02cf120e99eff4d8989f313556d8e08983c4e4552d473

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://iccpu.pro/home

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"89f-626a3d25fe04f"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ECNP97vfSxPNaxcMlRIEWqaSApPV%2BTHW2WQYI02yjkY8ho4fZv%2BAzEoAimVikcYaV8fhjKzeiTEPSoaIo%2FoEObZQCS9IZ1fFjmTVYS8B0%2FNDNdfYMKMp%2BYs9VKW9AiRzPAb2nFolzzg%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e187235fe0a0248-CDG
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=76134&sent=13&recv=17&lost=0&retrans=0&sent_bytes=5814&recv_bytes=2684&delivery_rate=53077&cwnd=152&unsent_bytes=0&cid=fdb5614dc75c6c89&ts=574&x=0"
date: Tue, 12 Nov 2024 18:04:43 GMT
content-type: text/css
last-modified: Mon, 11 Nov 2024 14:21:51 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 208ms
132ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: iccpu.pro
URL: https://iccpu.pro/home
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://iccpu.pro/

Response headers

content-encoding: gzip
etag: W/"28feccc0-15d84"
age: 809359
x-cache: HIT, HIT
date: Tue, 12 Nov 2024 18:04:43 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-cache-hits: 64, 183242
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-served-by: cache-lga21981-LGA, cache-hel1410034-HEL
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1731434684.980744,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30879
server: nginx

GET
H2 200 logo.png
iccpu.pro/assets/img/ 43 KB
44 KB 381ms
380ms Image
image/png 2606:4700:3036::ac43:a69f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://iccpu.pro/assets/img/logo.png
Requested by: Host: iccpu.pro
URL: https://iccpu.pro/home
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:a69f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fcb6f36faa9c9aa31f91435c4d19cacca3816a35738416fbeed8da4820416ee7

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://iccpu.pro/home

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
etag: "ad85-626a3d260bb94"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dCIS6pZbs04qS4f6JInr%2BmgyokC9V3ggzq1FNSKwrlksSOigbbsZyd3z0ym%2FyXAGCnrEQ%2B9QnQfS%2BVduwJoJXOtCd4j1aCSyHb6FL0Om8DfFnK8qfZDMqIg9o%2FUfkbNHLPKFuySijGA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e187235fe0d0248-CDG
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=76198&sent=16&recv=20&lost=0&retrans=0&sent_bytes=7312&recv_bytes=2684&delivery_rate=53077&cwnd=153&unsent_bytes=0&cid=fdb5614dc75c6c89&ts=715&x=0"
content-length: 44421
date: Tue, 12 Nov 2024 18:04:44 GMT
content-type: image/png
last-modified: Mon, 11 Nov 2024 14:21:51 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
1 KB 207ms
71ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Host+Grotesk:ital,wght@0,300..800;1,300..800&family=Nunito:ital,wght@0,300;1,300&display=swap

Requested by

Host: iccpu.pro
URL: https://iccpu.pro/assets/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98c0ad4161c1feac5198bb5f8a9c444f591e1edb8590b86ed8b186fc4039812a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://iccpu.pro/

Response headers

strict-transport-security: max-age=31536000
cache-control: private, max-age=86400
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 18:04:44 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:04:44 GMT
x-xss-protection: 0
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server: ESF
x-frame-options: SAMEORIGIN

GET
H3 200 login-bg.jpg
iccpu.pro/assets/img/ 104 KB
105 KB 369ms
369ms Image
image/jpeg 172.67.166.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://iccpu.pro/assets/img/login-bg.jpg
Requested by: Host: iccpu.pro
URL: https://iccpu.pro/assets/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://iccpu.pro/assets/css/style.css

Response headers

cf-cache-status: MISS
etag: "1a0dd-626a3d261119f"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OkGCVxHCyu5S0xE1XcJSAUfD%2FRNKPjDsTjnZCW%2FCnrjh0otErPLrWuqCj8yNad1%2Fz9p3X6P8NUe6lydkKhyGa7luuP90%2FvF%2BimgcqCQ%2BiJqG1TjdAtsfAUAdT0A%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=68496&sent=15&recv=13&lost=0&retrans=0&sent_bytes=5039&recv_bytes=5059&delivery_rate=3016&cwnd=12000&unsent_bytes=0&cid=282a73b433dd6533&ts=762&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 12 Nov 2024 18:04:44 GMT
content-type: image/jpeg
last-modified: Mon, 11 Nov 2024 14:21:51 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e187238de9eb7af-AMS
accept-ranges: bytes
content-length: 106717
server: cloudflare

GET
H3 200 XRXI3I6Li01BKofiOc5wtlZ2di8HDOUhdTQ3j6zdXWg.woff2
fonts.gstatic.com/s/nunito/v26/ 16 KB
16 KB 139ms
64ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDOUhdTQ3j6zdXWg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Host+Grotesk:ital,wght@0,300..800;1,300..800&family=Nunito:ital,wght@0,300;1,300&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

e4907993a26d56e9734a7efccaff296bcc0daab9055bfbdfc89c18c03c77ebe8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin: https://iccpu.pro
Referer: https://fonts.googleapis.com/

Response headers

age: 527514
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:32:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:32:50 GMT
last-modified: Thu, 14 Sep 2023 00:02:27 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16136
x-xss-protection: 0
server: sffe

GET
H3 200 XRXI3I6Li01BKofiOc5wtlZ2di8HDOUhdTo3j6zdXWjIeg.woff2
fonts.gstatic.com/s/nunito/v26/ 15 KB
15 KB 161ms
87ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDOUhdTo3j6zdXWjIeg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Host+Grotesk:ital,wght@0,300..800;1,300..800&family=Nunito:ital,wght@0,300;1,300&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

c405226c9f194c615baf116c5b714e43ec9b77677ab5fc5a40b2e61c8d0d9974

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin: https://iccpu.pro
Referer: https://fonts.googleapis.com/

Response headers

age: 26062
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 12 Nov 2025 10:50:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 10:50:22 GMT
last-modified: Thu, 14 Sep 2023 00:33:07 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15144
x-xss-protection: 0
server: sffe

POST
H3 200 process Show response
iccpu.pro/ 0
739 B 217ms
216ms XHR
text/html 172.67.166.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iccpu.pro/process
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.5.1.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.30
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://iccpu.pro/home
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=33K6fuBtPkS0Zy3%2Ba1EjZgOBfRW06B6WZqZxp%2BAEM1r0KBoiYXZF1g5Gurbefdiv8pyk%2B9krNkHSuDvkaW4bzVxUaBXDOcD%2FfVJlHTF3nLz2RR7ZzgYSrjcty9M%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e187238eeb3b7af-AMS
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=68895&sent=14&recv=12&lost=0&retrans=0&sent_bytes=4277&recv_bytes=5015&delivery_rate=309&cwnd=12000&unsent_bytes=0&cid=282a73b433dd6533&ts=625&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 12 Nov 2024 18:04:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.30
server: cloudflare
priority: u=1,i

GET
H3 200 favicon.jpeg
iccpu.pro/assets/img/ 9 KB
9 KB 213ms
211ms Other
image/jpeg 172.67.166.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iccpu.pro/assets/img/favicon.jpeg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9868b4751e3dff326de85730a15c9eb0ea87239af7c9d3785e0545267ceec0f1

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://iccpu.pro/home

Response headers

cf-cache-status: MISS
etag: "2368-626a3d2605d99"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wi1klD4Ari4zLe2jKFx6Ggs08Pn5VSQDOJKVQR7poHSV4o4qIvv1E5wHdg4Fl9A59egILgFZyhsF8tQkCoO4v0F3JXLLFfLvawLmTB0NfMiXOVpk4m7yZe1HuIk%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=66494&sent=111&recv=60&lost=0&retrans=0&sent_bytes=114910&recv_bytes=7483&delivery_rate=538821&cwnd=60000&unsent_bytes=0&cid=282a73b433dd6533&ts=1183&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 12 Nov 2024 18:04:45 GMT
content-type: image/jpeg
last-modified: Mon, 11 Nov 2024 14:21:51 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e18723c6a92b7af-AMS
accept-ranges: bytes
content-length: 9064
server: cloudflare

POST
H3 200 process Show response
iccpu.pro/ 0
702 B 152ms
151ms XHR
text/html 172.67.166.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iccpu.pro/process
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.5.1.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.30
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://iccpu.pro/home
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iytTjTUJx6HaeMcGwuKMQjiRUos3mYaoEaKW2VCHUQTTtBRkF8mzC3R0tV2zFhZHHH1T5yzjdfsSCcw90boFn4bC%2B0L2D2VEzR4bTPeYYhGNevgQuuCuDrpGxlg%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e1872456b60b7af-AMS
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=66393&sent=121&recv=63&lost=0&retrans=0&sent_bytes=124858&recv_bytes=8037&delivery_rate=43899&cwnd=60000&unsent_bytes=0&cid=282a73b433dd6533&ts=2560&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 12 Nov 2024 18:04:46 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.30
server: cloudflare
priority: u=1,i

POST
H3 200 process Show response
iccpu.pro/ 0
701 B 147ms
145ms XHR
text/html 172.67.166.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iccpu.pro/process
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.5.1.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.30
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://iccpu.pro/home
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lx3VXwoVBajmYRs4PcjkLxHIyVmpIFRey03PldZKrzQ5ws5anVnPetro2rqn9PA7AwKOlRQ9daIHQOkNS50r7b1VEk%2BFJDPOer1YBH9G4Vn8ovIS64xmj2tndQw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e187251e92ab7af-AMS
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=66322&sent=124&recv=66&lost=0&retrans=0&sent_bytes=125632&recv_bytes=8591&delivery_rate=4378&cwnd=60000&unsent_bytes=0&cid=282a73b433dd6533&ts=4555&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 12 Nov 2024 18:04:48 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.30
server: cloudflare
priority: u=1,i

POST
H3 200 process Show response
iccpu.pro/ 0
703 B 148ms
146ms XHR
text/html 172.67.166.159
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iccpu.pro/process
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.5.1.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.30
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://iccpu.pro/home
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pTvwFxdfP2o6fKW7rvwbzBOMF92E9MZcBr2v7sl7vsnH9XMuEzytmb6hGIsJAUu7AgrHkVuI2TbwxvDFqlO9T4bJgUcxk93LaMqto%2FVvSCCJKYjsux%2BHw38bzao%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e18725e6dc3b7af-AMS
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=66255&sent=127&recv=69&lost=0&retrans=0&sent_bytes=126405&recv_bytes=9145&delivery_rate=4484&cwnd=60000&unsent_bytes=0&cid=282a73b433dd6533&ts=6556&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 12 Nov 2024 18:04:50 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.30
server: cloudflare
priority: u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ziraat Bank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| send

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			iccpu.pro/	1969-12-31 23:59:59	Name: PHPSESSID Value: r1eokqg91ck5unrqm1v6oqvg1r

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://iccpu.pro/home Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
iccpu.pro
142.250.185.99
172.67.166.159
2606:4700:3036::ac43:a69f
2a00:1450:4001:806::200a
2a04:4e42:200::649
81d25d8b44a7fbc3dfe02cf120e99eff4d8989f313556d8e08983c4e4552d473
926e59e3217d0eb5276435a7ba596470b2699b2aa1a98e932d13515a1aa6a628
9868b4751e3dff326de85730a15c9eb0ea87239af7c9d3785e0545267ceec0f1
98c0ad4161c1feac5198bb5f8a9c444f591e1edb8590b86ed8b186fc4039812a
b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82
c405226c9f194c615baf116c5b714e43ec9b77677ab5fc5a40b2e61c8d0d9974
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4907993a26d56e9734a7efccaff296bcc0daab9055bfbdfc89c18c03c77ebe8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fcb6f36faa9c9aa31f91435c4d19cacca3816a35738416fbeed8da4820416ee7

iccpu.pro Open in urlscan Pro 2606:4700:3036::ac43:a69f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

60 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

226 kBTransfer

284 kBSize

1 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

iccpu.pro Open in urlscan Pro
2606:4700:3036::ac43:a69f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

226 kB
Transfer

284 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!