urlscan.io logo urlscan.io
SecurityTrails logo

algigrup.com.tr Open in urlscan Pro
2606:4700:30::6818:710c  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://craksiakmmed.visionsprings.com/
Effective URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZ...
Submission: On January 14 via manual from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 2606:4700:30::6818:710c, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is algigrup.com.tr.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 26th 2019. Valid for: a year.
This is the only time algigrup.com.tr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canadian Government (Government)

Domain & IP information

IP Address AS Autonomous System
1 1 184.168.131.241 26496 (AS-26496-...)
15 2606:4700:30:... 13335 (CLOUDFLAR...)
1 185.225.208.133 13213 (UK2NET-AS)
1 67.202.94.93 32748 (STEADFAST)
17 4
Apex Domain
Subdomains		 Transfer
15 algigrup.com.tr
algigrup.com.tr
144 KB
1 amung.us
whos.amung.us
145 B
1 waust.at
waust.at
7 KB
1 visionsprings.com
craksiakmmed.visionsprings.com
231 B
17 4
Domain Requested by
15 algigrup.com.tr algigrup.com.tr
1 whos.amung.us waust.at
1 waust.at algigrup.com.tr
1 craksiakmmed.visionsprings.com 1 redirects
17 4

This site contains links to these domains. Also see Links.

Domain
whos.amung.us
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-10-26 -
2020-10-09		 a year crt.sh
whos.amung.us
GeoTrust EV RSA CA 2018		 2018-03-09 -
2020-05-25		 2 years crt.sh

This page contains 3 frames:

Primary Page: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Frame ID: E57273A63F9685AE5BE9EADEFC59FA0F
Requests: 16 HTTP requests in this frame

Frame: https://algigrup.com.tr/cra_ca_service/door/sig-blk-en.svg
Frame ID: 2CE48DB8CF74F74EB12E24921D7206C9
Requests: 1 HTTP requests in this frame

Frame: https://algigrup.com.tr/cra_ca_service/door/wmms-blk.svg
Frame ID: 7B57B8CD4405B90FB74D992CDC517F2B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://craksiakmmed.visionsprings.com/ HTTP 301
    https://algigrup.com.tr/cra_ca_service/ Page URL
  2. https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

17
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

152 kB
Transfer

706 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://craksiakmmed.visionsprings.com/ HTTP 301
    https://algigrup.com.tr/cra_ca_service/ Page URL
  2. https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://craksiakmmed.visionsprings.com/ HTTP 301
  • https://algigrup.com.tr/cra_ca_service/

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
algigrup.com.tr/cra_ca_service/
Redirect Chain
  • http://craksiakmmed.visionsprings.com/
  • https://algigrup.com.tr/cra_ca_service/
165 B
571 B 		Document
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2bc29d6d5970bd183e25da46325b7c4b4c75920b48e7bc9aa8b079adf95270a7

Request headers

:method
GET
:authority
algigrup.com.tr
:scheme
https
:path
/cra_ca_service/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
200
date
Tue, 14 Jan 2020 00:52:45 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d6c6c7518e867f080b1e8a0586569cb4c1578963165; expires=Thu, 13-Feb-20 00:52:45 GMT; path=/; domain=.algigrup.com.tr; HttpOnly; SameSite=Lax PHPSESSID=ldla5s8k36mg96224b90uk1fr2; path=/
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
554ba10588ae63a1-FRA
content-encoding
br

Redirect headers

Server
nginx/1.12.2
Date
Tue, 14 Jan 2020 00:52:44 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
close
Location
https://algigrup.com.tr/cra_ca_service/
Primary Request start.php
algigrup.com.tr/cra_ca_service/ 		28 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e7e4349f4d4536476f1845aef7e4a192b8ae02e0f59b062a1dc7692c13b33c1

Request headers

:method
GET
:authority
algigrup.com.tr
:scheme
https
:path
/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
sec-fetch-mode
navigate
referer
https://algigrup.com.tr/cra_ca_service/
accept-encoding
gzip, deflate, br
cookie
__cfduid=d6c6c7518e867f080b1e8a0586569cb4c1578963165; PHPSESSID=ldla5s8k36mg96224b90uk1fr2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://algigrup.com.tr/cra_ca_service/

Response headers

status
200
date
Tue, 14 Jan 2020 00:52:45 GMT
content-type
text/html; charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
554ba1081a8563a1-FRA
content-encoding
br
theme.css
algigrup.com.tr/cra_ca_service/door/ 		290 KB
54 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/theme.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9adc9d233ab5f39618b6fa8ff5b5a99aff51fbbe0cc4558e8f5024b15cc1281

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 12:54:40 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba109fbed63a1-FRA
theme_002.css
algigrup.com.tr/cra_ca_service/door/ 		28 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/theme_002.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
41fbb280ed197740a1c526e9619c00510e2b32dcbba016261890c9052d3243de

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 12:54:42 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba109fbf463a1-FRA
font-awesome.css
algigrup.com.tr/cra_ca_service/door/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/font-awesome.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
409431c6d45382c6f353dc8d2dbeff98b90e88c1c728f263e7299d68a55dda53

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 12:53:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba109fbf563a1-FRA
jquery.css
algigrup.com.tr/cra_ca_service/door/ 		2 KB
437 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/jquery.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cc052d474ce6ee267dd164a839814615a04865b2706d1bc1cb73160c55c549f

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 12:36:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba109fbf663a1-FRA
theme-jb.css
algigrup.com.tr/cra_ca_service/door/ 		96 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/theme-jb.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
840787fa147628e52a9ee2f640e98efdf524beb19bdf532f2d9fed83e494a00b

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 14:38:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba109fbf763a1-FRA
typeahead.css
algigrup.com.tr/cra_ca_service/door/ 		2 KB
569 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/typeahead.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
087280e8c5432abfa73e746559de4572d34263fefac3484f125d09386cb836a7

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 12:36:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba109fbf863a1-FRA
project-jb-style.css
algigrup.com.tr/cra_ca_service/door/ 		118 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/project-jb-style.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea367de6df1889913977d3895f8144334678dd679f9d641b67fc82585a97336b

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 12:53:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba109fbf963a1-FRA
project-style.css
algigrup.com.tr/cra_ca_service/door/ 		42 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/project-style.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
59cbf75521f37224126ca5245658398f41f4edb1d1c4abdd08274e9acfefd937

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 12:52:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba109fbfa63a1-FRA
email-decode.min.js
algigrup.com.tr/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
845 B 		Script
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
gzip
last-modified
Wed, 08 Jan 2020 13:55:30 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5e15df52-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=172800, public
cf-ray
554ba10a3c2263a1-FRA
expires
Thu, 16 Jan 2020 00:52:45 GMT
d.js
waust.at/ 		13 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://waust.at/d.js
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.225.208.133 , Germany, ASN13213 (UK2NET-AS, GB),
Reverse DNS
Software
/
Resource Hash
9aef19b23a01bd96033bc1f1acb3da5e38dc54bcc4aa1972919c7b2b2a71e4aa

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:45 GMT
content-encoding
gzip
last-modified
Mon, 13 Jan 2020 17:01:24 GMT
access-control-allow-origin
*
etag
W/"5e1ca264-32b0"
content-type
application/x-javascript
status
200
cache-control
max-age=86400, private
expires
Wed, 15 Jan 2020 00:52:45 GMT
css.css
algigrup.com.tr/cra_ca_service/door/ 		15 KB
979 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/css.css
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
792c90a99278257ce02b561b401f489f2bd5acf0147ded12115b92cc1fba2154

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 00:52:46 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 13:19:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=1800
cf-ray
554ba10b9d0763a1-FRA
glyphicons-halflings-regular.woff
algigrup.com.tr/cra_ca_service/door/semi/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/semi/glyphicons-halflings-regular.woff
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://algigrup.com.tr/cra_ca_service/door/theme.css
Origin
https://algigrup.com.tr

Response headers

date
Tue, 14 Jan 2020 00:52:46 GMT
cf-cache-status
REVALIDATED
last-modified
Thu, 26 Jul 2018 12:10:50 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
x-font/woff
status
200
cache-control
max-age=1800
accept-ranges
bytes
cf-ray
554ba10d5e4663a1-FRA
content-length
23320
sig-blk-en.svg
algigrup.com.tr/cra_ca_service/door/ Frame 2CE4 		10 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/sig-blk-en.svg
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b493143147246fc0d7a9f377c2526560329e923b8be0bb4c9ac3e408adcfb06f

Request headers

:method
GET
:authority
algigrup.com.tr
:scheme
https
:path
/cra_ca_service/door/sig-blk-en.svg
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
sec-fetch-mode
no-cors
referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
accept-encoding
gzip, deflate, br
cookie
__cfduid=d6c6c7518e867f080b1e8a0586569cb4c1578963165; PHPSESSID=ldla5s8k36mg96224b90uk1fr2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ

Response headers

status
200
date
Tue, 14 Jan 2020 00:52:46 GMT
content-type
image/svg+xml
last-modified
Thu, 26 Jul 2018 12:36:54 GMT
vary
Accept-Encoding
cache-control
max-age=1800
cf-cache-status
REVALIDATED
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
554ba10d8e6963a1-FRA
content-encoding
br
wmms-blk.svg
algigrup.com.tr/cra_ca_service/door/ Frame 7B57 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://algigrup.com.tr/cra_ca_service/door/wmms-blk.svg
Requested by
Host: algigrup.com.tr
URL: https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::6818:710c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3f871276a81f087b28dcadca177edf7511d7fdd6c8287c51030c4ac454296ab

Request headers

:method
GET
:authority
algigrup.com.tr
:scheme
https
:path
/cra_ca_service/door/wmms-blk.svg
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
sec-fetch-mode
no-cors
referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
accept-encoding
gzip, deflate, br
cookie
__cfduid=d6c6c7518e867f080b1e8a0586569cb4c1578963165; PHPSESSID=ldla5s8k36mg96224b90uk1fr2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ

Response headers

status
200
date
Tue, 14 Jan 2020 00:52:46 GMT
content-type
image/svg+xml
last-modified
Thu, 26 Jul 2018 12:36:56 GMT
vary
Accept-Encoding
cache-control
max-age=1800
cf-cache-status
REVALIDATED
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
554ba10d8e6b63a1-FRA
content-encoding
br
/
whos.amung.us/pingjs/ 		29 B
145 B 		Script
General
Check archive.org
Download Go to
Full URL
https://whos.amung.us/pingjs/?k=u1yub7c0a9&t=Step%201%3A%20Start%20your%20claim%20-%20Canadian%20Revenue%20Agency&c=d&y=https%3A%2F%2Falgigrup.com.tr%2Fcra_ca_service%2F&a=0&r=3710
Requested by
Host: waust.at
URL: https://waust.at/d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.94.93 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
amung.us
Software
/
Resource Hash
397cbe03b4a8d0002c0cb7711fed5edb9db24a85a6492bfac82ccfba8a3879fa

Request headers

Referer
https://algigrup.com.tr/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=rkmwjfKQMhCTiZFghqZeSwySlIZKsAkkkWgUCqkPYniHMonueMZ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
200
date
Tue, 14 Jan 2020 00:52:46 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canadian Government (Government)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x2

2 Cookies

Domain/Path Name / Value
algigrup.com.tr/ Name: PHPSESSID
Value: ldla5s8k36mg96224b90uk1fr2
.algigrup.com.tr/ Name: __cfduid
Value: d6c6c7518e867f080b1e8a0586569cb4c1578963165