shdanismanlik.com.tr Open in urlscan Pro
185.95.0.197 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://secureo9b.verlfy-online.brainbox.top/
Effective URL:
https://shdanismanlik.com.tr/web/app/web/sign.php?contact=
Submission: On November 30 via automatic, source certstream-suspicious (November 30th 2021, 5:01:12 pm UTC) — Scanned from DE

Summary HTTP 1 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 1 HTTP transactions. The main IP is 185.95.0.197, located in Turkey and belongs to DEDICATEDTELECOM, TR. The main domain is shdanismanlik.com.tr.
TLS certificate: Issued by R3 on November 8th 2021. Valid for: 3 months.

This is the only time shdanismanlik.com.tr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	109.248.147.134 109.248.147.134	52048 (DATACLUB) (DATACLUB)
3 4	185.95.0.197 185.95.0.197	201520 (DEDICATED...) (DEDICATEDTELECOM)
1	2

1 109.248.147.134 (Riga, Latvia) 1 redirects

ASN52048 (DATACLUB, BZ)

secureo9b.verlfy-online.brainbox.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.95.0.197 (Turkey) 3 redirects

ASN201520 (DEDICATEDTELECOM, TR)
PTR: webhosting-linux2.sunucu.com.tr

shdanismanlik.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	shdanismanlik.com.tr 3 redirects shdanismanlik.com.tr	395 KB
1	brainbox.top 1 redirects secureo9b.verlfy-online.brainbox.top	511 B
1	2

	Domain	Requested by
4	shdanismanlik.com.tr	3 redirects
1	secureo9b.verlfy-online.brainbox.top	1 redirects
1	2

This site contains links to these domains. Also see Links.

Domain
online.citi.com
www.citigroup.com
jobs.citi.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
www.citibank.com
www.citi.com

Subject Issuer	Validity	Valid
shdanismanlik.com.tr R3	`2021-11-08` - `2022-02-06`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://shdanismanlik.com.tr/web/app/web/sign.php?contact=
Frame ID: 3C42929946915B52F98E46DCD72486C6
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: 13CAB738ACC8B5D3CF6AA13BBEDFEF29
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Citi Online Verification

Page URL History Show full URLs

https://secureo9b.verlfy-online.brainbox.top/ HTTP 302
https://shdanismanlik.com.tr/web/app?ur= HTTP 301
https://shdanismanlik.com.tr/web/app/?ur= HTTP 302
https://shdanismanlik.com.tr/web/app/web/index.php?contact= HTTP 302
https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Page URL

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

395 kB
Transfer

581 kB
Size

2
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/
Title: Skip to Content

Search URL Search Domain Scan URL

URL: https://online.citi.com/

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://jobs.citi.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi Entertainment®

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citigold-private-client
Title: Citigold® Private Client

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business Accounts

Search URL Search Domain Scan URL

URL: https://www.citibank.com/commercialbank/en/index.html
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Personal Banking

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/helptopic
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/termsdisclaimer/termsdisclaimerhome
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=Privacy#notice-at-collection
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=international-personal-bank&l=en&locale=en_US
Title: International Personal Bank U.S.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://secureo9b.verlfy-online.brainbox.top/ HTTP 302
https://shdanismanlik.com.tr/web/app?ur= HTTP 301
https://shdanismanlik.com.tr/web/app/?ur= HTTP 302
https://shdanismanlik.com.tr/web/app/web/index.php?contact= HTTP 302
https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
11 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request sign.php Show response shdanismanlik.com.tr/web/app/web/ Redirect Chain https://secureo9b.verlfy-online.brainbox.top/ https://shdanismanlik.com.tr/web/app?ur= https://shdanismanlik.com.tr/web/app/?ur= https://shdanismanlik.com.tr/web/app/web/index.php?contact= https://shdanismanlik.com.tr/web/app/web/sign.php?contact=	394 KB 395 KB	5567ms 5567ms	Document text/html	185.95.0.197 DEDICATEDTELECOM
General Check archive.org Show headers Download Go to Full URL https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.95.0.197 , Turkey, ASN201520 (DEDICATEDTELECOM, TR), Reverse DNS webhosting-linux2.sunucu.com.tr Software Apache / PleskLin Resource Hash `2c9a314daf1e4f4a3cd6ffe4c162ad7d72aa21d196c274f59523b3c92f6ba8c0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Tue, 30 Nov 2021 17:01:01 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache X-Powered-By PleskLin Keep-Alive timeout=5, max=97 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Tue, 30 Nov 2021 17:00:55 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Location sign.php?contact= X-Powered-By PleskLin Keep-Alive timeout=5, max=98 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	37 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	70 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash Request headers Referer Origin https://shdanismanlik.com.tr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	36 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	44 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	445 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	27 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 13CA	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			secureo9b.verlfy-online.brainbox.top/	1969-12-31 23:59:59	Name: PHPSESSID Value: e1cege4ne72jp9ds6jv7m36123
			shdanismanlik.com.tr/	1969-12-31 23:59:59	Name: PHPSESSID Value: t144bsb89n3l7c448hm1s47gqc

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Message: Failed to decode downloaded font: data:text/html;base64,PGh0bWw+Cgo8aGVhZD4KPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIiAvPgo8bWV0YSBjaGFyc2V0PSJ1dGYtOCIgLz4KPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCI+Cjx0aXRsZT5DaXRpYmFuayBPbmxpbmU8L3RpdGxlPgo8IS0tIDxsaW5rIHR5cGU9InRleHQvY3NzIiBocmVmPSJkZGwubWluLmNzcyIgcmVsPSJzdHlsZXNoZWV0Ij4tLT4KPGxpbmsgdHlwZT0idGV4dC9jc3MiCglocmVmPSIvQ0JPTC9jb21tb24vdWkvZGRsL3RoZW1lL2xhdGVzdC9kZGwubWluLmNzcyIgcmVsPSJzdHlsZXNoZWV0Ij4KPGxpbmsgaHJlZj0iL0pQUy9wb3J0YWwvY3NzL...5pc2giKS5oaWRlKCk7CiAgICAgICAgfQogICAgfSkKICAgICQoIi5jbG9zZWJ0biIpLm9uKCd0b3VjaHN0YXJ0IGNsaWNrJyxmdW5jdGlvbigpewogICAgCQkkKCIubW9iaWxlUXVpY2tMaW5rc1NlY3Rpb24iKS5oaWRlKCk7CiAgICAJCSQoIi5oZWxwTGluayIpLnNob3coKTsKICAgIAkJJCgiLmNsb3NlYnRuIikuaGlkZSgpOwogICAgCX0pOwogICAgJCgiLmhlbHBMaW5rIikub24oJ3RvdWNoc3RhcnQgY2xpY2snLGZ1bmN0aW9uKCl7CiAgICAJCSQoIi5oZWxwTGluayIpLmhpZGUoKTsKICAgIAkJJCgiLmNsb3NlYnRuIikuc2hvdygpOwogICAgCQkkKCIubW9iaWxlUXVpY2tMaW5rc1NlY3Rpb24iKS5zaG93KCk7CiAgIAogICAgfSk7Cgo8L3NjcmlwdD4KCjwvaHRtbD4=
other	warning	URL: https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Message: OTS parsing error: invalid sfntVersion: 1013478509
other	warning	URL: https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Message: Failed to decode downloaded font: data:text/html;base64,PGh0bWw+Cgo8aGVhZD4KPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIiAvPgo8bWV0YSBjaGFyc2V0PSJ1dGYtOCIgLz4KPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCI+Cjx0aXRsZT5DaXRpYmFuayBPbmxpbmU8L3RpdGxlPgo8IS0tIDxsaW5rIHR5cGU9InRleHQvY3NzIiBocmVmPSJkZGwubWluLmNzcyIgcmVsPSJzdHlsZXNoZWV0Ij4tLT4KPGxpbmsgdHlwZT0idGV4dC9jc3MiCglocmVmPSIvQ0JPTC9jb21tb24vdWkvZGRsL3RoZW1lL2xhdGVzdC9kZGwubWluLmNzcyIgcmVsPSJzdHlsZXNoZWV0Ij4KPGxpbmsgaHJlZj0iL0pQUy9wb3J0YWwvY3NzL...5pc2giKS5oaWRlKCk7CiAgICAgICAgfQogICAgfSkKICAgICQoIi5jbG9zZWJ0biIpLm9uKCd0b3VjaHN0YXJ0IGNsaWNrJyxmdW5jdGlvbigpewogICAgCQkkKCIubW9iaWxlUXVpY2tMaW5rc1NlY3Rpb24iKS5oaWRlKCk7CiAgICAJCSQoIi5oZWxwTGluayIpLnNob3coKTsKICAgIAkJJCgiLmNsb3NlYnRuIikuaGlkZSgpOwogICAgCX0pOwogICAgJCgiLmhlbHBMaW5rIikub24oJ3RvdWNoc3RhcnQgY2xpY2snLGZ1bmN0aW9uKCl7CiAgICAJCSQoIi5oZWxwTGluayIpLmhpZGUoKTsKICAgIAkJJCgiLmNsb3NlYnRuIikuc2hvdygpOwogICAgCQkkKCIubW9iaWxlUXVpY2tMaW5rc1NlY3Rpb24iKS5zaG93KCk7CiAgIAogICAgfSk7Cgo8L3NjcmlwdD4KCjwvaHRtbD4=
other	warning	URL: https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Message: OTS parsing error: invalid sfntVersion: 1013478509
other	warning	URL: https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Message: Failed to decode downloaded font: data:text/html;base64,PGh0bWw+Cgo8aGVhZD4KPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIiAvPgo8bWV0YSBjaGFyc2V0PSJ1dGYtOCIgLz4KPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCI+Cjx0aXRsZT5DaXRpYmFuayBPbmxpbmU8L3RpdGxlPgo8IS0tIDxsaW5rIHR5cGU9InRleHQvY3NzIiBocmVmPSJkZGwubWluLmNzcyIgcmVsPSJzdHlsZXNoZWV0Ij4tLT4KPGxpbmsgdHlwZT0idGV4dC9jc3MiCglocmVmPSIvQ0JPTC9jb21tb24vdWkvZGRsL3RoZW1lL2xhdGVzdC9kZGwubWluLmNzcyIgcmVsPSJzdHlsZXNoZWV0Ij4KPGxpbmsgaHJlZj0iL0pQUy9wb3J0YWwvY3NzL...5pc2giKS5oaWRlKCk7CiAgICAgICAgfQogICAgfSkKICAgICQoIi5jbG9zZWJ0biIpLm9uKCd0b3VjaHN0YXJ0IGNsaWNrJyxmdW5jdGlvbigpewogICAgCQkkKCIubW9iaWxlUXVpY2tMaW5rc1NlY3Rpb24iKS5oaWRlKCk7CiAgICAJCSQoIi5oZWxwTGluayIpLnNob3coKTsKICAgIAkJJCgiLmNsb3NlYnRuIikuaGlkZSgpOwogICAgCX0pOwogICAgJCgiLmhlbHBMaW5rIikub24oJ3RvdWNoc3RhcnQgY2xpY2snLGZ1bmN0aW9uKCl7CiAgICAJCSQoIi5oZWxwTGluayIpLmhpZGUoKTsKICAgIAkJJCgiLmNsb3NlYnRuIikuc2hvdygpOwogICAgCQkkKCIubW9iaWxlUXVpY2tMaW5rc1NlY3Rpb24iKS5zaG93KCk7CiAgIAogICAgfSk7Cgo8L3NjcmlwdD4KCjwvaHRtbD4=
other	warning	URL: https://shdanismanlik.com.tr/web/app/web/sign.php?contact= Message: OTS parsing error: invalid sfntVersion: 1013478509

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secureo9b.verlfy-online.brainbox.top
shdanismanlik.com.tr
109.248.147.134
185.95.0.197
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
2c9a314daf1e4f4a3cd6ffe4c162ad7d72aa21d196c274f59523b3c92f6ba8c0
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

shdanismanlik.com.tr Open in urlscan Pro 185.95.0.197 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

395 kBTransfer

581 kBSize

2 Cookies

29 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

2 Cookies

6 Console Messages

Indicators

shdanismanlik.com.tr Open in urlscan Pro
185.95.0.197 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

395 kB
Transfer

581 kB
Size

2
Cookies

1 HTTP transactions
11 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!