secure-sahibindenparamguvende-com.tk
Open in
urlscan Pro
20.223.132.10
Malicious Activity!
Public Scan
Effective URL: https://secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/
Submission: On April 28 via api from GB — Scanned from GB
Summary
TLS certificate: Issued by R3 on April 27th 2022. Valid for: 3 months.
This is the only time secure-sahibindenparamguvende-com.tk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sahibinden (Classifieds)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 22 | 20.223.132.10 20.223.132.10 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
7 | 2a03:90c0:41:... 2a03:90c0:41:2801::254 | 199524 (GCORE) (GCORE) | |
1 | 2606:4700:20:... 2606:4700:20::681a:3da | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 178.154.209.182 178.154.209.182 | 200350 (YANDEXCLOUD) (YANDEXCLOUD) | |
29 | 5 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
secure-sahibindenparamguvende-com.tk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
secure-sahibindenparamguvende-com.tk
2 redirects
secure-sahibindenparamguvende-com.tk |
159 KB |
8 |
jivosite.com
code.jivosite.com — Cisco Umbrella Rank: 30719 node-ya13.jivosite.com — Cisco Umbrella Rank: 175869 |
355 KB |
1 |
hizliresim.com
i.hizliresim.com — Cisco Umbrella Rank: 135214 |
136 KB |
29 | 3 |
Domain | Requested by | |
---|---|---|
22 | secure-sahibindenparamguvende-com.tk |
2 redirects
secure-sahibindenparamguvende-com.tk
|
7 | code.jivosite.com |
secure-sahibindenparamguvende-com.tk
code.jivosite.com |
1 | node-ya13.jivosite.com |
code.jivosite.com
|
1 | i.hizliresim.com |
secure-sahibindenparamguvende-com.tk
|
29 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.sahibinden.com |
insankaynaklari.sahibinden.com |
yardim.sahibinden.com |
www.linkedin.com |
etbis.eticaret.gov.tr |
www.jivochat.com.tr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
secure-sahibindenparamguvende-com.tk R3 |
2022-04-27 - 2022-07-26 |
3 months | crt.sh |
*.jivosite.com Go Daddy Secure Certificate Authority - G2 |
2020-04-05 - 2022-06-04 |
2 years | crt.sh |
*.hizliresim.com E1 |
2022-03-30 - 2022-06-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/
Frame ID: 595A441AAC7B6D145DCD3AA4510FD519
Requests: 32 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://secure-sahibindenparamguvende-com.tk/
HTTP 301
https://secure-sahibindenparamguvende-com.tk/ Page URL
-
https://secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f
HTTP 301
https://secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/ Page URL
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Kişisel Verilerin Korunması
Search URL Search Domain Scan URL
Title: İnsan Kaynakları
Search URL Search Domain Scan URL
Title: Sözleşmeler ve Kurallar
Search URL Search Domain Scan URL
Title: Üyelik Sözleşmesi
Search URL Search Domain Scan URL
Title: Kullanım Koşulları
Search URL Search Domain Scan URL
Title: Kişisel Verilerin Korunması
Search URL Search Domain Scan URL
Title: Yardım ve İşlem Rehberi
Search URL Search Domain Scan URL
Title: Linkedin
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Canlı Destek Sağlayıcısı
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://secure-sahibindenparamguvende-com.tk/
HTTP 301
https://secure-sahibindenparamguvende-com.tk/ Page URL
-
https://secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f
HTTP 301
https://secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://secure-sahibindenparamguvende-com.tk/ HTTP 301
- https://secure-sahibindenparamguvende-com.tk/
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
secure-sahibindenparamguvende-com.tk/ Redirect Chain
|
94 B 313 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/ Redirect Chain
|
556 KB 103 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iIj3o4Ji9r
code.jivosite.com/widget/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tkluav9.png
i.hizliresim.com/ |
135 KB 136 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kk_onyuz_amex5e54744a1a52232b43d415acb9582671.png
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/assets/images/ |
437 B 606 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kk_onyuz_defaultb6f656c5f31b93ffb03fd115f293e2cb.png
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/assets/images/ |
326 B 495 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header8ea4db8447fdc3b5e6a5a10df4e706d7.png
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/assets/images/ |
47 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
35 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LucidaGrande:ac6eab3860943d84118563394a9d86b3.woff
secure-sahibindenparamguvende-com.tk/assets/blob/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer:431f7032690d6f5c31a44bc8e7413480.png
secure-sahibindenparamguvende-com.tk/assets/images/ |
808 B 808 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
group-2:aa3f890f7a83e1ccf00f8a24b53f033b.png
secure-sahibindenparamguvende-com.tk/assets/images/ |
808 B 808 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirNextLTW04-Medium:01966d00d03af3048b3f7a35b000f3a6.woff2
secure-sahibindenparamguvende-com.tk/assets/blob/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirNextW04-Demi:ff4b64120fd7273a6eea62db3bf1eee5.woff2
secure-sahibindenparamguvende-com.tk/assets/blob/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LucidaGrande-Bold:d6dc488393ebe0e7e04044b162f0967a.woff
secure-sahibindenparamguvende-com.tk/assets/blob/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paris-secure5901124c86292eab71a18bb98eb32882.png
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paris-shipping57431b3f008cab82f48d881da608e5ec.png
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/assets/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paris-installment227032effd36f6a196d57fe2abd2d3cf.png
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/assets/images/ |
823 B 992 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paris-return8c2514a32579e65fbc8f9f55ab169ca7.png
secure-sahibindenparamguvende-com.tk/guvenli-ode/odeme-yap/255hg5h35fg235gfhf3h5g25fg25h2f/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirNextLTW04-Medium:0593ca00c5a519fc8a6401f235793b1e.woff
secure-sahibindenparamguvende-com.tk/assets/blob/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirNextW04-Demi:71c9ab83a35d5b47858cf615b4d57b91.woff
secure-sahibindenparamguvende-com.tk/assets/blob/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirNextLTW04-Medium:d368750b9ae601515fcda40e5c46ea45.ttf
secure-sahibindenparamguvende-com.tk/assets/blob/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirNextW04-Demi:93aa83272eb53f08244a3637b0b1e970.ttf
secure-sahibindenparamguvende-com.tk/assets/blob/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iIj3o4Ji9r
code.jivosite.com/script/widget/config/ |
3 KB 1 KB |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iIj3o4Ji9r
node-ya13.jivosite.com/widget/status/1970777/ |
214 B 547 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle_tr.js
code.jivosite.com/js/ |
1 MB 282 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widget.css
code.jivosite.com/css/77034a4/ |
242 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
306 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
agent_message.mp3
code.jivosite.com/sounds/ |
4 KB 4 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notification.mp3
code.jivosite.com/sounds/ |
6 KB 6 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
outgoing_message.mp3
code.jivosite.com/sounds/ |
5 KB 5 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sahibinden (Classifieds)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| __jivoOnError boolean| __hasStorage function| __jivoBundleOnLoad function| __jivoBundleInit function| jivo_init function| jivo_destroy object| jivo_config string| jivo_version object| jivo_api0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jivosite.com
i.hizliresim.com
node-ya13.jivosite.com
secure-sahibindenparamguvende-com.tk
178.154.209.182
20.223.132.10
2606:4700:20::681a:3da
2a03:90c0:41:2801::254
065f366d510f2532215d4be45942814f189a719aa10769061aae6b57af55e3e0
084927bfd72645e81fc335c9ebcd123fe67daccb7b5cc39c9cce9eaa6903e17d
1112436abea08c851302bba4d4e37a27e25e5ec26b20474667a3369d41154bab
238458332b22ccf7d78deac5a932f7d56fabaee575b8a1df679c46a65aa4583c
259c15a100ea2c4f35ebe579e14392ec5ee9014c24f35e10e9f1ae05e4bf75f2
259f8601c84926f0d1a06795a45d76c4deb33b63c1ca3432b50db9609dfa9c75
2f045d25fe7734d848f1d3606f7bcf1e42a71b28eabedcbce4dc7ecc394ed862
5b5336f4d0a9c38c66a4115964b2179b41d37ad63cd1ee00cfc218192b839311
60769387b8e3b5a4e390c0b90dab0a010499cd6a0adcdf80f0afe283a3e000b8
8616d474d34514e7de3d775aef6524395dcfb4f22a56c500853b68ef3117c307
8f7376eb3847c6184807f082ad5e4724d2081d54cddf69759340e3971ff99e25
a35a1e83df7a377b4276b1327aab46f50f7e1a3834dc4f3d4d8497103e09a732
affe37b465da5c8e7605b32ce0f19dd9c4d10a73f9a9c73484c98336bb6af25d
b267eccff7cac3cc84281bc08777ab5f58a3b925f10c6423a8eb6b48f91b8e14
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
b9fb147e8ae45337833ad0499de29f4ada3dd85f0f317c718a9be95e5d090297
c35fdab8a8f6d1621f71e99405b1de6b4c2a189da0b98015e6c3361d7d34a4ba
d43faf6a9449cb0af0c2ceb392f093469f0421439b486ad0427b6085b72aaffd
d44244617bf21df7a137694fa762d5cab3b82cb9fae8f33de5917977b02b2a11
ea49bae2caa7c68be52d53a86906b2dd0df58a9962f2c73011508d993784d5d3
ff81aad05612f90cf97c238f219765884e5cbf49351d8dc96a4a063c598c3f43