aidatd-let.cc Open in urlscan Pro
5.9.38.184 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://l24.im/n8bts49
Effective URL:
https://aidatd-let.cc/
Submission: On March 15 via manual (March 15th 2023, 11:09:46 am UTC) from TR — Scanned from NL

Summary HTTP 19 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 5.9.38.184, located in Ingelheim, Germany and belongs to HETZNER-AS, DE. The main domain is aidatd-let.cc.
TLS certificate: Issued by R3 on March 15th 2023. Valid for: 3 months.

This is the only time aidatd-let.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BDDK (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	5.9.38.184 5.9.38.184	24940 (HETZNER-AS) (HETZNER-AS)
17	31.3.2.106 31.3.2.106	21245 (MEDIANOVA...) (MEDIANOVA-CDN)
19	3

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

l24.im	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.9.38.184 (Ingelheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: plesk1.offshare.host

aidatd-let.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 31.3.2.106 (Frankfurt am Main, Germany)

ASN21245 (MEDIANOVA-CDN, TR)

cdn.e-devlet.gov.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	e-devlet.gov.tr cdn.e-devlet.gov.tr — Cisco Umbrella Rank: 85373	201 KB
2	aidatd-let.cc aidatd-let.cc	5 KB
1	l24.im 1 redirects l24.im	579 B
19	3

	Domain	Requested by
17	cdn.e-devlet.gov.tr	aidatd-let.cc cdn.e-devlet.gov.tr
2	aidatd-let.cc	cdn.e-devlet.gov.tr
1	l24.im	1 redirects
19	3

This site contains links to these domains. Also see Links.

Domain
www.turkiye.gov.tr

Subject Issuer	Validity	Valid
aidatd-let.cc R3	`2023-03-15` - `2023-06-13`	3 months	crt.sh
cdn.e-devlet.gov.tr GlobalSign RSA OV SSL CA 2018	`2023-02-07` - `2024-03-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://aidatd-let.cc/
Frame ID: 43D83F23A2ECD6988F70E0D8B8C1DE69
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

e-Devlet Kapısı

Page URL History Show full URLs

https://l24.im/n8bts49 HTTP 302
https://aidatd-let.cc/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

206 kB
Transfer

466 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.turkiye.gov.tr/iletisim?hizli=CozumMerkezi2
Title: Hızlı Çözüm Merkezi

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://l24.im/n8bts49 HTTP 302
https://aidatd-let.cc/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response aidatd-let.cc/ Redirect Chain https://l24.im/n8bts49 https://aidatd-let.cc/	18 KB 4 KB	134ms 28ms	Document text/html	5.9.38.184 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 5.9.38.184 Ingelheim, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS plesk1.offshare.host Software nginx / PHP/7.4.33 PleskLin Resource Hash `e35fea4861a9c3e008abaf90bcf6efdbc0ed9bc8a66816d32dbd694b3c21e33e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Wed, 15 Mar 2023 11:09:41 GMT server nginx x-powered-by PHP/7.4.33 PleskLin Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7a844e3bd93e3671-FRA date Wed, 15 Mar 2023 11:09:41 GMT location https://aidatd-let.cc/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYEsWgdHbi1Tg93x%2FRP1DWm50%2F8VkIy%2BfE4IPNik7noqEJVwb82n%2BNd34OAAteATyVqR6fYAN0m8rMgSIVDsl%2FsflxVB%2F6PgxtIMy1EdvPq8b%2ByZJsKNwGn3TdNFozpryRAz15Y%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=15552000; includeSubDomains; preload x-content-type-options nosniff x-powered-by ASP.NET
GET H2	200	base.css cdn.e-devlet.gov.tr/themes/izmir/css/	72 KB 11 KB	151ms 25ms	Stylesheet text/css	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `090f98bef38f6ba6c76bbb9aa8a345cfc195581080ccf16dd48815bed9804fc9` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Mon, 06 Mar 2023 13:28:48 GMT server MNCDN-237 x-mnrequest-id cbca04fe40b37545c95e60f1c63217a4 age 10 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type text/css cache-control max-age=7200 x-mserver 2216 expires Wed, 15 Mar 2023 13:09:40 GMT
GET H2	200	header.js Show response cdn.e-devlet.gov.tr/themes/izmir/js/	10 KB 5 KB	168ms 43ms	Script application/javascript	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/js/header.js Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `eb1392dd09409f6ff7d3154be56020344ae9891e043851a595172a71f1620ef1` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding gzip last-modified Thu, 01 Sep 2022 09:38:54 GMT server MNCDN-237 x-mnrequest-id 5ef589290ace554bdef5d90fa3ebaadb x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type application/javascript;charset=UTF-8 access-control-allow-origin * cache-control max-age=7776000 x-mserver 2216 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	giris.css cdn.e-devlet.gov.tr/themes/izmir/css/	38 KB 6 KB	168ms 42ms	Stylesheet text/css	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/css/giris.css Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `4bdb29db701e7d0f98ba28ee62f724f8e8776ae8c4e4287eae2d5f9fcca3ea98` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Mon, 06 Mar 2023 13:28:37 GMT server MNCDN-237 x-mnrequest-id b56037dabb0d4b8d495d5cfb05de0ffa x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type text/css cache-control max-age=7200 x-mserver 2215 expires Wed, 15 Mar 2023 13:09:40 GMT
GET H2	200	1.png cdn.e-devlet.gov.tr/themes/istanbul/images/agencies/	2 KB 2 KB	40ms 39ms	Image image/png	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.e-devlet.gov.tr/themes/istanbul/images/agencies/1.png Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `473f0d637169b8b400874ffb0c487dfc5f4bc544e8bfebe98502a6a5ceb781e7` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding gzip last-modified Sun, 10 Dec 2017 13:50:20 GMT server MNCDN-237 x-mnrequest-id 22af585b84261487048c3ff5274071e2 x-edge-location DE-372 etag W/"5a2d3b9c-73f" x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, Accept-Encoding, User-Agent content-type image/png cache-control max-age=7200 x-mserver 2215 expires Wed, 15 Mar 2023 13:09:40 GMT
GET H2	200	form-progress.svg cdn.e-devlet.gov.tr/themes/izmir/images/	1 KB 917 B	40ms 40ms	Image image/svg+xml	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.e-devlet.gov.tr/themes/izmir/images/form-progress.svg Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `ff7498da718b1f50faeefae71e24ceadf4575da0692b84c9a1ad359daa1f2ff2` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Mon, 11 Dec 2017 14:11:06 GMT server MNCDN-237 x-mnrequest-id 82b77f2a15a6d76826e42da527c64197 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, User-Agent content-type image/svg+xml access-control-allow-origin * cache-control max-age=7776000 x-mserver 2215 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	common.js Show response cdn.e-devlet.gov.tr/themes/izmir/js/	141 KB 47 KB	18ms 18ms	Script application/javascript	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/js/common.js Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `ddad6377e8dd07978bda079be06b4f3f3a8dfccbc1dce57afa82c893e02d04c8` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding gzip last-modified Mon, 06 Mar 2023 13:28:31 GMT server MNCDN-237 x-mnrequest-id c8f8523299ac0b4d3f369eb1873a4d66 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type application/javascript;charset=UTF-8 access-control-allow-origin * cache-control max-age=7776000 x-mserver 2215 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	giris.js Show response cdn.e-devlet.gov.tr/themes/izmir/js/	6 KB 3 KB	43ms 42ms	Script application/javascript	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/js/giris.js Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `7f82762e08bf34317398e748361957c5632553ec9f0089913fee95057cdb20b0` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding gzip last-modified Wed, 14 Dec 2022 12:58:45 GMT server MNCDN-237 x-mnrequest-id ea3920ed9f922d32c149d4d77d5c720b x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type application/javascript;charset=UTF-8 access-control-allow-origin * cache-control max-age=7776000 x-mserver 2216 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	jquery.jcryption.js Show response cdn.e-devlet.gov.tr/themes/izmir/js/es/	65 KB 21 KB	39ms 38ms	Script application/javascript	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/js/es/jquery.jcryption.js Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `790c8abfa03882377c7a9302bdb14dd1c3dab477280255161bc016d7b5f3b121` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding gzip last-modified Thu, 01 Sep 2022 09:38:30 GMT server MNCDN-237 x-mnrequest-id e55f0f9da359ac82b051ad5d777510d3 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type application/javascript;charset=UTF-8 access-control-allow-origin * cache-control max-age=7776000 x-mserver 2137 expires Tue, 13 Jun 2023 11:09:40 GMT
GET DATA	200 OK	truncated /	82 B 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/webp
GET DATA	200 OK	truncated /	38 B 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/webp
GET H2	200	edkkds.svg cdn.e-devlet.gov.tr/themes/izmir/images/	9 KB 3 KB	38ms 37ms	Image image/svg+xml	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.e-devlet.gov.tr/themes/izmir/images/edkkds.svg Requested by Host: aidatd-let.cc URL: https://aidatd-let.cc/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `39966ec7eea8f508184cef9f98895a0e8d74e3328a43cc8a93c528cfca888691` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Fri, 05 Jan 2018 11:42:29 GMT server MNCDN-237 x-mnrequest-id 3e1813a30d4694ae2a37fd1950838a49 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, User-Agent content-type image/svg+xml access-control-allow-origin * cache-control max-age=7776000 x-mserver 2200 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	auth-methods.126.svg cdn.e-devlet.gov.tr/themes/izmir/images/	4 KB 2 KB	38ms 37ms	Image image/svg+xml	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.e-devlet.gov.tr/themes/izmir/images/auth-methods.126.svg Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/css/giris.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `27292f1f2138adbd114fa0463bec7cfcb3475c08477f79554da42d858be68d70` Request headers accept-language nl-NL,nl;q=0.9 Referer https://cdn.e-devlet.gov.tr/themes/izmir/css/giris.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Fri, 05 Jan 2018 11:42:29 GMT server MNCDN-237 x-mnrequest-id dac52b5e3f751f67fc569ff76b055f92 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type image/svg+xml access-control-allow-origin * cache-control max-age=7776000 x-mserver 2200 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	open-sans-v18-latin-ext_latin-regular.126.woff2 cdn.e-devlet.gov.tr/themes/izmir/fonts/opensans/	19 KB 19 KB	84ms 19ms	Font application/octet-stream	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/fonts/opensans/open-sans-v18-latin-ext_latin-regular.126.woff2 Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `537d46273fe124bbced2f098f26222fa3155741e9d76f906c3c39e7fa09bf6a8` Request headers Referer https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Origin https://aidatd-let.cc accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Wed, 11 Nov 2020 12:17:21 GMT server MNCDN-237 x-mnrequest-id 7b395cf8772ad1e59fb75df92576a8af age 9 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control max-age=7776000 x-mserver 2200 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	button-right.126.svg cdn.e-devlet.gov.tr/themes/izmir/images/	448 B 602 B	34ms 34ms	Image image/svg+xml	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.e-devlet.gov.tr/themes/izmir/images/button-right.126.svg Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/css/giris.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `14e8e481e7afcaae3200f172bd49bf7146ea2a23d3fdf0ba71d5fdbbd0c8c5a4` Request headers accept-language nl-NL,nl;q=0.9 Referer https://cdn.e-devlet.gov.tr/themes/izmir/css/giris.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Mon, 11 Dec 2017 14:11:06 GMT server MNCDN-237 x-mnrequest-id 7e0e5f07ae7a1c6690763ea192d61e81 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type image/svg+xml access-control-allow-origin * cache-control max-age=7776000 x-mserver 2215 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	arrow-left.126.svg cdn.e-devlet.gov.tr/themes/izmir/images/	393 B 554 B	34ms 34ms	Image image/svg+xml	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.e-devlet.gov.tr/themes/izmir/images/arrow-left.126.svg Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/css/giris.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `945f7d25e8f885da3c77668f74ecacefa894dc535ac048f57a56e2b2fc2560df` Request headers accept-language nl-NL,nl;q=0.9 Referer https://cdn.e-devlet.gov.tr/themes/izmir/css/giris.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Mon, 11 Dec 2017 14:11:06 GMT server MNCDN-237 x-mnrequest-id 48cadcee5f44dffb1597ba47686af3d2 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, User-Agent content-type image/svg+xml access-control-allow-origin * cache-control max-age=7776000 x-mserver 2216 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	open-sans-v18-latin-ext_latin-600.126.woff2 cdn.e-devlet.gov.tr/themes/izmir/fonts/opensans/	20 KB 20 KB	86ms 22ms	Font application/octet-stream	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/fonts/opensans/open-sans-v18-latin-ext_latin-600.126.woff2 Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `0b155ade172e77bc397377c1856af15289b509590b332b351e48f5c11f73a35e` Request headers Referer https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Origin https://aidatd-let.cc accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Wed, 11 Nov 2020 12:17:21 GMT server MNCDN-237 x-mnrequest-id aa4fe25668bdc4190b851e4241024512 age 9 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control max-age=7776000 x-mserver 2216 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	open-sans-v18-latin-ext_latin-300.126.woff2 cdn.e-devlet.gov.tr/themes/izmir/fonts/opensans/	19 KB 20 KB	99ms 36ms	Font application/octet-stream	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/fonts/opensans/open-sans-v18-latin-ext_latin-300.126.woff2 Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `814a3f4f20f812103033c8345c9bbd27f561a5462f34843e88c94f6f5dc4092c` Request headers Referer https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Origin https://aidatd-let.cc accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding br last-modified Wed, 11 Nov 2020 12:17:21 GMT server MNCDN-237 x-mnrequest-id 7ef57426fb1aa3767a3b8e155e751a9a age 1 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * cache-control max-age=7776000 x-mserver 2215 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	edk.126.126.woff cdn.e-devlet.gov.tr/themes/izmir/fonts/	38 KB 38 KB	120ms 58ms	Font application/font-woff	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/fonts/edk.126.126.woff Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `78e78c58a6dab82f460252e9a0dcdcb5d0c0eb2f2307998764dea1dc1796a4f0` Request headers Referer https://cdn.e-devlet.gov.tr/themes/izmir/css/base.css Origin https://aidatd-let.cc accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT last-modified Mon, 06 Mar 2023 13:28:48 GMT server MNCDN-237 x-mnrequest-id cea1911ff905522814cb2622125fa0ef age 1 x-edge-location DE-372 x-cache-status Edge : HIT, content-type application/font-woff access-control-allow-origin * cache-control max-age=7776000 accept-ranges bytes content-length 38872 x-mserver 2137 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	200	common_messages_tr.1.7.js Show response cdn.e-devlet.gov.tr/themes/izmir/js/es/	2 KB 1 KB	18ms 17ms	Script application/javascript	31.3.2.106 MEDIANOVA-CDN
General Check archive.org Show headers Download Go to Full URL https://cdn.e-devlet.gov.tr/themes/izmir/js/es/common_messages_tr.1.7.js Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/js/common.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.3.2.106 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR), Reverse DNS Software MNCDN-237 / Resource Hash `cc0ddf2f8f49be9521d32ef463122d16281f8a8c263c6c7c41f202b7583470cd` Request headers accept-language nl-NL,nl;q=0.9 Referer https://aidatd-let.cc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:40 GMT content-encoding gzip last-modified Tue, 15 Nov 2022 09:38:43 GMT server MNCDN-237 x-mnrequest-id 7ed900f653d9f78b93d35c6aa9d49a16 x-edge-location DE-372 x-cache-status Edge : HIT, vary Accept-Encoding, Accept-Encoding, User-Agent content-type application/javascript;charset=UTF-8 access-control-allow-origin * cache-control max-age=7776000 x-mserver 2215 expires Tue, 13 Jun 2023 11:09:40 GMT
GET H2	404	CryptoServlet Show response aidatd-let.cc/	808 B 500 B	26ms 26ms	XHR text/html	5.9.38.184 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aidatd-let.cc/CryptoServlet?generateKeyPair=true&pn=%2F&ajax=1&token= Requested by Host: cdn.e-devlet.gov.tr URL: https://cdn.e-devlet.gov.tr/themes/izmir/js/common.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 5.9.38.184 Ingelheim, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS plesk1.offshare.host Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers Accept application/json, text/javascript, /; q=0.01 Referer https://aidatd-let.cc/ X-Requested-With XMLHttpRequest accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Wed, 15 Mar 2023 11:09:41 GMT content-encoding br last-modified Fri, 24 Feb 2023 14:30:57 GMT server nginx etag W/"328-5f572fa3e8aa0" content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BDDK (Banking)

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			l24.im/	1970-01-20 12:30:53	Name: n8bts49 Value: 31ca5702-9bbb-4f26-89a0-c30c958c03a1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://aidatd-let.cc/CryptoServlet?generateKeyPair=true&pn=%2F&ajax=1&token= Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aidatd-let.cc
cdn.e-devlet.gov.tr
l24.im
2a06:98c1:3121::3
31.3.2.106
5.9.38.184
090f98bef38f6ba6c76bbb9aa8a345cfc195581080ccf16dd48815bed9804fc9
0b155ade172e77bc397377c1856af15289b509590b332b351e48f5c11f73a35e
14e8e481e7afcaae3200f172bd49bf7146ea2a23d3fdf0ba71d5fdbbd0c8c5a4
27292f1f2138adbd114fa0463bec7cfcb3475c08477f79554da42d858be68d70
39966ec7eea8f508184cef9f98895a0e8d74e3328a43cc8a93c528cfca888691
473f0d637169b8b400874ffb0c487dfc5f4bc544e8bfebe98502a6a5ceb781e7
4bdb29db701e7d0f98ba28ee62f724f8e8776ae8c4e4287eae2d5f9fcca3ea98
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
537d46273fe124bbced2f098f26222fa3155741e9d76f906c3c39e7fa09bf6a8
78e78c58a6dab82f460252e9a0dcdcb5d0c0eb2f2307998764dea1dc1796a4f0
790c8abfa03882377c7a9302bdb14dd1c3dab477280255161bc016d7b5f3b121
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7f82762e08bf34317398e748361957c5632553ec9f0089913fee95057cdb20b0
814a3f4f20f812103033c8345c9bbd27f561a5462f34843e88c94f6f5dc4092c
945f7d25e8f885da3c77668f74ecacefa894dc535ac048f57a56e2b2fc2560df
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
cc0ddf2f8f49be9521d32ef463122d16281f8a8c263c6c7c41f202b7583470cd
ddad6377e8dd07978bda079be06b4f3f3a8dfccbc1dce57afa82c893e02d04c8
e35fea4861a9c3e008abaf90bcf6efdbc0ed9bc8a66816d32dbd694b3c21e33e
eb1392dd09409f6ff7d3154be56020344ae9891e043851a595172a71f1620ef1
ff7498da718b1f50faeefae71e24ceadf4575da0692b84c9a1ad359daa1f2ff2

aidatd-let.cc Open in urlscan Pro 5.9.38.184 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

206 kBTransfer

466 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

45 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

aidatd-let.cc Open in urlscan Pro
5.9.38.184 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

206 kB
Transfer

466 kB
Size

1
Cookies

19 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!