Report - ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/

Report Overview

Submitted URL
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
IP
52.178.131.237
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2022-11-23 10:43:28
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
66

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.43.228.5
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
esube.ziraatkatilim.com.tr	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408 B	1.8 kB	185.118.192.23
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.3 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	379 B	31 kB	69.16.175.42
status.geotrust.com	3662	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	796 B	93.184.220.29
ziraatkatilimkampanya.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	24 kB	942 kB	52.178.131.237
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForCommon.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery1110.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/swfobject.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ui.dialog.min.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForMasterPages.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/security.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForAllControls.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/CustomComboboxItems.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/IntFraudData.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/flash_detect.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/WebResource.axd	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery.alternate.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/keyboard.js.indir	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/loader_red.svg	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.woff2	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.woff2	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.woff2	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.woff	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.woff	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.woff	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.ttf	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.ttf	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.ttf	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.woff2	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.woff2	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.woff2	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.woff	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.woff	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.woff	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.ttf	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.ttf	Phishing
2022-11-23	medium	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery.alternate.js.indir	44 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery.alternate.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:26 Times Seen1 Hash ab0a28796188b0065d765a030f90de31 fa4cc0a504d712f80b8df4a506c2bbc82aff4920 ba39e09f835014e8d99499eb995e7f0a9713e313f62052fa46700eb12c2db8f4 Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/keyboard.js.indir	58 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/keyboard.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:26 Times Seen1 Hash 688ee951da62b90c76001a05f7b52e69 ed51d707fa50dfd0f028c7168da89aa1ead0ea66 0642e384e0b37917677155eb601f6de68181e68af55e4d6c8dc6b8ebfebf06ad Loading...

	code.jquery.com/jquery-3.6.1.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL code.jquery.com/jquery-3.6.1.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:27 Last Seen2024-04-25 09:25:37 Times Seen23026 Hash 00727d1d5d9c90f7de826f1a4a9cc632 ea61688671d0c3044f2c5b2f2c4af0a6620ac6c2 a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForMasterPages.js.indir	67 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForMasterPages.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:25 Times Seen1 Hash c3f62ec6f9392f24813e2bafe8b18481 009584c17f02a03d2584906d314ef0251bcd908f eccdf75bf519b9aa3e9eccd9859464a06ddba4d1a9535f8001abeb63b5b8ca0b Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/security.js.indir	17 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/security.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:25 Times Seen1 Hash b43616c10e776ae2ca1259397ac43ebc d2db84f19ed9a50168ba0b52963987ea9c799de3 707cd5ec3341558c0d06f95287ccfa9e091ad5e7577c518f9e0f15e0c2b6f67c Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/flash_detect.js.indir	4.9 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/flash_detect.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:26 Times Seen1 Hash a136f09e27911613609eabe6492c75de 0ceef015736c40fa7420cf939c17c3ca253dd236 6219d3c6cdc2b0ccdbe6c7c6adf991b6f39b099b9110bfbde70128afff538d6c Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/CustomComboboxItems.js.indir	3.1 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/CustomComboboxItems.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:25 Times Seen1 Hash 9e57aa5544bea7b996ffa95f644c659b e359002e13f6a11f34a282a91f881f019905b30c bf3317a6a431d728a3b50df67472161b112a247cf201509ad530bf956b68bb9a Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/	855 B	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/ IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:26 Times Seen1 Hash ee013774e7ed4ca3953b14b2ca57d1dc 842e978b2f53037d90c981c33d5aa1335cb95e17 dbef057b833f48fb1b084581cd375e1610c02b027117a1fc667d28c88067faf8 Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForCommon.js.indir	33 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForCommon.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:26 Times Seen1 Hash 1ba3c606c4b080eacd6c0d581dd43f2a 908d2857f911434ccb54a3293f02f831b5383488 6808b522297507afd095a1a1d435c41bb4c068168aa7a23fea46c0621d967ffb Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/swfobject.js.indir	10 kB	2023-03-08	2024-04-14
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/swfobject.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:45:50 Last Seen2024-04-14 04:51:19 Times Seen549 Hash 84e07fa8222e5bf3f356cd7cec454b61 9c4605fbe1c44c12791e498ed307840c15da702a a2d68e4530bbf55b595085ad00ef6999cb64574eb58b44b53ef0516fa7fa4aed Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/WebResource.axd	27 kB	2023-03-07	2024-04-25
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/WebResource.axd IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:18 Last Seen2024-04-25 12:03:35 Times Seen16035 Hash b3d7a123be5203a1a3f0f10233ed373f f4c61f321d8f79a805b356c6ec94090c0d96215c ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 13:22:14 Times Seen37063329 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ui.dialog.min.js.indir	11 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ui.dialog.min.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:26 Times Seen1 Hash b2f70cb360d1f19ce01985dc8b69c983 8c4b3c5cceaa0258d353e37f703375f8a9e7cd74 2a8d6215c5ef3237f1b43b86ad670037b6b6e7f8cec7425ecb7ef85cfd5260c9 Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/	694 B	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/ IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:25 Times Seen1 Hash ecdc3e1f6b1ab07b56bae7de3526587c 2c39f35f047c9fae32f711eac2add143cdcec325 3aeecd4542cf1546a25c9246719444c7fa19bb6d93e7b334eeb0d3f2275903cc Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/	6.7 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/ IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:25 Times Seen1 Hash 394f6b2d61b392dad0eedd4734af925b 78411feebfb69847f9fc3f09f95628d385d4fa3d 547ba215086962579b6214fcc7a7ab224501384590cee5fce55f965a2ee4c597 Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/	301 B	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/ IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:25 Times Seen1 Hash 3a3b467596ad4a5cc6bd0acb9ed0638b 6d71cd573fc83f90763c18c1c228b5332a6c00ac d7008266ef4cbcd25fc4c6d4971fb5b853799930e3b33fc4ddd61bfe127b22b4 Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ui.core.min.js.indir	8.2 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ui.core.min.js.indir IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:25 Times Seen1 Hash 76e4f1a01113c870213196348e990ee9 6d5971edfdedb603f5817a7e1d4f336f58efec6e 513888f683e7a37bffcc753b7743f4101f1ca53b92d42f3b4346fb010f0cf3df Loading...

	ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/IntFraudData.js.indir	1.7 kB	2023-03-11	2023-03-11
Pretty URL ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/IntFraudData.js.indir IP 52.178.131.237 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:28:41 Last Seen2023-03-11 16:29:26 Times Seen1 Hash 102f0a1405d36eba449fa4e89e67006a 3ee6b7f6d434c5e9bab9044e922240f0754f341c 458c38bca0681edaaf0ea67a0e339f8c8db9965d38009eba19fc54bc97e482c2 Loading...

HTTP Transactions (72)

URL IP Response Size

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/

52.178.131.237

200 OK

6.9 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1552)
Size
6.9 kB (6907 bytes)
Hash
a835575ba93cdfb8d8b35a4c6db88fd8
a7b11db7fc65e90a85beee0b967c69f35fd0a8fd
01f7b5e3a3609220b51d3d4a2d3f714661d4df5f3651b995f5cde7c507a42b9b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/ HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 6907
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1456357aecbd23f21ad98da57e0127eb
7074815b39fa8da9013883971d665e4c1b0797ea
f3eba265ee64870b2f822f1511b36c747d763c382557789cdad8be1d3b52d1f5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3249
Expires: Wed, 23 Nov 2022 11:37:26 GMT
Date: Wed, 23 Nov 2022 10:43:17 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b59d95402dfb464c176610284ba13f65
1a6c62fb0d48654dd204b66161bb03fefe60f71a
40cfd59b890ec5a3570603d28d90bd7e5c506babd52c2ece93e09f1c7b2a6880

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6028
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:43:17 GMT
Last-Modified: Wed, 23 Nov 2022 09:02:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 23 Nov 2022 10:17:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1570
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8979
Expires: Wed, 23 Nov 2022 13:12:56 GMT
Date: Wed, 23 Nov 2022 10:43:17 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: GI7LvlQHi+c9ykMq1zGVLwzdfxlQKk/k25rxku05hP74xDLU5pH8cUXPec+Grj7hU8Luj1f4FfQ=
x-amz-request-id: TPCP2YTGXA2M9JS4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 23 Nov 2022 10:42:57 GMT
age: 21
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 23 Nov 2022 10:43:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css

52.178.131.237

200 OK

10 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (328), with CRLF line terminators
Size
10 kB (10315 bytes)
Hash
e77c862e4bee547084e43040787fe7ef
2d7e2f135fc515acd9bc4ef371e82f1b873c5ff6
c562533f75dd6e541e139f53a38d9f91aadc3bd1dd4048993dfd430d6094cfcb

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/css
Last-Modified: Tue, 15 Nov 2022 20:12:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2a6-d0f1"
X-Powered-By: PleskLin
Content-Encoding: gzip

code.jquery.com/jquery-3.6.1.min.js

69.16.175.42

200 OK

31 kB

URL HTTP/2
code.jquery.com/jquery-3.6.1.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65447)
Size
31 kB (30957 bytes)
Hash
2c8fb5f779970f005faea6e0f60c7e85
c9b676abdb36ea6ccf133eb7641236a7f53dd815
d14d28eea362f345cb56e1ae1244737768d80bc60dea930f308bde89dfa0c0f1

HTTP Headers

GET /jquery-3.6.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:43:18 GMT
content-encoding: gzip
content-length: 30957
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Aug 2022 17:36:05 GMT
accept-ranges: bytes
server: nginx
etag: W/"63090485-15e40"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1669200198.dop215.sk1.t,1669200198.cds219.sk1.hn,1669200198.cds206.sk1.c
X-Firefox-Spdy: h2

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForCommon.js.indir

52.178.131.237

200 OK

8.6 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForCommon.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (4275), with CRLF line terminators
Size
8.6 kB (8587 bytes)
Hash
60365a91614409c14754ebe542139aaf
4c16dc096f35e8d0ffa551dd85f20a995e95211b
3255270770f43530597a4b6b94dc4a0add5e8405489f7ddb2df0af8a1b8cc84c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForCommon.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2a8-7f5c"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css

52.178.131.237

200 OK

19 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (1393), with CRLF line terminators
Size
19 kB (18871 bytes)
Hash
ea80a4dd8b362b375f2fdd136d0774ee
22388646eb29d930733aac79be452535f63d1df3
59c8859c81c543ad847681415bebded35518532303ee768e5eeb7a070552a90d

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/css
Last-Modified: Tue, 15 Nov 2022 20:12:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2a6-19dfb"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery1110.js.indir

52.178.131.237

200 OK

37 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery1110.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (32341)
Size
37 kB (36568 bytes)
Hash
a39e11414eb039674193db640e6f7d3b
3f59491e53faf5c9f2a78d7f03f2514797db8cb2
9940926108709eb391d5514e79ba9cd8ddc1094019ce438dd8664dcfbfb5da72

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery1110.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2a6-198d0"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/swfobject.js.indir

52.178.131.237

200 OK

4.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/swfobject.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (10071), with CRLF line terminators
Size
4.0 kB (3952 bytes)
Hash
27ab78351a3c7cd7b2cc431db63ab3e9
f54ad2c752169fd4b9a3320daceba93f0cb873a9
7045d5ff71e22d2432c5f4fe6e531804f4c60fa0471f7026c00bd03aa7b5e047

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/swfobject.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2aa-27ef"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ui.dialog.min.js.indir

52.178.131.237

200 OK

3.4 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ui.dialog.min.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (10336), with CRLF line terminators
Size
3.4 kB (3395 bytes)
Hash
9f7c84bdcc8e42169857d39af5b33c19
654db9bfe759d0f174c63bd4f7013d7be9abc187
da645da209068bfbdcbb1e2eb016f880a8bc349130710f71ba9b5ce155c43fb2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ui.dialog.min.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2a8-2992"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForMasterPages.js.indir

52.178.131.237

200 OK

15 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForMasterPages.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (2480), with CRLF line terminators
Size
15 kB (14612 bytes)
Hash
971699863f7598220f10c075903299c4
28b6a90b08138bc4b5b319e2fb4a84ec81901898
55b24440e618d665b9140e118c15bb9b87b241a3c7e45aec339f646eb5654278

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForMasterPages.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2a8-1063f"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/security.js.indir

52.178.131.237

200 OK

5.1 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/security.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (16380), with CRLF line terminators
Size
5.1 kB (5130 bytes)
Hash
20edd920f7d00783bae21c210e0b9963
10582ff13f12009681d9494a3099d25275c68124
d19887f60c2bc317e346c6c6b65bb9735c6ec44df4a7e93acb993a3432b8117b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/security.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2ac-42a1"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForAllControls.js.indir

52.178.131.237

200 OK

26 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForAllControls.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (47755), with CRLF line terminators
Size
26 kB (26291 bytes)
Hash
efd800165e5bde9e5c3905767208b660
0793bcd3f189f96aff220d2d8b92a8a7e4afd91f
b40137859bc22614321016170e23756b9b2f60ffc6f246336031006c98eefb48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForAllControls.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2a8-1ecae"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/CustomComboboxItems.js.indir

52.178.131.237

200 OK

974 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/CustomComboboxItems.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
974 B (974 bytes)
Hash
7fb1ca92642c8a5260c2762902b8cc40
76945e531f670e89cbceb2cb4e6eede46ad54ff5
00435b0bd3f2b82effa24a8459076b6d31b1f4b152f5fa1803c2bf5a1e402340

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/CustomComboboxItems.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2ac-bed"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/IntFraudData.js.indir

52.178.131.237

200 OK

607 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/IntFraudData.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
c7de6d8a2e36ae5326c0f9b5bb24f017
026039ad5c049ddfe7517e6e38230defd5896af1
264dad6db2a182bb310fd0e80c8846c5afe00477cf04ecd94dd8781391b1a43f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/IntFraudData.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2ac-6bf"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/flash_detect.js.indir

52.178.131.237

200 OK

1.2 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/flash_detect.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.2 kB (1176 bytes)
Hash
c5a76f57bb7fcd503b811c094ee90273
fac323c8f5dddea4d17daeadaa867f991a515d78
2531210d114140012b11e3633c7dadc2466bd1c62fd01f0233c984ad97ca426c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/flash_detect.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2ac-134b"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/WebResource.axd

52.178.131.237

200 OK

27 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/WebResource.axd
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with CRLF line terminators
Size
27 kB (26951 bytes)
Hash
b3d7a123be5203a1a3f0f10233ed373f
f4c61f321d8f79a805b356c6ec94090c0d96215c
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/WebResource.axd HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/octet-stream
Content-Length: 26951
Last-Modified: Tue, 15 Nov 2022 20:12:28 GMT
Connection: keep-alive
ETag: "6373f2ac-6947"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/sanalklavye.css

52.178.131.237

200 OK

1.3 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/sanalklavye.css
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with CRLF line terminators
Size
1.3 kB (1345 bytes)
Hash
02baa73b402096a3c24a8ba524eb77cf
2baca1fa2ae2dc30f949b90aee4d6156479fd3d5
5eec2eaf5b3ad79327566f4515060b457871817402aa0cf9f0f34c622f4f8113

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/sanalklavye.css HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/css
Last-Modified: Tue, 15 Nov 2022 20:12:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2b2-10c3"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery.alternate.js.indir

52.178.131.237

200 OK

7.8 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery.alternate.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (323), with CRLF line terminators
Size
7.8 kB (7800 bytes)
Hash
4d845f42736d5a93196143985cf820e5
7e473cabdcc65ea8aa067309309f89e259913c52
51dd2028ae74fcb4f2f1c0b35010a0f2a28c072133fc0937fe91aea2f24feb62

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/jquery.alternate.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2b2-ab49"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/comodo-logo.png

52.178.131.237

200 OK

4.6 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/comodo-logo.png
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 66 x 36, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4614 bytes)
Hash
c09046e8534d305904a26a00d3aa1f6c
db9e347b7cefb488b02712527a12e064132c9981
644f3b7baa87b268975cfb42a292f642d7b2bc64f1d60a0625b4f587923cd632

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/comodo-logo.png HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/png
Content-Length: 4614
Last-Modified: Tue, 15 Nov 2022 20:12:32 GMT
Connection: keep-alive
ETag: "6373f2b0-1206"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/keyboard.js.indir

52.178.131.237

200 OK

7.4 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/keyboard.js.indir
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (1357), with CRLF line terminators
Size
7.4 kB (7407 bytes)
Hash
f23d6879a3ce94f5a900a242bf1465e5
f5290398a3537c614be6b0ee65e50101a3e8716d
040d7ad9fd7a480f7eed3d4a5e8d67e7f14f12194ac24040543c7fa965e0535c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/keyboard.js.indir HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Nov 2022 20:12:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2b2-e2fe"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/logoZKB.png

52.178.131.237

200 OK

3.6 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/logoZKB.png
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 312 x 47, 8-bit/color RGBA, non-interlaced\012- data
Size
3.6 kB (3554 bytes)
Hash
a8e1e9d353931758c41cd2eabe40d2be
d07947bf983ecfd368d1cae5edca44f9053a07c7
f986f6dc59152c76110bc56682711356715e6143f3d2b736764e81b6f2163ddb

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/logoZKB.png HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/png
Content-Length: 3554
Last-Modified: Tue, 15 Nov 2022 20:12:30 GMT
Connection: keep-alive
ETag: "6373f2ae-de2"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/Atm_Limit_1.jpg

52.178.131.237

200 OK

58 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/Atm_Limit_1.jpg
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 530x341, components 3\012- data
Size
58 kB (58228 bytes)
Hash
d6ef4145a8fdc00c1c98ad2a688843d6
70b62e8b87347bc9af0ff671f256ddc577759c30
f5bdcc121a80005d7c33f8e29b10f09bc4c7ddfe66ec84dcdd35c70960c2869c

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/Atm_Limit_1.jpg HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/jpeg
Content-Length: 58228
Last-Modified: Tue, 15 Nov 2022 20:12:32 GMT
Connection: keep-alive
ETag: "6373f2b0-e374"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/loader_red.svg

52.178.131.237

200 OK

422 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/loader_red.svg
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1236), with no line terminators
Size
422 B (422 bytes)
Hash
aeb57459d467e8ca4cfbba51a2e40e5a
c7280b79d606a24ce6c206d55c2eca2027235130
cccffc4fb4b3bab234f4b1ca9ccafb577e1e71afe4607294839cd62d8793f37a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/loader_red.svg HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Nov 2022 20:12:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6373f2ae-4d4"
X-Powered-By: PleskLin
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/PleaseWait.gif

52.178.131.237

200 OK

6.2 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/PleaseWait.gif
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 25 x 25\012- data
Size
6.2 kB (6166 bytes)
Hash
3fa52271807514c5fa93543b4cc89765
ffefe679bb24a8e59c1791581275cf1c8575f6e2
b39e30e682c210ff0ddc091d143707e3588c0198d4eb2a3e2eb04ddcdd637344

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/PleaseWait.gif HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/gif
Content-Length: 6166
Last-Modified: Tue, 15 Nov 2022 20:12:30 GMT
Connection: keep-alive
ETag: "6373f2ae-1816"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/transparent.png

52.178.131.237

200 OK

120 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/transparent.png
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced\012- data
Size
120 B (120 bytes)
Hash
0bd236f89117deef4b58186fba6720a6
95aa67caeaec13071195c310b790de889e1712bb
fae714eda1babae195690d82d44f65846444621d5cdee4411b2b419f81af8371

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/transparent.png HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/png
Content-Length: 120
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Tue, 15 Nov 2022 20:12:30 GMT
ETag: "78-5ed87f9bf8780"
Accept-Ranges: bytes
X-Powered-By: PleskLin

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Kar_Payi_530x341px_TR.jpg

52.178.131.237

200 OK

174 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Kar_Payi_530x341px_TR.jpg
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=341, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=530], baseline, precision 8, 530x341, components 3\012- data
Size
174 kB (173952 bytes)
Hash
17499956919f4ff41d3d4302f8cf81f1
150a0bfb37cdf8c0c52bd9758c1da56efa74aeed
36f5e68aba27b2feb2a0a722dbe321453218627a34b2763ae409236f492cc106

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Kar_Payi_530x341px_TR.jpg HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/jpeg
Content-Length: 173952
Last-Modified: Tue, 15 Nov 2022 20:12:32 GMT
Connection: keep-alive
ETag: "6373f2b0-2a780"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/avatar.png

52.178.131.237

200 OK

179 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/avatar.png
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced\012- data
Size
179 B (179 bytes)
Hash
8987509484447ce4bd95a1bbae229309
7ab9584322d6bb7251341af243b8a42d57c2886c
4085358e396839a52152b0a687dce864d2ab16fc5d05e378179d138f223d104a

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/avatar.png HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/png
Content-Length: 179
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Tue, 15 Nov 2022 20:12:30 GMT
ETag: "b3-5ed87f9bf8780"
Accept-Ranges: bytes
X-Powered-By: PleskLin

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/loginButton.png

52.178.131.237

200 OK

4.8 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/loginButton.png
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 267 x 35, 8-bit/color RGB, non-interlaced\012- data
Size
4.8 kB (4766 bytes)
Hash
35e7b95a91c8403f0e19ed389ed4f81a
fe33ce9c4aa53012a05e4e4ca0fca3012b66d8bd
a4f3dd313e99f6325f31f87ee513bafb75ae1617f9939b10f1e95eded616be25

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/loginButton.png HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/png
Content-Length: 4766
Last-Modified: Tue, 15 Nov 2022 20:12:30 GMT
Connection: keep-alive
ETag: "6373f2ae-129e"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_img/BG_Body_Responsive.jpg

52.178.131.237

404 Not Found

599 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_img/BG_Body_Responsive.jpg
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
2e7582f459d7c63aa7ca05a53adc7188
660927715e16b2c726da7defc4c72162dc58ca03
96fc2888c64997fc8158f7a811f3b5b82d99d3995dd93fecc78250cb21efaf57

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_img/BG_Body_Responsive.jpg HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: W/"402-5edbecdba54a4"
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Kolay_Adres_Tan%C4%B1mla_Lansman_530x341px_VR2.jpg

52.178.131.237

200 OK

139 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Kolay_Adres_Tan%C4%B1mla_Lansman_530x341px_VR2.jpg
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 530x341, components 3\012- data
Size
139 kB (139195 bytes)
Hash
831694af5805f6261765ecabb4da0e35
5c7ba9a956b8378168fee505c49eec15243a3499
fdf0a881ef2dec65d65e383168216c0ce182869d8048e8fbd40de95ab05da1e6

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Kolay_Adres_Tan%C4%B1mla_Lansman_530x341px_VR2.jpg HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/jpeg
Content-Length: 139195
Last-Modified: Tue, 15 Nov 2022 20:12:32 GMT
Connection: keep-alive
ETag: "6373f2b0-21fbb"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/Mobil_relansman_2021_Mobil_530x341px_TR_VR5_ESUBE_1.jpg

52.178.131.237

200 OK

148 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/Mobil_relansman_2021_Mobil_530x341px_TR_VR5_ESUBE_1.jpg
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 530x341, components 3\012- data
Size
148 kB (147582 bytes)
Hash
80bba7cad9787c96885909090bcc0aa4
11817277c534f53950404562aff506b1a93a3b16
42e00e3257dbcafb2baf26abc2ec02aadc8eaaf71bb4b0491464755be253927f

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/Mobil_relansman_2021_Mobil_530x341px_TR_VR5_ESUBE_1.jpg HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/jpeg
Content-Length: 147582
Last-Modified: Tue, 15 Nov 2022 20:12:32 GMT
Connection: keep-alive
ETag: "6373f2b0-2407e"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.woff2

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.woff2
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothamedium.woff2 HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_img/icos/footericons.png

52.178.131.237

404 Not Found

599 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_img/icos/footericons.png
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
2e7582f459d7c63aa7ca05a53adc7188
660927715e16b2c726da7defc4c72162dc58ca03
96fc2888c64997fc8158f7a811f3b5b82d99d3995dd93fecc78250cb21efaf57

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_img/icos/footericons.png HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: W/"402-5edbecdba54a4"
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.woff2

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.woff2
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothabook.woff2 HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.woff2

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.woff2
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothabold.woff2 HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Bankkart_Sanal%20kart_banner_530x341px.jpg

52.178.131.237

200 OK

192 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Bankkart_Sanal%20kart_banner_530x341px.jpg
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 530x341, components 3\012- data
Size
192 kB (191660 bytes)
Hash
c2b767841df60e6bc49f9bbce6db29cc
34a63c4fd419e9070d67a6b47cf159ce727df20a
28c702fbd95ee5ea258374fa98bb39a3644025d9a3805cf2fc030b32331d9b0d

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/ZK_Bankkart_Sanal%20kart_banner_530x341px.jpg HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: image/jpeg
Content-Length: 191660
Last-Modified: Tue, 15 Nov 2022 20:12:32 GMT
Connection: keep-alive
ETag: "6373f2b0-2ecac"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.woff

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.woff
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothamedium.woff HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.woff

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.woff
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothabold.woff HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.woff

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.woff
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothabook.woff HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.ttf

52.178.131.237

404 Not Found

599 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothamedium.ttf
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
2e7582f459d7c63aa7ca05a53adc7188
660927715e16b2c726da7defc4c72162dc58ca03
96fc2888c64997fc8158f7a811f3b5b82d99d3995dd93fecc78250cb21efaf57

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothamedium.ttf HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: W/"402-5edbecdba54a4"
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.ttf

52.178.131.237

404 Not Found

599 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothabook.ttf
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
2e7582f459d7c63aa7ca05a53adc7188
660927715e16b2c726da7defc4c72162dc58ca03
96fc2888c64997fc8158f7a811f3b5b82d99d3995dd93fecc78250cb21efaf57

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothabook.ttf HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: W/"402-5edbecdba54a4"
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.ttf

52.178.131.237

404 Not Found

599 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/_fonts/gotham/gothabold.ttf
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
2e7582f459d7c63aa7ca05a53adc7188
660927715e16b2c726da7defc4c72162dc58ca03
96fc2888c64997fc8158f7a811f3b5b82d99d3995dd93fecc78250cb21efaf57

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_fonts/gotham/gothabold.ttf HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/MergedForFirstTheme.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: W/"402-5edbecdba54a4"
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 23 Nov 2022 10:11:11 GMT
cache-control: public,max-age=3600
age: 1927
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.woff2

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.woff2
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.woff2 HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.woff2

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.woff2
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.woff2 HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.woff2

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.woff2
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.woff2 HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8a181d95550cfdf3b1fc4deb71631e40
37866f7293c41fbfb817e321754cae5c5bf59f93
6aa3d2763181cc48d2ad0ce7d227f3cb3324045c3f7858ccdbae675768dcec55

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5911
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:43:18 GMT
Last-Modified: Wed, 23 Nov 2022 09:04:47 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.woff

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.woff
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.woff HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.woff

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.woff
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.woff HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.woff

52.178.131.237

404 Not Found

1.0 kB

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.woff
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.0 kB (1026 bytes)
Hash
f5860807b7d102a7cdb4d94a2f64a6af
30bc2ced8d656ef5746f6c3919d75ba6ef071235
d42dc575eaa7e0acfd2c5af869387c377110ad007cafcec082b9daad12e93427

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.woff HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Content-Length: 1026
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: "402-5edbecdba54a4"
Accept-Ranges: bytes

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.ttf

52.178.131.237

404 Not Found

599 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.ttf
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
2e7582f459d7c63aa7ca05a53adc7188
660927715e16b2c726da7defc4c72162dc58ca03
96fc2888c64997fc8158f7a811f3b5b82d99d3995dd93fecc78250cb21efaf57

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothamedium.ttf HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: W/"402-5edbecdba54a4"
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.ttf

52.178.131.237

404 Not Found

599 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.ttf
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
2e7582f459d7c63aa7ca05a53adc7188
660927715e16b2c726da7defc4c72162dc58ca03
96fc2888c64997fc8158f7a811f3b5b82d99d3995dd93fecc78250cb21efaf57

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabook.ttf HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: W/"402-5edbecdba54a4"
Content-Encoding: gzip

ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.ttf

52.178.131.237

404 Not Found

599 B

URL HTTP/1.1
ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.ttf
IP
52.178.131.237:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
2e7582f459d7c63aa7ca05a53adc7188
660927715e16b2c726da7defc4c72162dc58ca03
96fc2888c64997fc8158f7a811f3b5b82d99d3995dd93fecc78250cb21efaf57

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /8f696b95cbd967c8aa7a9844e178277d/_fonts/gotham/gothabold.ttf HTTP/1.1
Host: ziraatkatilimkampanya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/8f696b95cbd967c8aa7a9844e178277d/Ziraat%20Katilim_files/home_alternative.css
Cookie: PHPSESSID=9t7qlmrslnm8clnddsqd0g0j95

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 23 Nov 2022 10:43:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 18 Nov 2022 13:37:14 GMT
ETag: W/"402-5edbecdba54a4"
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9665dfd0081873d4d08f9c4c7fcf56eb
1211f4b238fec1408a8bf8589a7ee963046051a8
dca4da4d6b0f59edc5b285322d0bd15718f47539df91d2765d9d7854a03d092a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4591
Cache-Control: max-age=94594
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:43:18 GMT
Etag: "637cb5d9-1d7"
Expires: Thu, 24 Nov 2022 12:59:52 GMT
Last-Modified: Tue, 22 Nov 2022 11:43:21 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d28a54904a6605dea54c67a68c9f33a7
d86083c88c931c3e4fe72a1f657b434b2417d15a
4c20f6b1d3365f44325f8b69052e31e6e595afd5f5043a61ebc4966fa5793f23

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2084
Cache-Control: max-age=95648
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:43:18 GMT
Etag: "637cc3c2-1d7"
Expires: Thu, 24 Nov 2022 13:17:26 GMT
Last-Modified: Tue, 22 Nov 2022 12:42:42 GMT
Server: ECS (amb/6B7E)
X-Cache: HIT
Content-Length: 471

esube.ziraatkatilim.com.tr/_img/favicon.ico

185.118.192.23

200 OK

1.2 kB

URL HTTP/1.1
esube.ziraatkatilim.com.tr/_img/favicon.ico
IP
185.118.192.23:0
ASN
#203925 Ziraat Katilim Bankasi AS

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
09bb015b89bf44d8126d43e9be434744
10c34179264bdf74dade237922b07f82b18e3dab
917b51a29431a148043850026d34c418705cbdf39a428cf6e01ad713f07d339a

HTTP Headers

GET /_img/favicon.ico HTTP/1.1
Host: esube.ziraatkatilim.com.tr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ziraatkatilimkampanya.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: image/x-icon
Last-Modified: Mon, 20 Jul 2015 11:45:33 GMT
Accept-Ranges: bytes
ETag: "778b4396e1c2d01:0"
Server: ZKB
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: unsafe-url
Content-Security-Policy: frame-ancestors 'self' https://intervision.ziraatkatilim.local;
Date: Wed, 23 Nov 2022 10:43:17 GMT
Content-Length: 1150
Set-Cookie: Secure
NSC_ESNS=02e6baf7-f4e4-137d-9678-00e0ed27cdac_2236284704_3742476740_00000000000047961265; Path=/; Expires=Wed, 23-Nov-2022 10:43:32 GMT

push.services.mozilla.com/

52.43.228.5

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.228.5:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: B3sgY8sO3KTg7Ji3mkimoQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dyVCH2i6dkHX3OL08kz4iQRoF0M=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7624
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:43:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7624
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:43:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7624
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:43:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7624
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:43:20 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd46b36d-1888-40f4-b55e-f6905fed9018.jpeg

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd46b36d-1888-40f4-b55e-f6905fed9018.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8740 bytes)
Hash
2cdc70ea570bedb3a19294a2e3cfcb1b
c3abc52da2458971b00416c5513894a8b60389f0
71f4c91b66b84d7bff6416d8efd1b95ca3aa3543a25489553d1acb6cd9b77308

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd46b36d-1888-40f4-b55e-f6905fed9018.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 7bb62ac1-5774-4e82-8438-9eded7ea71a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-JKMGFMIAMFovg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bef0d-06bd21480b42efd67f62c690;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:35:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FjB6qa579_iDdG_QfQwnlYUEnwv0vZHG0JetZw_gtSVuet7BROTwDw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:50:31 GMT
age: 46369
etag: "c3abc52da2458971b00416c5513894a8b60389f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44f9633f-15fe-459e-aebf-06d2b582efa8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9766 bytes)
Hash
3e8d7af3a5d030774447a0f71c7824f0
663cace8681891ad55943dd0273493aa9474d102
22068df04672281e392caa485259df103d591ab247c3eb5e0ccba10ffd8a9ef0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44f9633f-15fe-459e-aebf-06d2b582efa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: ca8b7a9f-3c1a-419d-953e-2944bf820e5e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBcR_Hd4IAMFWUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d40d9-4ca5e9b2476a47cd199b9cba;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 21:36:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RZqqB_Aaam7hYpdAB2fbx-i3iQth9M-OgA25IgCB5Uz0swqVi3-bVg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:48:19 GMT
age: 46501
etag: "663cace8681891ad55943dd0273493aa9474d102"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 06:36:36 GMT
age: 14804
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45ca81c5-d11a-4d86-a922-dbdce0f6b46c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4977 bytes)
Hash
0cc111ba6ae699fca7fbff3490640960
18084197b48ea3b4a143636250396e8791d0285f
34fbba92e665ad371ea2bd1a871251cf0c5b7832d6f4661b21b2cfbd7f786923

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45ca81c5-d11a-4d86-a922-dbdce0f6b46c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4977
x-amzn-requestid: 3e56de91-7ed1-4b1e-b230-5f19b2cc6601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bxQKBHzdIAMFpUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376c70c-41c572d27999534d3c198372;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 23:43:08 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 414rX74hOWUS2W1d9SVHs7McxZ4QDE249cjU-1EyIe0nMkZrQz2rrQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:56:48 GMT
age: 45992
etag: "18084197b48ea3b4a143636250396e8791d0285f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5914 bytes)
Hash
c6380f73d47906bd63b9c48137e4df61
94e053461d2db89e9d08321f26a2555ebcd7e0b9
84144e3c3e7acc7339fd1da9b373f18582734b6f4d235b2aef8c90616ed1c8a7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5914
x-amzn-requestid: 8dea187e-ee61-4691-aff7-59202f978565
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b2P4MF0UIAMFWBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6378c69a-011430f86689624a29d71215;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 12:05:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c2w_q7fYc60JSQ4GcAlmUFyp7csfflgG8GvCXJuy_wWlvf9mIG0u9g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 22:38:55 GMT
age: 43465
etag: "94e053461d2db89e9d08321f26a2555ebcd7e0b9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe1bda54-5235-4786-bafa-a111a9acd500.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8000 bytes)
Hash
448adf31ef3a09f7d8a45e1c038fe1d8
88e9613f90c14dca0b2c0b60103d0c8e4d859cc8
cedf0f3bd94dfde56b90f130fc960fe73d0131594b9b4ff0e8dbbe27d76b0926

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe1bda54-5235-4786-bafa-a111a9acd500.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8000
x-amzn-requestid: 9761ee4c-6da2-4b57-8fab-4d94ec810717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn1pXGrCIAMFe3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63730308-7628d58a621de956205e1f9c;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:10:00 GMT
x-amz-cf-pop: SFO5-C3, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XlHerM1xe1mm1PGiw1jao15GRW9b1qemXZ3aLODebRK-nZnRMyMfbA==
via: 1.1 100e7eca600d702a8613a94cb0899fe8.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:56:53 GMT
age: 45987
etag: "88e9613f90c14dca0b2c0b60103d0c8e4d859cc8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations