Report - www.ziraat-ba.com/

Report Overview

Submitted URL
www.ziraat-ba.com/
IP
148.163.124.2
ASN
#53755 IOFLOOD
Submitted
2023-03-28 02:21:07
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606 B	127 B	35.163.217.60
cutt-ly.com	unknown	2020-08-03T14:30:44Z	2023-03-28T19:48:16Z	355 B	324 B	190.115.26.9
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3.2 kB	72 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	4.1 kB	11 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333 B	391 B	34.117.237.239
www.ziraat-ba.com	unknown	2022-10-13T13:10:11Z	2023-03-27T20:39:06Z	5.6 kB	653 kB	148.163.124.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-27	medium	www.ziraat-ba.com/	Ziraat Bank
2023-03-27	medium	www.ziraat-ba.com/	Ziraat Bank
2023-03-27	medium	www.ziraat-ba.com/	Ziraat Bank
2023-03-27	medium	www.ziraat-ba.com/	Ziraat Bank
2023-03-27	medium	www.ziraat-ba.com/	Ziraat Bank
2023-03-27	medium	www.ziraat-ba.com/	Ziraat Bank

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-03-28	medium	cutt-ly.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	www.ziraat-ba.com/	22 B	2023-03-08	2024-01-25
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:34:14 Last Seen2024-01-25 03:42:54 Times Seen11 Hash 916cab0430b273d4ab1cc01148e4c783 b945185fc9ad5c405f0c414c9755c252345927ce 604a0cfe374ba76232088999fcd0a9b9f11305b54128be3d3b088dbac804dce4 Loading...

	www.ziraat-ba.com/	123 B	2023-03-08	2024-01-25
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:06:47 Last Seen2024-01-25 03:42:55 Times Seen11 Hash b498b679ea3a0490977725c3660e0651 2ba344760bd041c6b86d86b19419731076f7960d e2434afae0ac58656e2391390b6c2acb3b532801bbf29566ea56fcace6342e81 Loading...

	www.ziraat-ba.com/	205 B	2023-03-08	2024-04-13
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:06:47 Last Seen2024-04-13 06:34:49 Times Seen67 Hash ffebab610769cc12894293de5093b108 6bc3daf4831c97e248fe4ddd9744d0682f9aee62 892d033295ec18a0dbcc10d6e20f9d2d0fb2dd4d4a6c5d51276b3d91348f52ca Loading...

	www.ziraat-ba.com/	638 B	2023-03-08	2024-01-25
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:34:14 Last Seen2024-01-25 03:42:55 Times Seen11 Hash 3e99663aa4470e6d6a6614c660add2c9 ddcf185804d634832c5d4aacd8934c5c45799592 21fa51df8852d4f28f5cb8e18b96f7fdf8e5ac264953263d503f5eba9c2430c1 Loading...

	www.ziraat-ba.com/	80 B	2023-03-08	2024-04-13
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:06:47 Last Seen2024-04-13 06:34:49 Times Seen68 Hash ff232d1ae95db7a2f4bf4cff9f585145 8b7725b3b370c3855a00a5e22b051e76f0a306f1 49a9b676acc081761baa180e0e4df9ccd40880b5b8dad04cb6bf691164fc6bb2 Loading...

	www.ziraat-ba.com/	1.9 kB	2023-03-08	2024-01-31
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:34:14 Last Seen2024-01-31 03:15:51 Times Seen15 Hash 9e7485b9963c95931014c6b962126730 2a1c9a4780d5d078d743f2d1b1fe26f0b60635e8 6ceb38788bdb4951240c6659f49745be9f10cfcbb744b7c919016fd44b15a402 Loading...

	www.ziraat-ba.com/	370 B	2023-03-07	2024-04-24
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:26 Last Seen2024-04-24 21:04:18 Times Seen1460 Hash 2dd1a1b7c59783d99f750190233d997a 28a2788c6484a90079a0654b958b73806d660fd4 01345e20242c77eb2657f3efac0e1e1fe0eec6c7a74b84b16c67128f24899410 Loading...

	www.ziraat-ba.com/SiteAssets/js/min/homePage.min4ebc.js?v=1509	137 kB	2023-03-08	2024-01-25
Pretty URL www.ziraat-ba.com/SiteAssets/js/min/homePage.min4ebc.js?v=1509 IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:06:47 Last Seen2024-01-25 03:42:55 Times Seen19 Hash d10a003373704568d6699cc8710765c5 8fffc2db848be7872b30b941e70717edab328874 e825d4f06e1988699280f0d8813dbdc85114bc97a5366760d7df48040b211774 Loading...

	www.ziraat-ba.com/SiteAssets/js/jquery/jquery.smartbanner.js	16 kB	2023-03-08	2024-04-13
Pretty URL www.ziraat-ba.com/SiteAssets/js/jquery/jquery.smartbanner.js IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:06:47 Last Seen2024-04-13 06:34:50 Times Seen174 Hash f14bac805993297c1816e600e01087df 2f0ce3d08b8c10e448500c2ecc528837dbcb2275 9916b20e0e346a808aa3d33641d98263c4b1b27f67f0b091004021c91652cc72 Loading...

	www.ziraat-ba.com/SiteAssets/js/min/jquery.min0466.js?v=383	87 kB	2023-03-08	2024-04-13
Pretty URL www.ziraat-ba.com/SiteAssets/js/min/jquery.min0466.js?v=383 IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:06:47 Last Seen2024-04-13 06:34:50 Times Seen160 Hash 808a76c1bcd12ee1624ffebde5e77bac 30e28f78c70f26e10b4985c34340be230129f5f2 24489d37a4f37a51da7ca075defba5ea657b967964113199c4f6439f3c02cd5f Loading...

	www.ziraat-ba.com/	59 B	2023-03-08	2024-01-28
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:34:14 Last Seen2024-01-28 04:42:35 Times Seen12 Hash db111d1a671b0e1eac5f1e0d6edd4418 e0971a69f0551075e3c6b4a3d87baf8e879903f6 d65e3e6825c34a67ce3eb03e1e3c09fbcde8e7c98c2fd1044f4c8c0bc33bb51a Loading...

	www.ziraat-ba.com/	1.2 kB	2023-03-08	2023-04-02
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:34:14 Last Seen2023-04-02 21:26:51 Times Seen3 Hash b33f0a1b934df19f46cbb6ae16c8bac2 a9961e84d506d6b38ae1fc7b93c2dfc4e59991a7 bbd42f846cacf0a12a79a6373972fe783e053f8781a7832788b1db93c1f6ab6c Loading...

	cutt-ly.com/gSr0j2	0 B	2023-03-07	2024-04-25
Pretty URL cutt-ly.com/gSr0j2 IP 190.115.26.9 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 11:41:07 Times Seen37062531 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.ziraat-ba.com/	252 B	2023-03-08	2024-01-28
Pretty URL www.ziraat-ba.com/ IP 148.163.124.2 ASN #53755 IOFLOOD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:34:14 Last Seen2024-01-28 04:42:35 Times Seen12 Hash 53e724bbd1560da28b422738ffb15a23 357ead7e28edbf4e9df96df52609c174f3d84869 7a6940fa3c71e62fec8dad9ab6d763cc072e71049a5fa18c822cb004988400c8 Loading...

HTTP Transactions (37)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5329
Expires: Tue, 28 Mar 2023 03:49:45 GMT
Date: Tue, 28 Mar 2023 02:20:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3216
Expires: Tue, 28 Mar 2023 03:14:32 GMT
Date: Tue, 28 Mar 2023 02:20:56 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 01:28:00 GMT
content-type: application/json
age: 3176
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12271
Expires: Tue, 28 Mar 2023 05:45:27 GMT
Date: Tue, 28 Mar 2023 02:20:56 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: +akTJi1vZCQem7jaUeuUAkakKDSJSffBhwTnRSuB7cXPnw9Yfg6WGXuA9rLcq1jEabFrGZ9jn88=
x-amz-request-id: 010Q3E9G4047PD6J
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 01:56:01 GMT
age: 1495
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 02:20:56 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Mar 2023 02:17:24 GMT
age: 212
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0eb6d04c1a0e64a3d98215029dbc24eb
d6082ab9df539130784fcd679d33337b02918bde
d58b4c5c2aacd71180b98690f2c351204c9f9d13547a29511ece2bba2a51566a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D58B4C5C2AACD71180B98690F2C351204C9F9D13547A29511ECE2BBA2A51566A"
Last-Modified: Sun, 26 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21577
Expires: Tue, 28 Mar 2023 08:20:33 GMT
Date: Tue, 28 Mar 2023 02:20:56 GMT
Connection: keep-alive

www.ziraat-ba.com/

148.163.124.2

200 OK

12 kB

URL HTTP/2
www.ziraat-ba.com/
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3713), with CRLF, LF line terminators
Size
12 kB (11625 bytes)
Hash
c3e0961328f8021572c015a1bcfd0df9
6462306e4a19818be80c05cf6055161a15b7ffc0
3ab106f3acf5cd9f109ff5fd25cc4af8fa85f34d3db8104d98e5fd5b255a23a7

HTTP Headers

GET / HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html
last-modified: Sun, 26 Mar 2023 19:58:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11625
date: Tue, 28 Mar 2023 02:20:56 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
da5340ee69a1000f751686df9e716663
a5da880a61ed119790a7990bbdcc0c97eecf04f2
d1ff10bfe40f290935abe1feeb975a6af8cf310f9ce9d45bbf482a604da73560

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1FF10BFE40F290935ABE1FEEB975A6AF8CF310F9CE9D45BBF482A604DA73560"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18554
Expires: Tue, 28 Mar 2023 07:30:11 GMT
Date: Tue, 28 Mar 2023 02:20:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0eb6d04c1a0e64a3d98215029dbc24eb
d6082ab9df539130784fcd679d33337b02918bde
d58b4c5c2aacd71180b98690f2c351204c9f9d13547a29511ece2bba2a51566a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D58B4C5C2AACD71180B98690F2C351204C9F9D13547A29511ECE2BBA2A51566A"
Last-Modified: Sun, 26 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21576
Expires: Tue, 28 Mar 2023 08:20:33 GMT
Date: Tue, 28 Mar 2023 02:20:57 GMT
Connection: keep-alive

push.services.mozilla.com/

35.163.217.60

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.217.60:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tJa99yrAt/PAHhmUhCXjwQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LOY9VP45ApCbP1UOU1GH16647SA=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
66ffd7e85b2b8c3c6ae9cdcf7cb4ce61
e8c9257a0404c9bce538dc12a3ee67658e245a6e
d2821ddd68beac5a9d4eb2dcd12b69e0fa6dd5d7adfbeee815dc4678951ae532

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2821DDD68BEAC5A9D4EB2DCD12B69E0FA6DD5D7ADFBEEE815DC4678951AE532"
Last-Modified: Sat, 25 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 28 Mar 2023 08:20:57 GMT
Date: Tue, 28 Mar 2023 02:20:57 GMT
Connection: keep-alive

www.ziraat-ba.com/SiteAssets/css/min/magiclick.minbdd8.css?v=1045

148.163.124.2

200 OK

69 kB

URL HTTP/2
www.ziraat-ba.com/SiteAssets/css/min/magiclick.minbdd8.css?v=1045
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
ASCII text, with very long lines (41041), with CRLF line terminators
Size
69 kB (69249 bytes)
Hash
db7151fd9055a7d6e3341de5f239a277
a760fd3abfdddfc9447dee8a83c545f5d6d63844
5cc1f8340587e282e7399f3524ee738c6c8a994f488b2412013439d99b68639c

HTTP Headers

GET /SiteAssets/css/min/magiclick.minbdd8.css?v=1045 HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: text/css
last-modified: Sat, 17 Dec 2022 16:24:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 69249
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/js/min/jquery.min0466.js?v=383

148.163.124.2

200 OK

30 kB

URL HTTP/2
www.ziraat-ba.com/SiteAssets/js/min/jquery.min0466.js?v=383
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
30 kB (29907 bytes)
Hash
4dd11b7464ad1c39bd64a0cdb25590a0
0b7fd2860be53c83bcf8183473f2e7d186efd693
dacf9a9e288c78621f40628399cc26ed9666ff41d927fffd8cae6db62095eef0

HTTP Headers

GET /SiteAssets/js/min/jquery.min0466.js?v=383 HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: application/javascript
last-modified: Sat, 17 Dec 2022 16:24:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 29907
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

cutt-ly.com/gSr0j2

190.115.26.9

200 OK

0 B

URL HTTP/2
cutt-ly.com/gSr0j2
IP
190.115.26.9:0
ASN
#262254 DDOS-GUARD CORP.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /gSr0j2 HTTP/1.1
Host: cutt-ly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=ZSPPdH8hQGRlxvxhESJZ; Domain=.cutt-ly.com; HttpOnly; Path=/; Expires=Wed, 27-Mar-2024 02:20:57 GMT
date: Tue, 28 Mar 2023 02:20:57 GMT
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/js/min/homePage.min4ebc.js?v=1509

148.163.124.2

200 OK

37 kB

URL HTTP/2
www.ziraat-ba.com/SiteAssets/js/min/homePage.min4ebc.js?v=1509
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
ASCII text, with very long lines (32787), with CRLF line terminators
Size
37 kB (36764 bytes)
Hash
cd374c28a5c6774ecb857410ebef8d62
ca5b9af5deb40366ddeeae59612d12a84f5a894e
ae920ae92f4987f027ef3a1a4b2518964bda2f62760f1e403c5c61b65972b584

HTTP Headers

GET /SiteAssets/js/min/homePage.min4ebc.js?v=1509 HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: application/javascript
last-modified: Sat, 17 Dec 2022 16:24:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 36764
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/js/jquery/jquery.smartbanner.js

148.163.124.2

200 OK

4.3 kB

URL HTTP/2
www.ziraat-ba.com/SiteAssets/js/jquery/jquery.smartbanner.js
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
Unicode text, UTF-8 text
Size
4.3 kB (4327 bytes)
Hash
a85905fd4c53e5b907ed44f22b7a716f
7fbbfd832a25479a132f57dd598884e5ad49254d
b05b8f838c9eece2ccab471e89c4bd89f54603cfc8a262c210d110d518b7b1da

HTTP Headers

GET /SiteAssets/js/jquery/jquery.smartbanner.js HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: application/javascript
last-modified: Sat, 17 Dec 2022 16:24:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4327
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/api.ziraatbank.com.tr/inbound/cbot/static-files/web/js/widget/cbot-ziraatbilge-generatord754.js?v=20220803

148.163.124.2

404 Not Found

708 B

URL HTTP/2
www.ziraat-ba.com/api.ziraatbank.com.tr/inbound/cbot/static-files/web/js/widget/cbot-ziraatbilge-generatord754.js?v=20220803
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

HTTP Headers

GET /api.ziraatbank.com.tr/inbound/cbot/static-files/web/js/widget/cbot-ziraatbilge-generatord754.js?v=20220803 HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/images/logo.png

148.163.124.2

200 OK

4.8 kB

URL HTTP/2
www.ziraat-ba.com/SiteAssets/images/logo.png
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
PNG image data, 438 x 92, 8-bit colormap, non-interlaced\012- data
Size
4.8 kB (4823 bytes)
Hash
0178d49fcf102d2ac5f4d93d7a8d2141
b4d0803f6ed282ea0e7d559bb5a32806125e07a5
dc6750872782481c50484242a1e4d6dcfa856fae3d932154d384b476a0254638

Detections

Analyzer	Verdict	Alert
openphish	Ziraat Bank

HTTP Headers

GET /SiteAssets/images/logo.png HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: image/png
last-modified: Sat, 17 Dec 2022 16:24:08 GMT
accept-ranges: bytes
content-length: 4823
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/images/transparent.png

148.163.124.2

200 OK

924 B

URL HTTP/2
www.ziraat-ba.com/SiteAssets/images/transparent.png
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
924 B (924 bytes)
Hash
dbb59b17acc15664dbfa38a3234ee6b9
3dfe5ef963f83514bf6193267c544c3ff4c819a9
a336639240d71effd17416cf26e38a06fc3bf1f3a64fbac04b3f1970f2d55c0b

Detections

Analyzer	Verdict	Alert
openphish	Ziraat Bank

HTTP Headers

GET /SiteAssets/images/transparent.png HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: image/png
last-modified: Sat, 17 Dec 2022 16:24:08 GMT
accept-ranges: bytes
content-length: 924
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/siteassets/images/chat-bot-img.png

148.163.124.2

404 Not Found

708 B

URL HTTP/2
www.ziraat-ba.com/siteassets/images/chat-bot-img.png
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
openphish	Ziraat Bank

HTTP Headers

GET /siteassets/images/chat-bot-img.png HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/images/intro-modal-2.jpg

148.163.124.2

200 OK

15 kB

URL HTTP/2
www.ziraat-ba.com/SiteAssets/images/intro-modal-2.jpg
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 264x131, components 3\012- data
Size
15 kB (14762 bytes)
Hash
1cf3d5d2cb26e22fa617fdb32e5d0e9c
f7000fefce1545eeb28081e121851b9bf033a3c8
dcd2488d4f219c45db61e690c1efd5c58726f37ff1afb6a0af7ba07608a1256e

Detections

Analyzer	Verdict	Alert
openphish	Ziraat Bank

HTTP Headers

GET /SiteAssets/images/intro-modal-2.jpg HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: image/jpeg
last-modified: Sat, 17 Dec 2022 16:24:02 GMT
accept-ranges: bytes
content-length: 14762
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/images/mobile-app-modal-img.jpg

148.163.124.2

200 OK

137 kB

URL HTTP/2
www.ziraat-ba.com/SiteAssets/images/mobile-app-modal-img.jpg
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 610x328, components 3\012- data
Size
137 kB (136938 bytes)
Hash
286c1d43e70c19e5f52794e91e2c7007
e9f8bec697194c996dbe002d37e3c77f71352451
e2e9f2b3b062193e47ee0ff3bdcc1dd8b4185670dc783679c79fcb752d3b2f04

Detections

Analyzer	Verdict	Alert
openphish	Ziraat Bank

HTTP Headers

GET /SiteAssets/images/mobile-app-modal-img.jpg HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: image/jpeg
last-modified: Sat, 17 Dec 2022 16:24:04 GMT
accept-ranges: bytes
content-length: 136938
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/js/min/magiclick.min70c4.js?v=1207

148.163.124.2

200 OK

338 kB

URL HTTP/2
www.ziraat-ba.com/SiteAssets/js/min/magiclick.min70c4.js?v=1207
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type
ASCII text, with very long lines (65536), with no line terminators
Size
338 kB (338473 bytes)
Hash
b9f38fa1476f1f028c5986a5eb96213d
a8b0c67b5bc20ff0e1f58607e5fc4a39cfd19183
ab6c7c610ad9e531a227143455b9bedad9ff698bbf33b9d67a2d63f23d6b9c89

HTTP Headers

GET /SiteAssets/js/min/magiclick.min70c4.js?v=1207 HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: application/javascript
last-modified: Sat, 17 Dec 2022 16:24:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 338473
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Tue, 28 Mar 2023 03:35:38 GMT
Date: Tue, 28 Mar 2023 02:20:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Tue, 28 Mar 2023 03:35:38 GMT
Date: Tue, 28 Mar 2023 02:20:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Tue, 28 Mar 2023 03:35:38 GMT
Date: Tue, 28 Mar 2023 02:20:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Tue, 28 Mar 2023 03:35:38 GMT
Date: Tue, 28 Mar 2023 02:20:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Tue, 28 Mar 2023 03:35:38 GMT
Date: Tue, 28 Mar 2023 02:20:58 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png

34.120.237.76

200 OK

20 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
20 kB (20349 bytes)
Hash
b3e093e7b5c12cfc2aee601f823ea47e
d76b3958471b2ed70a2b52f078ec638748fdb441
de4fc669195611c4ea6fe7d920482987aef077973b4973c01e2f362aeb18c2ea

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178b294b-fb7e-4482-a48e-31bbcc320554.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 20349
x-amzn-requestid: 2de7d242-f277-42a6-9dc4-2fc98207a978
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbumFzOIAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-5f20ad7b2216219138f7b557;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: pnby7LhwZDWxJHtyWBlI7l_AO8l-tjjTVHatiCKG2htZ4RQNQOZkgQ==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:48:21 GMT
age: 16357
etag: "d76b3958471b2ed70a2b52f078ec638748fdb441"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9859 bytes)
Hash
da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 7571f483-0d57-4f3f-9d86-2f18175cc0b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRP5DG2BoAMFrdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d2d06-400180d700df598366b8b16f;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 04:54:30 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 8LzPrLvhUnXntYPNCg_QN2LFUvQ-4FL4SMyYBxPOwlGd1sgL3j-Znw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:50:10 GMT
age: 16248
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae134d44-b08a-4ffa-be9d-c8e95b802ca1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7830 bytes)
Hash
51e8fbd1f743ea697aad0c06cd2b6b79
0635c18e823921e9c7d2fbdffdc2ca635f765a09
3dc5adab42ee368a8067181023a991a5bc784426bfa67319869d011c65e57b93

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae134d44-b08a-4ffa-be9d-c8e95b802ca1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7830
x-amzn-requestid: c35d031c-1647-468b-9d34-a2916f2cd630
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cdbp3GTIoAMFbmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca5-105e1fd1356d413b5ea9d142;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: dwbsLBCkfCfLFL7clLBahHkACC0cp4EwTdcYDV__ODQh0c68CtkMmQ==
via: 1.1 22ea0ab0881473261b786ecbb5e00f54.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:49:43 GMT
age: 16275
etag: "0635c18e823921e9c7d2fbdffdc2ca635f765a09"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6970 bytes)
Hash
e5d955ec5d3a9f655e4ca0523acfd039
e8b2cd28a02a2cee1b4e57c57570f2598721ff57
e7753ef91d6f04dce00f83cb1ba3ea4f1abb52140993fbee375e506597cee529

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6970
x-amzn-requestid: 9f7a82d7-dbba-4c67-a330-6a7f2b68177d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cdn3zGn7oAMFwNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64222031-1d97c16f7a9c163c02fe72ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 23:01:05 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tFYFwzjyNtfiOJ3pLPC126YgOclndkmPYWrFTdLcWP9LgP9xjj_snQ==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 23:12:05 GMT
age: 11333
etag: "e8b2cd28a02a2cee1b4e57c57570f2598721ff57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11894 bytes)
Hash
ee9c83faa5fdb77ba988a41207800b0e
4ac4c600767de39c5134cb97f78fcb29a681ee18
9039f7232ada16ae6d8a447225a15ef949c705a6f9e7aa20b367d001cd88c94f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11894
x-amzn-requestid: 27689ac4-87c8-4c3b-bb2b-5577c82793c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cdb7_EoHIAMFprQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220d19-0c2e035d4465b1d458a996c9;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:39:37 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: vGkA0y2G3zApNzW9bdZ4TyUWXMGjIXNHHQKrD2T8767oA7qBnqKDqQ==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:01:37 GMT
age: 15561
etag: "4ac4c600767de39c5134cb97f78fcb29a681ee18"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8553 bytes)
Hash
e828b7227de7aa7a7b7c54c96e0cef9a
9a717142ab25dabf9123485ef51ed586662d2a71
0390f8771432de010cc11e11be2e2dfa7c303664858a5b066e66a628a1f3dd66

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8553
x-amzn-requestid: 05cb5115-a27b-485a-89fd-670bdb5bb06f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbofHHPIAMFkQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-774bb5d725336b35088e2527;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: NcKs_URb5dFDbkEoCqy2_fjKWneX7mifmEbd5MA5unqkhiPAIH9GPg==
via: 1.1 22ea0ab0881473261b786ecbb5e00f54.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:50:10 GMT
age: 16248
etag: "9a717142ab25dabf9123485ef51ed586662d2a71"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.ziraat-ba.com/SiteAssets/images/mesafeni-koru-modal.png

148.163.124.2

200 OK

0 B

URL HTTP/2
www.ziraat-ba.com/SiteAssets/images/mesafeni-koru-modal.png
IP
148.163.124.2:0
ASN
#53755 IOFLOOD

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Ziraat Bank

HTTP Headers

GET /SiteAssets/images/mesafeni-koru-modal.png HTTP/1.1
Host: www.ziraat-ba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ziraat-ba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Apr 2023 02:20:57 GMT
content-type: image/png
last-modified: Sat, 17 Dec 2022 16:24:04 GMT
accept-ranges: bytes
content-length: 354405
date: Tue, 28 Mar 2023 02:20:57 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML