Report - ozelfirsatetkinlikler-bn.com/

Report Overview

Submitted URL

ozelfirsatetkinlikler-bn.com/
IP

190.14.39.158

ASN

#52469 Offshore Racks S.A
Submitted

2023-04-01T22:11:30Z

Access

public
Website Title
Final URL
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

13

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
ozelfirsatetkinlikler-bn.com (19)	unknown	2023-03-07T19:38:39Z	2023-03-15T04:45:51Z	9415	292926	190.14.39.158
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-04-01T17:56:08Z	413	5882	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-04-01T18:12:11Z	333	391	34.117.237.239
r3.o.lencr.org (8)	344	2020-12-02T09:52:13Z	2023-04-01T18:12:25Z	2704	7090	23.36.77.32
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-04-01T18:13:29Z	782	2374	35.241.9.150
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-04-01T18:14:35Z	606	238	34.117.65.55
cdnjs.cloudflare.com (1)	235	2015-04-17T22:46:33Z	2023-04-01T18:50:32Z	400	28974	104.17.24.14
bin.bnbstatic.com (1)	33375	2019-06-17T03:31:06Z	2023-04-01T18:28:44Z	447	1200	54.230.111.82
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-04-01T05:09:04Z	3246	49215	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/assets/googlelogo.svg	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/assets/poweredBy_ot_logo.svg	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-SemiBold.woff2	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-Medium.woff2	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-Regular.woff2	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154	Phishing
2023-04-01	medium	ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

Pretty

URL

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP

104.17.24.14:0
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 01:02:13

Last Seen2023-12-04 10:18:13

Times Seen162124
Hash

8fb8fee4fcc3cc86ff6c724154c49c42

b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Pretty

URL

ozelfirsatetkinlikler-bn.com/
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-08 14:28:29

Last Seen2023-04-02 21:31:36

Times Seen3
Hash

9022fef03007372bba611aa9a69702f4

0ea67626198adaa70d24f0784578d14fd062e2db

94d38ada334a5be036f7088191a4b3441c87f4a328f7aa28d0ae5586137f2b84

Pretty

URL

ozelfirsatetkinlikler-bn.com/
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-08 14:28:29

Last Seen2023-11-26 20:35:43

Times Seen53
Hash

15a238117372c2cd4387241afea9ad7c

66ba16254b9eb5382bc3e804fed48a0307c5282c

7e65b227e17c7c5d2d65096abe030e6251a3a053a54f8564cef5037fd89e81e9

Pretty

URL

ozelfirsatetkinlikler-bn.com/
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-08 14:28:29

Last Seen2023-04-02 21:31:36

Times Seen2
Hash

76f0813461c58a23fb389b27ba7c28a9

66650d85883b3ab5d6511bda93e3b9ae277b16d7

9606a84bb613493209631df323a1ea358b1d53f7077ab3262fcb6f327d46150a

HTTP Transactions (40)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

035772439731bbe3992c865f68e4b977

53fe2d0f678772b6b3e935aaca4d1ef82767e48f

9880ae6537e30af38e8d7ed612a5a44a54037d86686c63ef7eeebcc62cbda05f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9880AE6537E30AF38E8D7ED612A5A44A54037D86686C63EF7EEEBCC62CBDA05F"
Last-Modified: Sat, 01 Apr 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7391
Expires: Sun, 02 Apr 2023 00:14:30 GMT
Date: Sat, 01 Apr 2023 22:11:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b3c6ad41618caef9613685a8f786def7

ce6e1256460e0d28da63f797e14a77c1477d0779

ce87c093a66e4a2adfba7794f5db0428a0986b7e74690b773cbd7708ccca3f0e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE87C093A66E4A2ADFBA7794F5DB0428A0986B7E74690B773CBD7708CCCA3F0E"
Last-Modified: Sat, 01 Apr 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12953
Expires: Sun, 02 Apr 2023 01:47:12 GMT
Date: Sat, 01 Apr 2023 22:11:19 GMT
Connection: keep-alive

ozelfirsatetkinlikler-bn.com/

190.14.39.158

301 Moved Permanently

245

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

245
Hash

aad83a6cf994c623faa48abf7230fc35

c2e9db868133029fce665dc1fa8c4046595e2c04

c46b09b5a2d2eef592e5fb27ad7ac9b5f18e01bbb76c377af13e3339d986772b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET / HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Sat, 01 Apr 2023 22:11:19 GMT
Server: Apache
Location: https://ozelfirsatetkinlikler-bn.com/
Content-Length: 245
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a57eb49c1ac36edd2db6573eb357bd87

592724177530a39ce4af02874beb776b91fefbbe

0dd258adc062ad2b6f5ce8fec0457e55e594c942817f37509ca2d1f2e8152edf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0DD258ADC062AD2B6F5CE8FEC0457E55E594C942817F37509CA2D1F2E8152EDF"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4535
Expires: Sat, 01 Apr 2023 23:26:54 GMT
Date: Sat, 01 Apr 2023 22:11:19 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

4ad6984a756720fbfff47b37a75513a2

355e35258114452af8b9638985ed9d8ef3bf0aca

43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 01 Apr 2023 21:28:31 GMT
content-type: application/json
age: 2568
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

95f61d351f5fc9533cc78e255ce9bc06

fba284117f347782ac23c51d141d7e3ec15a867e

7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: 4MbcHhOQeqX3T4bhVImvmPQ9TtcRkxr74uknCWVJq0EhP+LVaEjrmsKLfKJRZmEACvCa8xc1fpo=
x-amz-request-id: EJ2GTQS3NSFJB86C
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 01 Apr 2023 21:52:05 GMT
age: 1154
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 22:11:19 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

9e9f6891559058a4f43596719386a231

8b9bdfb379748c09759d43d9771a71269c0391d3

d1a9523b4094f8ce15ca02124033623203e20b8e375172c1f84491d6b4c0ea6c

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1A9523B4094F8CE15CA02124033623203E20B8E375172C1F84491D6B4C0EA6C"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10563
Expires: Sun, 02 Apr 2023 01:07:22 GMT
Date: Sat, 01 Apr 2023 22:11:19 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Expires, Cache-Control, Content-Length, Retry-After, Last-Modified, Pragma, ETag, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 01 Apr 2023 21:14:41 GMT
age: 3399
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.117.65.55:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rFMfYKlaq7DatYf4resayw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rLtDpovGmktkE38RhzDHdhUp10M=
Date: Sat, 01 Apr 2023 22:11:20 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.24.14

200 OK

27938

URL HTTP/2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP

104.17.24.14:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (65447)

Size

27938
Hash

d900ca08873ee57d40616d39a44cc0aa

7ab3ac8b1504b7b914a6e94c979b8390bb492f6a

1eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b

HTTP Headers

                                        GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ozelfirsatetkinlikler-bn.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:11:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 788304
expires: Thu, 21 Mar 2024 22:11:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=71DnsMFsLCQ4WUA7jU6JHVYPQqFuGFucXAzzjwIjX7BeC%2FywukCQyIAzGB5F6kiU66qqNPfhUHiO3R9wDHfVkZ9TXXVNX4Gbc52LZJSbEN47XW0eT3RHxXaA4jLGvbuag4kZirQw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7b142ad62994b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bin.bnbstatic.com/static/images/accounts/common/binance-logo.png

54.230.111.82

200 OK

618

URL HTTP/2

bin.bnbstatic.com/static/images/accounts/common/binance-logo.png
IP

54.230.111.82:0
ASN

#16509 AMAZON-02

Magic

PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data

Size

618
Hash

790d76398bf511a5d3b2a21ee3869e8b

48ec33b1be0fae2a375ea483156a119f0e661611

e7412f204aa573c993bec8856dda3e640f365ac0b3f232981c460df0b736738f

HTTP Headers

                                        GET /static/images/accounts/common/binance-logo.png HTTP/1.1
Host: bin.bnbstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
content-type: image/png
content-length: 618
date: Fri, 31 Mar 2023 15:37:59 GMT
x-amz-replication-status: COMPLETED
last-modified: Mon, 11 Jul 2022 06:49:42 GMT
etag: "790d76398bf511a5d3b2a21ee3869e8b"
x-amz-server-side-encryption: AES256
x-amz-version-id: XyTAwy5Jabn2P2B9YJB7jcTdUI11lEfw
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hVa_bMp3z5apv2ZKlrqkAzSvCz670T05VZvt0W7VO-3SzfxN3Fz--A==
age: 110002
X-Firefox-Spdy: h2

ozelfirsatetkinlikler-bn.com/

190.14.39.158

200 OK

104848

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29283)

Size

104848
Hash

94626ea04fcea6b5cb972334266478c0

660d0005732fe10179d1be450175c79d016dc108

a4040b4b9244690d917d68870775d3b9b54c00367ab0f1cf2cc179b7c272d53f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET / HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7; path=/
Vary: Accept-Encoding
Content-Encoding: br
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ozelfirsatetkinlikler-bn.com/assets/index.min.css

190.14.39.158

200 OK

200

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/index.min.css
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (1415), with no line terminators

Size

200
Hash

b6a49c30443da8aa29f734936bd6c280

5c58542670342ad6ef5a71f2dfa6835c25a19ba9

ba853f608ad7b628b267d8282dbd2aec8a313285cf531b6eb2760b9fdaacff02

HTTP Headers

                                        GET /assets/index.min.css HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:20 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 200
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/css

ozelfirsatetkinlikler-bn.com/assets/font.min.css

190.14.39.158

200 OK

2598

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/font.min.css
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (12188), with no line terminators

Size

2598
Hash

221a50f53273efdaefc2f2f2a19324de

95c1838abac622dc5442eb85c0b6613cd1f7d37a

951eb7bea5ab6b1bd80e6982522bb3e48098e8dc858fe9332db1de5bfd5cbd26

HTTP Headers

                                        GET /assets/font.min.css HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:20 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 2598
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/css

ozelfirsatetkinlikler-bn.com/assets/style_https.1.5.8.css

190.14.39.158

200 OK

4465

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/style_https.1.5.8.css
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (40701)

Size

4465
Hash

a294e65f17c257541d93436633a15de2

11e6c8c6ec0a688edb293c03f6f15230358fa6b5

0660d8c05ce14634d4d22da18b82301d0115a4cdb9c08f7f3d69b238bd4bcc84

HTTP Headers

                                        GET /assets/style_https.1.5.8.css HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 4465
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/css

ozelfirsatetkinlikler-bn.com/assets/yenix.css

190.14.39.158

200 OK

7639

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/yenix.css
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with very long lines (347)

Size

7639
Hash

6ee4bb6c3947ad77d8e0da07b378381d

f770e9f7fe06650054f4c430d6665e47f87e17dd

5b44a126dc23f122091fc605e458c589974477c803abe8f62886444bb9ad3c77

HTTP Headers

                                        GET /assets/yenix.css HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 7639
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/css

ozelfirsatetkinlikler-bn.com/assets/googlelogo.svg

190.14.39.158

200 OK

2109

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/googlelogo.svg
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (922)

Size

2109
Hash

92f875ef084c38fefdf23d9d8d6b81c5

3150528dbbb8a35993d3ed37ede739664957ab4c

b30434e0fca9ad98e481bae1a095c7c755478f2c71c2eebeb2dc1bc95640c10c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /assets/googlelogo.svg HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 2109
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

ozelfirsatetkinlikler-bn.com/assets/poweredBy_ot_logo.svg

190.14.39.158

200 OK

1536

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/poweredBy_ot_logo.svg
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2998), with no line terminators

Size

1536
Hash

0a222c039e9890bcd1602af4b4309215

3387b978ed8bcf2b97de98fcf85b55ecf778c504

f2cd599a3bd79ce5543c8dd17d13f85be3140d1ee6313de22d46cebc81d789ec

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /assets/poweredBy_ot_logo.svg HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 1536
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

14539c5e0ca6ce826e62bdadad738bbd

92ce1bbc7f338d3e48e35d637513ab0aba610a98

58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7731
Expires: Sun, 02 Apr 2023 00:20:12 GMT
Date: Sat, 01 Apr 2023 22:11:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

14539c5e0ca6ce826e62bdadad738bbd

92ce1bbc7f338d3e48e35d637513ab0aba610a98

58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7731
Expires: Sun, 02 Apr 2023 00:20:12 GMT
Date: Sat, 01 Apr 2023 22:11:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

14539c5e0ca6ce826e62bdadad738bbd

92ce1bbc7f338d3e48e35d637513ab0aba610a98

58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7731
Expires: Sun, 02 Apr 2023 00:20:12 GMT
Date: Sat, 01 Apr 2023 22:11:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

14539c5e0ca6ce826e62bdadad738bbd

92ce1bbc7f338d3e48e35d637513ab0aba610a98

58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7731
Expires: Sun, 02 Apr 2023 00:20:12 GMT
Date: Sat, 01 Apr 2023 22:11:21 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg

34.120.237.76

200 OK

3800

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

3800
Hash

ddcef2c96778d9fdee670e187a43ab32

e8c98891a1ffdbb6d30cf8746e067d56fe65d964

4e6fb506079b1daab0b1913a31c6252452f133af9276e18d25fe6fb622ce54ec

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 3800
x-amzn-requestid: a182fb32-649a-4228-a591-080aae8c053a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9VEY2oAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-3a1abb584aa61a954dbd52c1;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 8_m0xs9JUsoheDqkfPQdh3kzcE3zhX2Io1kl_Y4sDqLr2_03TiK2eA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:50:39 GMT
age: 1242
etag: "e8c98891a1ffdbb6d30cf8746e067d56fe65d964"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5950

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5950
Hash

800c2662fd6ab8829a02b7d63084c38d

0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239

76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: 5d5a94f5-db2f-4c4c-9c9f-08c14b0ccd80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm7NG2NIAMF-sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e1-57c957f442c42fe148e66831;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:25 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: KkjS04mCLqFET4v9-sePYK-zcztrds608GECT1Fxz3BEpslgxnpLOg==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:38:49 GMT
age: 1952
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8228

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa56dcfe2-79ba-46e2-a5e5-2ea22b3f0188.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8228
Hash

97c512a7abba6c872434ee06af4aac22

903dcbffcafa6d486322c31142e3813cc3ab9172

751a868af79fa595a659694a2d2c16e084fc38e639a7d1506c4fb56288cd21a5

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa56dcfe2-79ba-46e2-a5e5-2ea22b3f0188.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8228
x-amzn-requestid: fbddd88d-c5ab-4809-8870-df8227d51ffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUloHJCIAMF4KA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-4f7ba06b6292df92266c6bc2;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: iWJhkG-cuxGvRp6jAtK6L_1JYg1zJ10oOFmqNb_zrf_wXVWGlKQDOw==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:51:24 GMT
age: 1197
etag: "903dcbffcafa6d486322c31142e3813cc3ab9172"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4697

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4697
Hash

613b90b49678a72443e992713b7eb711

f4216e9b06d9cb62aadfafce434789a3cc5d1fe2

7cb101a12e824bf26552b2aaeb00df0e3f239c254168b9dee65192b484f1b61e

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4697
x-amzn-requestid: 800eecdb-6883-4266-a476-7e3ce7985d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClVE3HmcoAMF9cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64253552-6ee0d63805e7a9631efa30fd;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:08:02 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: coKmHNJLD7miKkRqU3JiHYurjgK5WSnLuwTfw9uNohVOXv-7XjVatg==
via: 1.1 304b956e2039e07753fa39109152d594.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 07:45:25 GMT
age: 51956
etag: "f4216e9b06d9cb62aadfafce434789a3cc5d1fe2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9859

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9859
Hash

da174e6ccc9451c5071ba10eeb97f6f6

c38827a9ac1218768839877263e1f2984fbdc454

76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 526d70f5-3eab-410e-97d4-e489e152bd43
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cl6tIFhxoAMFa-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64257186-14e697b924e79d1e5bc6d040;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 11:24:54 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: qKEs-bdLIfTk7TjXU0kLNzqEBDhhUXkX_osB-9p5LdfJfUbo8LwyuQ==
via: 1.1 4b800f7fa2c3fbb9f4f3c505b0df315e.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 01:27:32 GMT
age: 74629
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10248

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8939ac-5249-469a-92a8-f7d39e16fd0c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10248
Hash

c9725cb9ee354d9c9ca233288e3621ed

5e1ca2a4695fa9e4e6e69b5a5cb05c8ce43244fb

c03a0ed04efe13a15b6a0a05848473de9f5196c26096579b99475b22df2a7c4a

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8939ac-5249-469a-92a8-f7d39e16fd0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10248
x-amzn-requestid: c53c08eb-adf7-447d-b303-759b6419a2bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClU6GHD4oAMFcww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6425350d-7a6494c770dd83f17e839234;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:06:53 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 8ReqCnX98wfim_pADgR68l76iJctnAwKTv-1qtbnNSmKZ8fQTfrHdQ==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 07:25:20 GMT
age: 53161
etag: "5e1ca2a4695fa9e4e6e69b5a5cb05c8ce43244fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ozelfirsatetkinlikler-bn.com/assets/dark-applellogo.png

190.14.39.158

200 OK

24778

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/dark-applellogo.png
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

PNG image data, 1067 x 1067, 8-bit/color RGBA, non-interlaced\012- data

Size

24778
Hash

68d1a2c370c2d1c807e83d95e875ca99

6cb141eea93f6049cc2826fe883ee7180b002744

463cfe4c4bd86cf4d527797053bc1627102abb4dfe5daa62e46414d87c931ca7

HTTP Headers

                                        GET /assets/dark-applellogo.png HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Content-Length: 24778
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: image/png

ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154

190.14.39.158

200 OK

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with no line terminators

Size

13
Hash

e121e149fa2f184c5e94dbdddaefd10d

9425b9abb2c3f3c3f8c3ffce3ae6043e6ec3ce45

d6ca54a4b6329340afe1d97352d6859d5443e48746a536d28f77420af4e17736

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        POST /inc/online.php?ip=91.90.42.154 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ozelfirsatetkinlikler-bn.com
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 13
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154

190.14.39.158

200 OK

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

data

Size

1
Hash

eccbc87e4b5ce2fe28308fd9f2a7baf3

77de68daecd823babbb58edb1c8e14d7106e83bb

4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        POST /kontrol.php?ip=91.90.42.154 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ozelfirsatetkinlikler-bn.com
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 1
Keep-Alive: timeout=3, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-SemiBold.woff2

190.14.39.158

200 OK

47388

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-SemiBold.woff2
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

Web Open Font Format (Version 2), TrueType, length 47388, version 1.0\012- data

Size

47388
Hash

f51db1556443e2658d66384deef8dccc

5688baed81f3a42732833ee19e39e6b34bcea00a

24ad70333bc39b3872b8b2144ffd929faac8bcb7591de661bb3af58ed2ad660b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /assets/fonts/BinancePlex-SemiBold.woff2 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/assets/index.min.css
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Content-Length: 47388
Vary: Accept-Encoding
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: font/woff2

ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-Medium.woff2

190.14.39.158

200 OK

47412

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-Medium.woff2
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

Web Open Font Format (Version 2), TrueType, length 47412, version 1.0\012- data

Size

47412
Hash

6ddc73e86f2540adad7015b0049d3e8b

e109fd980200be8d36033bedbbfe8beb84ffbd87

5de13a8123aca52bbeee3a19ed0ba2b04c7ef1d19f6aa56171393d5d979aa2fd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /assets/fonts/BinancePlex-Medium.woff2 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/assets/index.min.css
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Content-Length: 47412
Vary: Accept-Encoding
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: font/woff2

ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-Regular.woff2

190.14.39.158

200 OK

44332

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/assets/fonts/BinancePlex-Regular.woff2
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

Web Open Font Format (Version 2), TrueType, length 44332, version 1.0\012- data

Size

44332
Hash

d41b99751f48c3797a5e7eea91a41124

b0c73d252278f7fea271a8524320219ea41f71fa

551ff1dbd0df95853706e675f7627394eb5613cc51f68683258567ecba12a996

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /assets/fonts/BinancePlex-Regular.woff2 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/assets/index.min.css
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:21 GMT
Server: Apache
Last-Modified: Tue, 07 Mar 2023 18:36:33 GMT
Accept-Ranges: bytes
Content-Length: 44332
Vary: Accept-Encoding
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Type: font/woff2

ozelfirsatetkinlikler-bn.com/index_files/favicon.ico

190.14.39.158

404 Not Found

315

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/index_files/favicon.ico
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

                                        GET /index_files/favicon.ico HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 404 Not Found
Date: Sat, 01 Apr 2023 22:11:22 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=3, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154

190.14.39.158

200 OK

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with no line terminators

Size

13
Hash

e121e149fa2f184c5e94dbdddaefd10d

9425b9abb2c3f3c3f8c3ffce3ae6043e6ec3ce45

d6ca54a4b6329340afe1d97352d6859d5443e48746a536d28f77420af4e17736

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        POST /inc/online.php?ip=91.90.42.154 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ozelfirsatetkinlikler-bn.com
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 13
Keep-Alive: timeout=3, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154

190.14.39.158

200 OK

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

data

Size

1
Hash

eccbc87e4b5ce2fe28308fd9f2a7baf3

77de68daecd823babbb58edb1c8e14d7106e83bb

4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        POST /kontrol.php?ip=91.90.42.154 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ozelfirsatetkinlikler-bn.com
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 1
Keep-Alive: timeout=3, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154

190.14.39.158

200 OK

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/inc/online.php?ip=91.90.42.154
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

ASCII text, with no line terminators

Size

13
Hash

e121e149fa2f184c5e94dbdddaefd10d

9425b9abb2c3f3c3f8c3ffce3ae6043e6ec3ce45

d6ca54a4b6329340afe1d97352d6859d5443e48746a536d28f77420af4e17736

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        POST /inc/online.php?ip=91.90.42.154 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ozelfirsatetkinlikler-bn.com
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:27 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 13
Keep-Alive: timeout=3, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154

190.14.39.158

200 OK

URL HTTP/1.1

ozelfirsatetkinlikler-bn.com/kontrol.php?ip=91.90.42.154
IP

190.14.39.158:0
ASN

#52469 Offshore Racks S.A

Magic

data

Size

1
Hash

eccbc87e4b5ce2fe28308fd9f2a7baf3

77de68daecd823babbb58edb1c8e14d7106e83bb

4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        POST /kontrol.php?ip=91.90.42.154 HTTP/1.1
Host: ozelfirsatetkinlikler-bn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ozelfirsatetkinlikler-bn.com
Connection: keep-alive
Referer: https://ozelfirsatetkinlikler-bn.com/
Cookie: PHPSESSID=qfe36oghkn17kgrs0ssukgm6s7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:11:27 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 1
Keep-Alive: timeout=3, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

#1 JS:Script (size: 89501)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 1784)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#3 JS:Script (size: 338)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#4 JS:Script (size: 1892)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

HTTP Transactions (40)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections