Report - ziraat.hizli-giris-tr.com/

Report Overview

Submitted URL
ziraat.hizli-giris-tr.com/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 03:48:43
Access
public
Website Title
Hoş Geldiniz | Ziraat Bankası İnternet Bankacılığı
Final URL
ziraat.hizli-giris-tr.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
68

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-22	419 B	32 kB	151.101.66.137
ziraat.hizli-giris-tr.com	unknown	unknown	No data	No data	19 kB	1.4 MB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank
2024-04-23	medium	ziraat.hizli-giris-tr.com/	Ziraat Bank

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	ziraat.hizli-giris-tr.com/	175 kB	2024-04-24	2024-04-29
Pretty URL ziraat.hizli-giris-tr.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 05:48:50 Last Seen2024-04-29 07:30:36 Times Seen2 Hash 7c793c057dfb7ad5176ffe5af31b9974 bd2da20d55eb1cf86ce56a716cb892c78b4ee1ed 74e61c6dbb253db6c4c4ef6304c38ff2cb600690f7ef0d38a6f6f5c399b2c8db Loading...

	code.jquery.com/jquery-3.6.4.min.js	90 kB	2023-03-26	2024-05-05
Pretty URL code.jquery.com/jquery-3.6.4.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:59:07 Last Seen2024-05-05 19:28:53 Times Seen8472 Hash 641dd14370106e992d352166f5a07e99 eda46747c71d38a880bee44f9a439c3858bb8f99 a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af Loading...

	ziraat.hizli-giris-tr.com/client-side/script.js	4.2 kB	2024-04-24	2024-04-29
Pretty URL ziraat.hizli-giris-tr.com/client-side/script.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:48:50 Last Seen2024-04-29 07:30:36 Times Seen2 Hash 5e8a810ce749f1838dd063a5371465c5 85d9586d903a06c1483963503f9ddf1ae9b61002 48fe486c966f67eb339455520669739be9ba20981a01e2589b50a4e38bbda816 Loading...

	unknown	3.1 kB	2024-04-24	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:48:50 Last Seen2024-04-29 07:30:36 Times Seen2 Hash b5750b58877b32e6f834dc0554eec0f5 d618369133aa8dab2784fbe59340f05a26754ee0 cf1f81b7a4243233b390f0b63c0b90d6a3d271cabe6e09f7426851077a703033 Loading...

	unknown	993 B	2024-04-24	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:48:50 Last Seen2024-04-29 07:30:36 Times Seen2 Hash 457dace2e7a9068a04b43b4fe901aa60 697cd246cd6bdba689765ca47fb98f767a982163 df201dcb4416412c58c591e10d4089b9d8ba491c49d7d2607ab8f49e5df3c6d0 Loading...

		Size	First Seen	Last Seen
	#1 Write - a0021dc0e3b505641c66566ea140f43b	64 kB	2024-04-24	2024-04-29
Pretty Observations First Seen2024-04-24 05:48:50 Last Seen2024-04-29 07:30:36 Times Seen2 Hash a0021dc0e3b505641c66566ea140f43b 09689ab71c884a8730b10c82a22247143964c7e7 a78c365784dba57e5f2ffc8523047653a3a4513072baa460f4cdf8540d171b7f Loading...

HTTP Transactions (35)

URL IP Response Size

code.jquery.com/jquery-3.6.4.min.js

151.101.66.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.4.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31011 bytes)
Hash
641dd14370106e992d352166f5a07e99
eda46747c71d38a880bee44f9a439c3858bb8f99
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

HTTP Headers

GET /jquery-3.6.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15ec3"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 24 Apr 2024 03:48:18 GMT
age: 19129890
x-served-by: cache-lga21953-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 138, 43231
x-timer: S1713930499.644051,VS0,VE0
vary: Accept-Encoding
content-length: 31011
X-Firefox-Spdy: h2

ziraat.hizli-giris-tr.com/Content/assets/img/login/phone.png

188.114.97.1

200 OK

9.8 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/img/login/phone.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
PNG image data, 48 x 99, 8-bit/color RGBA, non-interlaced
Size
9.8 kB (9783 bytes)
Hash
11054be60d9bcdcc073dd86b19eaeff5
0a3e9722e8215d52e257b870da7b04f988609b64
75e159dc563cef2d81dfc676edd0562791341ffc58e8fb9d377011d4fe0977ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/img/login/phone.png HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:18 GMT
content-type: image/png
content-length: 9783
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 03:48:18 GMT
last-modified: Sat, 30 Mar 2024 02:46:26 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KYkGxvGT4YnYivcUIKZGV%2B%2FyFbnVCTt196A8rkh%2B2s3nikX000%2BdDz0KGDgBiSWqX%2FTSxfrvJ8TpqgZlb0KrmoFOwOhEIsAalWmfqNrgyagFlmp3pQkZjWXJvP7uJYiy69yWxQ94sPeMJIZV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df02abfb524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/img/comodo-logo.png

188.114.97.1

200 OK

6.3 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/img/comodo-logo.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
PNG image data, 77 x 44, 8-bit/color RGBA, non-interlaced
Size
6.3 kB (6295 bytes)
Hash
cbdc765e52e5f7b375f2383106593f05
fe32420e40a43a85fbbabad75928ad08942c03a1
7bd1ce5e91f7fa685fe3ec37c7f79c27a49f3ae067afce596fa46bb5b2d90d89

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/img/comodo-logo.png HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:18 GMT
content-type: image/png
content-length: 6295
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 03:48:18 GMT
last-modified: Sat, 30 Mar 2024 02:46:34 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BSM8iOqN51VKVG%2FQinQun5IfcbqW%2BpmOn2wgrKZeYFvsrbTX5NTLVuq5RjcEULkMwOIRnVvXgGUmiqiBf%2BDgOKk6UZO3D4odK8FAfzKb8P84GZ9eg0gvLaeNIv0%2FoiOKYv9f3SqyG9c3Wgmr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df02ac0b524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/img/phone.png

188.114.97.1

200 OK

8.4 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/img/phone.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
PNG image data, 48 x 99, 8-bit/color RGBA, non-interlaced
Size
8.4 kB (8378 bytes)
Hash
77c1a0351dddb65a5f6fcdadf54ca5be
a278215761ef4768645ce1321629a2c12ea9d988
ecd0bd452254e541bd3e0f90384daf729c71bac57dcd6506ce531b82e91a6077

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/img/phone.png HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:18 GMT
content-type: image/png
content-length: 8378
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 03:48:18 GMT
last-modified: Sat, 30 Mar 2024 02:46:44 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=81F8CzUWiqd%2BMm2v7v18FVTbHTVNYHcD19aMR75OPMgXNANDTv4wkTs%2F9plCHorlXUQhrKA%2B0HpVstlrdV0wZKxIUxfllOdQQws3NUppF19nrtjijr7G2D%2FmPkUBUK%2FNH8WLBgT3YthATlIE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df02abeb524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff2

188.114.97.1

200 OK

14 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
Web Open Font Format (Version 2), CFF, length 13468, version 3.13173
Size
14 kB (13468 bytes)
Hash
258bc9481b04a70f90de84e933445da7
f02651019a9b4f4f02b6c1a83b3c954d37129c9a
2f9071e4de731c949bee363cc182a5b88e61caa7cffbfd3ccf7321ca11327544

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff2 HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/Content/assets/bundle/css/sub.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:19 GMT
content-type: font/woff2
content-length: 13468
last-modified: Sat, 30 Mar 2024 02:45:40 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6wKASFd6f71WpXUzs4V6V0kEBqkLioJtE8c8G7l5gS%2FfA1lss6YkevPBw7tMvlhCcJDhDseeqYWcYv0OW8Xvxk1er4mx7FAdbYDd6XnTILNsYMrqt1fUv88o6J4b%2BtSVhZXZS9NJmZwCQ3WN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df55ca5b524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff2

188.114.97.1

200 OK

14 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
Web Open Font Format (Version 2), CFF, length 13476, version 3.13173
Size
14 kB (13476 bytes)
Hash
c7735d60da8580476a4a0cf8fcad2a20
01bb2b7f3a55789655f622130e652562da68deab
87066901222869bbc18ab6d6620daa3aeac78dad94f88233f14ff68bae4cb472

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff2 HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/Content/assets/bundle/css/sub.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:19 GMT
content-type: font/woff2
content-length: 13476
last-modified: Sat, 30 Mar 2024 02:45:44 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0fNWikf3BACCIlUfCEat5CslGvRiM1Nwktg5Vvy3Ca3wipn0aEBTHrlW04sw%2FR1t3W69kzDtUwbR8ye%2BJ3q304BVrtGoW7X%2FcOmWdDATEBc8VLfiPN0PEfZP4RMMAoTMzb%2B1OqVsKJKEiSbK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df54ca3b524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/img/login-bg.jpg?v=20181004

188.114.97.1

200 OK

107 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/img/login-bg.jpg?v=20181004
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2560x1440, components 3
Size
107 kB (106717 bytes)
Hash
dca8dcf5aa17b37001d2464c6e8df135
fb5b6ac4a585e88b3de8a5fbc3b2b14f597d5669
b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/img/login-bg.jpg?v=20181004 HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/Content/assets/bundle/css/sub.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:20 GMT
content-type: image/jpeg
content-length: 106717
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 03:48:19 GMT
last-modified: Sat, 30 Mar 2024 02:46:38 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJX1qPgW1Bu9etIwt4gYBupD56TV6ykkTSe%2FbdRrykgaVQnoXN%2Fs58iIhZDs7tmIdJm4UhbY5bjp49IyxXC%2BGVyaNlxCDfmrWAU3BGt5VQTevsvU1Hx19Lme75h7h75U9DwoUfABRJuGVU29"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df54ca0b524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/css/fonts/icomoon.woff2

188.114.97.1

200 OK

100 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/css/fonts/icomoon.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
Web Open Font Format (Version 2), TrueType, length 100000, version 1.0
Size
100 kB (100000 bytes)
Hash
a8fd26643e91f65ce225f959814f5024
9121db4aeda7b816ad442e5b66eb17b5063568f1
4eb0a95d46a2a21d2a033af489807a56e8669c172839474ed2ab8865ee40994f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/css/fonts/icomoon.woff2 HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/Content/assets/bundle/css/sub.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:20 GMT
content-type: font/woff2
content-length: 100000
last-modified: Sat, 30 Mar 2024 02:45:04 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaoJq0U%2FJl4sbs%2FlzkqTl2ZpZiz3fMiUJUimSJ6iNaID737dqjoFnZdX%2FrqtwDwHMxM0wu8VK1d2ZZKDEo1%2B5cTMsmNkQRnJOXzLsWEci6QHiwMgedHE7jQFUhOQGLhkyzqHU3wX6aFA6myh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df55ca8b524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/img/touch_icon.png

188.114.97.1

200 OK

25 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/img/touch_icon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Size
25 kB (24678 bytes)
Hash
55083b4242e9e0a4be40324fc2b1d561
cdcd79c42cdb7239cbf3961916e62072c77c9154
3f57f2ca6d11bb33c055ec016ce0b3c7816097de2bdbdca444b11f0ba90bf166

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/img/touch_icon.png HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:20 GMT
content-type: image/png
content-length: 24678
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 03:48:20 GMT
last-modified: Mon, 01 Apr 2024 22:19:16 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=azgC1cj4F6m%2B4qQaa9jXz%2BZYY7vrAKXzAd%2FCIcHOi%2FVPDZrQ2YBTAEP5BCLKv%2FjdIa7kJrf%2FZ1TrZsC8e9uaZvEYqu%2BHsIiVnmDoz0PrStkS8E6NbD94ll%2F29Ws8mejcdkMIradsnA67maYe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df9de2eb524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/img/touch_icon.png

188.114.97.1

200 OK

25 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/img/touch_icon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Size
25 kB (24678 bytes)
Hash
55083b4242e9e0a4be40324fc2b1d561
cdcd79c42cdb7239cbf3961916e62072c77c9154
3f57f2ca6d11bb33c055ec016ce0b3c7816097de2bdbdca444b11f0ba90bf166

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/img/touch_icon.png HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:20 GMT
content-type: image/png
content-length: 24678
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 03:48:20 GMT
last-modified: Mon, 01 Apr 2024 22:19:16 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ls%2Ffl4Y2cgQa7DTgrX0Aoxu%2BCTpv6mueLiRu4YLDV4TABR%2Bayv3ufDDiG4aMLXtXzznsh7DuDsqEmnO0ZwhxDJiSz7DV%2BkQIUiByzUgWtGsD5fB6QRJvKdi%2FDzIJ8VPXECY3ggQaHTHtlK%2Bu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931df9de30b524-OSL
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/status.php

188.114.97.1

200 OK

7 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/status.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
27a21354321dfbc28f0cb17b995bb9ca
d1ffda5dc9903c9a42d66636aea9405e311c6f85
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /status.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:22 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WvA%2FxdEK7vmXeDhGH1yUGGL%2BxafOKYl8eQYD8%2B9mkqhgLaPwZ%2FHo%2BLfUkhU2WC7b0W6wswikqXD9KYjWg06qXLvtxeoZifWU7RRy5bs1s7uT%2B3JOlzQs2ddUwCIBLMGg1FPA5nPV55vZJQB2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e097c49b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

0.0.0.0

0 B

URL POST
ziraat.hizli-giris-tr.com/process.php
IP
0.0.0.0:0
ASN
#0

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

0 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:22 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BsPCtmUxiTXdftVIZqZbjTW3KDj2akBvqBQGvxJBQt0wHqFk9dqZ7f0pEFrLwAm9bygjoaYnmNITAualGJboCXgj%2FUtjaQmC0mnRe0SM7b%2BsaKgnzbbOIlbV64PY5iCeNADmuqlPEQFubyGm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e084bdfb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

14 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
b846d1144d90307e0cfa35b918a98a98
01eb94695483172af91ec8c2715f9f28d919b6ab
4a1793e9900cd31287a96c8b3f308becaa20fa3e0436a33baecad2be3d0d06d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 11
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:31 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0sezbdlUYj8UjtY7Y1F6ZrOpyX2eieUWpX34nBrw9MzcT%2FmP%2BgrKKPPAfKizsJAAEB0TQgGYoCQRG2XJt3fuKf2HkRKsyBY6pYETi6cNnO7HAiALRlqW69iS%2BPLtT5JQhrwXmjlGquOlTz8M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e409a79b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

14 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
b846d1144d90307e0cfa35b918a98a98
01eb94695483172af91ec8c2715f9f28d919b6ab
4a1793e9900cd31287a96c8b3f308becaa20fa3e0436a33baecad2be3d0d06d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 11
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:37 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVy7LJEvwTiAJ9ntGFITiD4RKHEM4esHdTbzc4AiTbmOPEurEbRVeaXVrQfFP%2BW2jsjzOa8UJectideIN2LnvcA8K%2BT92shFwGmdDur7otjtxKnqJ31fUN2DMvVxv2yMQ0u5s61U3XLrps0V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e6618e8b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

0 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:25 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6B%2Bcw9SHnx%2BsavYSBeliNj%2Bmtqzhd0jB7tg48LnkpK%2BM0g3iRes67jU8a4pN9sQwlgoxR0Ss6ZBvtYVKkjEWfyn0JitSCj1ALAQhID5khXqpAykpYhjMIXozra4TDM6wqf6cLI%2F4pKxlYdE6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e1b0b86b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/status.php

188.114.97.1

200 OK

7 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/status.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
27a21354321dfbc28f0cb17b995bb9ca
d1ffda5dc9903c9a42d66636aea9405e311c6f85
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /status.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:25 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31n3vDL4Nj%2BdrSMbcShBDMmQROTZQmha3PRKYOIxKTr6Va8HoMv37RTMWR3DXzyE16UidMuvTXrBrOcTsFFAqdnrfvcRDXVYTyWRk8uokf9yPe%2BWAQrwg%2F4y7YlVo815afHfHmj0e4ff%2BXQ7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e1c2bebb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

0 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:31 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x86v%2FuSUQY9dYFWw7%2FDWADg7sdw0PentI%2B0VC6G69VBqiOmQfA3mvDnpZMnk4HLywEjrtGqkgI5TjYfXQ9WI0%2BM3rMRjlR6fMhNocxKfbuvU%2F64zSYUfSXrFH5OVQbuexvvTasBaolCoNn%2Bf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e408a75b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/status.php

188.114.97.1

200 OK

7 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/status.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
27a21354321dfbc28f0cb17b995bb9ca
d1ffda5dc9903c9a42d66636aea9405e311c6f85
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /status.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:31 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2FZpeHUysMAZ%2FIiJ6t6BxI%2B%2BiNbwo5wwocKksBKHnAl56mjOvGP7uMbZ98SPeKkKbehDMBaU0MNWbGEE1HwKxhhb7LIHAhbtWD6FeCPMgKsJ4HtxQa6QzfSPMRfSjpfDZbA6dGOOmwhGXtsu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e41bacbb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

14 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
b846d1144d90307e0cfa35b918a98a98
01eb94695483172af91ec8c2715f9f28d919b6ab
4a1793e9900cd31287a96c8b3f308becaa20fa3e0436a33baecad2be3d0d06d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 11
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:34 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XsNJDCn1PfZHRs3Smq4rNk5%2BY4Ssw3y%2FWVNlalZ217lF%2FJofJ59uA93iAvaeTJj2H7HBBMLYncfqh2Qf3yYTQkog6sSW7fuTmuhl%2B9G2am8o6TRytqc%2BGonxslAlTJDSvJsSN7BMyUcwmcZz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e5359f9b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

0 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:37 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=djKk%2Bpy9qLV30GIU9FuhfOq%2Fxus4cNImjc%2BUQ7zH5nRsYn04WTS%2BxgVhyl5826E8E7TRi%2BdqZcohB%2BwOYN1TlLIjbTA2OjWwO4Ti3SDZ49UXHMzy5oMntJoDHK2sxO9pa55nbVd4%2FLGcSy7f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e6608e4b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/Content/assets/bundle/css/sub.min.css

188.114.97.1

200 OK

554 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/bundle/css/sub.min.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
554 kB (554300 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/bundle/css/sub.min.css HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:19 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 03:48:18 GMT
last-modified: Thu, 18 Apr 2024 07:16:50 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WtAqukVFrWmzSZdzV5f%2BSoJsb0C0729Rv6UkuNJyWD3%2Bn%2FUEMF4xpvzrd0rh7a5YQblJ5IeyvGPHnB9ZrvkUiNXfblxGaCl1a2Jxtp2YUH8Wsuyj1bd%2BkLaWTHxqYbRbRbZENBsyTBk4FJp0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931df01abcb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

14 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
b846d1144d90307e0cfa35b918a98a98
01eb94695483172af91ec8c2715f9f28d919b6ab
4a1793e9900cd31287a96c8b3f308becaa20fa3e0436a33baecad2be3d0d06d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 11
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:25 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rYJHxb4PJkDGImnWYoWvBrTz4NXRyJkuIYjyx7NJAELf99pNMOiLQP4ytJuJ%2B1QTVgOXeokl0ZH4VDfmNPEuIHZvdnu%2F9rVFeQvD84Cf6rtnDPOwenTFk0E0P%2FCFYhgapJSZR5jN4cPFlkFD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e1b1b88b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

14 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
b846d1144d90307e0cfa35b918a98a98
01eb94695483172af91ec8c2715f9f28d919b6ab
4a1793e9900cd31287a96c8b3f308becaa20fa3e0436a33baecad2be3d0d06d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 11
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:28 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LkQlI%2B%2FFtru1tNhulwkm6a7G9eaexOpRQR3rKqnNFH5LHIyXywm1Hn0HdPchbVqeH%2ByEq4S3bj9MH7uXXsaqSxEHaQK7AZhUua%2BPlhjxfv7nD4T4njpj6LRlIqJyjNMpaDtMIvxHnpItjaet"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e2ddad7b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/status.php

188.114.97.1

200 OK

7 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/status.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
27a21354321dfbc28f0cb17b995bb9ca
d1ffda5dc9903c9a42d66636aea9405e311c6f85
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /status.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:37 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KiSXVbSb2wvKnV1bfuuQIdKD%2B31jdakTqQc%2BUtCpEZmg%2F1Itd%2B0IvQK87hcnGs%2B1Ngv3AETUcPut323%2Bl6SElzJXZ4QdNGCEQ8AKYC9iSGrOJRsNGfI1sjifesIqSL8%2BXE%2Fckg6MTgDHnTim"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e672943b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

0 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:28 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sxMVMEoO%2FBx4OVN7oNWJM45zqI4fP1gJHh%2F%2BJIyoJED%2BK0as22OWkPj%2FDgKTEoUACkqSpBN4bx00NlR5cUM2n1rier0%2BtH%2BZ13MIlfjQifyi%2BATAi7Pi8RKHBK2yqyF8v%2BvJ%2F6ymCtW4lm7J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e2dcad4b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/status.php

188.114.97.1

200 OK

7 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/status.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
27a21354321dfbc28f0cb17b995bb9ca
d1ffda5dc9903c9a42d66636aea9405e311c6f85
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /status.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:34 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q5uwowKPfeuhMCqakptedrbxA4pCjhXPNqMEDentNxejE03ix5ScRLJsghnTUflkDIOQmRtUS7IKl82S3lXiDaMpI8xR04DLDJgXFkMIm3vR2xWB2X%2FAWCeWhhXepgLHtkARAcQ1pBtbgSVE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e547a6db524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/client-side/script.js

188.114.97.1

200 OK

4.2 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/client-side/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
Unicode text, UTF-8 text, with very long lines (4552), with no line terminators
Size
4.2 kB (4186 bytes)
Hash
1255a29663d31961d3d3e95acd9cd5d1
1d67273221cf2cb23cea7bdc4e3a5962677e1f4f
67ec661b750c5604d0de5036b13daeec82d87c9fef325ac72ba97c63f5140110

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /client-side/script.js HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:18 GMT
content-type: text/javascript
last-modified: Tue, 23 Apr 2024 22:17:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ARNJNNgbQZKqbDk6XC8h%2FJdxiYbbx%2Fn664WOpLuHK3o44X6zhYkpCntDIXSzjtKY3W3v%2F1kuB%2FuAkN4Y6j8eva5TsaFOZZwG5m7Zk2Lb0%2F4kU%2BYrP3JDrbx%2FVzwwuhDPBkFoayaUgKEAs6N%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931df04acbb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

14 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
b846d1144d90307e0cfa35b918a98a98
01eb94695483172af91ec8c2715f9f28d919b6ab
4a1793e9900cd31287a96c8b3f308becaa20fa3e0436a33baecad2be3d0d06d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 11
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:19 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
set-cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSudrqlP0oPwhkxMqCj9OQLmHQgYZqD%2B0qjzCruMAQJdqWsk%2FP7dDYbRl5bVrxtAcpbiHQ8JWqIqaQVB3CGAYofigG9WielgCn4VvxQ4e0QZLq9jOCQFTponFba8X3TeIK63FApnRVxGcX04"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931df5bcd1b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

14 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
b846d1144d90307e0cfa35b918a98a98
01eb94695483172af91ec8c2715f9f28d919b6ab
4a1793e9900cd31287a96c8b3f308becaa20fa3e0436a33baecad2be3d0d06d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 11
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:22 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bQLbuQlVYjWtWGYcw7GdPelitfvwE5P7NQPqHI1g52PuqfiY%2Ff7eLfrgfFsiSauwOfSTKpSyCT3FElVDL8I5zrGaTxi0dmTZbhi9ro%2B%2FzIAo8MAjeRNa96la7ZdnS5XKa88vdlddn0f2gjKA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e085be3b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/status.php

188.114.97.1

200 OK

7 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/status.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
27a21354321dfbc28f0cb17b995bb9ca
d1ffda5dc9903c9a42d66636aea9405e311c6f85
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /status.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:28 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gx4b%2BP3Pc0gIh6BULnQ4KDBGXiXp7oAjVYkRk4ki6Qt65t8FHJqcrDkiGJQ3qfp9p22SdRURJkRlPou%2Br1lI2Z7z5x9%2B%2FH4DQup1NG8nTgb7Nw3hCfD8kYi7oeBJckKPcFZHGZ5VvRMmuE8W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e2efb56b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

14 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
b846d1144d90307e0cfa35b918a98a98
01eb94695483172af91ec8c2715f9f28d919b6ab
4a1793e9900cd31287a96c8b3f308becaa20fa3e0436a33baecad2be3d0d06d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 11
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:40 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Q%2BFEg02C0wZgTjmQGRZ%2BsujvtB2USdOkACcShHNsXoD1gJIsP7OYZQrGJ6jzAwFa3MTgce6mCjog8pb%2F2BV11GXskXEQibZo68F40p6OaOrwuZA%2BmTpsElW5%2Bd8C1TT5CBXpFIBbfZF4A0J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e78e8bbb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/

188.114.97.1

200 OK

175 kB

URL User Request GET HTTP/2
ziraat.hizli-giris-tr.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type
HTML document, ASCII text, with very long lines (65486), with CRLF line terminators
Size
175 kB (175407 bytes)
Hash
cf25f40bf01ff50ee0b4919a9961badb
f55d8f5b1cf285b44bc038d025f00065ec949ed6
0bbdb5e9a60935f82903d27b0f1c817b793790b3105333e754ea1d3dc9ae7c2f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET / HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:18 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EZlOjlHCyoWluBS8plizOa0aIy5JYfYfU2nbwEoCo43w3W%2BAD0jf25V4sN6qaD6egcHNrdqMzsCjaz2EJo2PShhp9BDSm0WeGLJW1YcZVk6qQNi%2FsouWhWBXMvcPZsXBnk2TReHh%2FQPESKTi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931dec5cf0568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ziraat.hizli-giris-tr.com/Content/assets/bundle/css/plugins.min.css

188.114.97.1

200 OK

350 kB

URL GET HTTP/3
ziraat.hizli-giris-tr.com/Content/assets/bundle/css/plugins.min.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
350 kB (349614 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

GET /Content/assets/bundle/css/plugins.min.css HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:19 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Wed, 01 May 2024 03:48:18 GMT
last-modified: Sat, 30 Mar 2024 02:44:24 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QZr70ZgOH21asj0Ucs6rz3mxR7I443x2hcYWo90WxgdlwaKPdBYRBlYxxiJaSvVUm9KnpgvXV25iaXXGZYc3xbWpK%2FnITjzRlt4RhJcuBmLQOLj1R0lTnHbZLgmjJBHH6z0Is9dNagi98zku"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931df01abbb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ziraat.hizli-giris-tr.com/process.php

188.114.97.1

200 OK

0 B

URL POST HTTP/3
ziraat.hizli-giris-tr.com/process.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ziraat.hizli-giris-tr.com/
Certificate
IssuerGoogle Trust Services LLC
Subjecthizli-giris-tr.com
FingerprintE8:24:F2:57:9E:D1:17:D4:EB:8A:BD:23:30:57:42:4C:96:EE:E0:0A
ValidityMon, 22 Apr 2024 22:28:27 GMT - Sun, 21 Jul 2024 22:28:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Ziraat Bank

HTTP Headers

POST /process.php HTTP/1.1
Host: ziraat.hizli-giris-tr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 25
Origin: https://ziraat.hizli-giris-tr.com
DNT: 1
Connection: keep-alive
Referer: https://ziraat.hizli-giris-tr.com/
Cookie: PHPSESSID=aa032c8f6d3ecd3c24522f6fd0371f23
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 03:48:34 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hJdbHRxVVaqa2NYLGP7hV8uWf%2FeW56CZh8ISUZDS25nuytlBHCIgH8UodSh8bbiVjuTMcfjLHUDzS0MYj09XXsL%2FbFv8uGdBJ4pICdcgMrBLGsDh3EMLIJd%2Fd%2B6Dn%2B6prf6yHNCI%2BubY%2FSY%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87931e5359f3b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (35)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN