Report - islemleriniziburdanyapin.click/step1

Report Overview

Visited public
2025-04-24 11:19:37
Tags
e-devlet phishing government turkey
Submit Tags
URL
islemleriniziburdanyapin.click/step1
Finishing URL
islemleriniziburdanyapin.click/step1
IP / ASN
104.21.60.9
#13335 CLOUDFLARENET
Title
e-Devlet Kapısı
Phishing - e-Devlet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.e-devlet.gov.tr	104569	2001-06-07	2020-03-02	2025-04-09	7.7 kB	243 kB	31.3.2.116
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-23	460 B	9.3 kB	104.17.25.14
islemleriniziburdanyapin.click	unknown	2025-04-20	2025-04-24	2025-04-24	7.2 kB	920 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (15)

	URL	From	Size	First Seen	Last Seen
	islemleriniziburdanyapin.click/step1	DomTimer	334 B	2023-05-01	2025-04-24
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-01 12:51 Last Seen2025-04-24 11:19 Times Seen2 Hash 66255913a15a42be5063da10f26e2dd1 edf409dea3f8f92756e39e849a2bff83e74f3565 4fe6cd415a12aaf37dad73fd5204b930739f0167e9371b4a1fc46123d79ed8cf Loading...

	islemleriniziburdanyapin.click/step1	DomTimer	334 B	2023-05-01	2025-04-24
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-01 12:51 Last Seen2025-04-24 11:19 Times Seen2 Hash 66255913a15a42be5063da10f26e2dd1 edf409dea3f8f92756e39e849a2bff83e74f3565 4fe6cd415a12aaf37dad73fd5204b930739f0167e9371b4a1fc46123d79ed8cf Loading...

	islemleriniziburdanyapin.click/step1	DomTimer	334 B	2023-05-01	2025-04-24
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-01 12:51 Last Seen2025-04-24 11:19 Times Seen2 Hash 66255913a15a42be5063da10f26e2dd1 edf409dea3f8f92756e39e849a2bff83e74f3565 4fe6cd415a12aaf37dad73fd5204b930739f0167e9371b4a1fc46123d79ed8cf Loading...

	islemleriniziburdanyapin.click/step1	DomTimer	334 B	2023-05-01	2025-04-24
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-01 12:51 Last Seen2025-04-24 11:19 Times Seen2 Hash 66255913a15a42be5063da10f26e2dd1 edf409dea3f8f92756e39e849a2bff83e74f3565 4fe6cd415a12aaf37dad73fd5204b930739f0167e9371b4a1fc46123d79ed8cf Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js	ScriptElement	8.3 kB	2023-03-07	2025-07-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-07-24 15:58 Times Seen6896 Hash cc290e6c3aeecf5021dd82ad8df2512a fb983aecd3940e8ebbfe5e74c8099cee9223c957 2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995 Loading...

	islemleriniziburdanyapin.click/step1	ScriptElement	950 B	2025-04-24	2025-04-24
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-24 11:19 Last Seen2025-04-24 11:19 Times Seen1 Hash 2a6b1d83ee7e960fcf1482677516d3ed 3584c7f75aba00b7c1c9c4d19bcd25ca6d7a8258 f7c856365338d99d02f68fc448a5fbd8f553adf0578191f2a0e702c9913d02fa Loading...

	islemleriniziburdanyapin.click/step1	DomTimer	334 B	2023-05-01	2025-04-24
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-01 12:51 Last Seen2025-04-24 11:19 Times Seen2 Hash 66255913a15a42be5063da10f26e2dd1 edf409dea3f8f92756e39e849a2bff83e74f3565 4fe6cd415a12aaf37dad73fd5204b930739f0167e9371b4a1fc46123d79ed8cf Loading...

	islemleriniziburdanyapin.click/assets/js/mainFunction.js	ScriptElement	3.9 kB	2023-07-18	2025-07-11
Pretty URL islemleriniziburdanyapin.click/assets/js/mainFunction.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 00:18 Last Seen2025-07-11 12:12 Times Seen13 Hash 5708d81be7f5f8d4aa09a900dd1c1b14 ecc1ae34667d3928aa8bc911e387fb0abc03a990 193ca2ca3adf0d0ee10962e30e57e71806f6298810cf0501d0b1de58b42831b8 Loading...

	islemleriniziburdanyapin.click/assets/js/minified68b3.js?ver=1	ScriptElement	839 kB	2023-04-03	2025-06-19
Pretty URL islemleriniziburdanyapin.click/assets/js/minified68b3.js?ver=1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-03 23:56 Last Seen2025-06-19 09:26 Times Seen5 Hash fcb9d846bb4f7fe28ec74d4535a26a15 39bc99794c61295c37f39e0defd5b14c7c75e8fa 90993dba46a3a82fc34e1f3bc55957823c3afab464a07e17fb439ed625f9614c Loading...

	islemleriniziburdanyapin.click/step1	ScriptElement	1.0 kB	2023-07-18	2025-07-11
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-18 00:18 Last Seen2025-07-11 12:12 Times Seen8 Hash 099aee7d1efe6d024ce21ad6e1c8469b d2e2c30a7d0346f89b6ccbcf651652288579cc65 fb622f15de37d380d6f2dcdcd1b4191a8f5a64e3a2ab080343e075c623074733 Loading...

	islemleriniziburdanyapin.click/assets/js/jquery.signalR-2.2.2.min.js	ScriptElement	37 kB	2023-03-12	2025-06-19
Pretty URL islemleriniziburdanyapin.click/assets/js/jquery.signalR-2.2.2.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:21 Last Seen2025-06-19 09:26 Times Seen8 Hash 470ca7ca2f05687aa940ad690f5e816c b6d7476470447fe5e436ebd65a9ec66497a2b421 6894d06880b8cf276519153693eef44a168bb7be3e8551d05cd0d93cf0b3b15a Loading...

	islemleriniziburdanyapin.click/step1	DomTimer	334 B	2023-05-01	2025-04-24
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-01 12:51 Last Seen2025-04-24 11:19 Times Seen2 Hash 66255913a15a42be5063da10f26e2dd1 edf409dea3f8f92756e39e849a2bff83e74f3565 4fe6cd415a12aaf37dad73fd5204b930739f0167e9371b4a1fc46123d79ed8cf Loading...

	islemleriniziburdanyapin.click/step1	DomTimer	334 B	2023-05-01	2025-04-24
Pretty URL islemleriniziburdanyapin.click/step1 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-01 12:51 Last Seen2025-04-24 11:19 Times Seen2 Hash 66255913a15a42be5063da10f26e2dd1 edf409dea3f8f92756e39e849a2bff83e74f3565 4fe6cd415a12aaf37dad73fd5204b930739f0167e9371b4a1fc46123d79ed8cf Loading...

	islemleriniziburdanyapin.click/assets/js/js.cookie.min.js	ScriptElement	1.7 kB	2023-03-07	2025-07-25
Pretty URL islemleriniziburdanyapin.click/assets/js/js.cookie.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-07-25 00:18 Times Seen2305 Hash 511390c6668bb8cb2c65b03dc65cf6de 9ec5bdca09eb11492910672fcb48594d04eb63af d07dcdbb3ddaba0dda7d56d496cbb5d8fbb1bdadc23f812126d3c4c6ab39e158 Loading...

	islemleriniziburdanyapin.click/assets/js/uaParser.min.js	ScriptElement	20 kB	2023-07-18	2025-07-11
Pretty URL islemleriniziburdanyapin.click/assets/js/uaParser.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 00:18 Last Seen2025-07-11 12:12 Times Seen13 Hash 9549ba66ac12481e77f9f4b707abd871 9e086ac71e3b9721a466549976a0064590b122c5 ef398d29b25da7035b7c6a07833c225201548a1d3f0ee3b18f4f725cddf44561 Loading...

HTTP Transactions (29)

URL IP Response Size

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRDrZKF09E3.216.woff2

31.3.2.116

200 OK

9.6 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRDrZKF09E3.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9572, version 1.0
Size
9.6 kB (9572 bytes)
Hash
308d7d82bea788e1fd2afe36582e54fe
8dc2e848c04091b5e58d30bfd9ea7d96dac918b9
b1fd7ed49a8246ec384c86e59d428c8ab8bbcbb247eaa0f8866d92f47ce7b6f5

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRDrZKF09E3.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-2564"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6dbbee09188a348a27fac3183aa45a4ffa24aa297686470ea42a02fccf1254d4f1cb24047fda776f00d832ce4c8eca678c; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 2c8e7dee9b2143e6625cb65e6a73d0f8
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9C1kiL2t2dkPJA.216.woff2

31.3.2.116

200 OK

20 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9C1kiL2t2dkPJA.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20372, version 1.0
Size
20 kB (20372 bytes)
Hash
d741c07b12195f652ed16fd7a91e478a
7de6599ca1aff94e7b3576b285619a7364b34042
9c6e2b09ac19fe1395ca10c2872f9b132eb136faedb9bd7896779453497fec87

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9C1kiL2t2dkPJA.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: application/octet-stream
vary: Accept-Encoding
last-modified: Mon, 06 Mar 2023 13:28:11 GMT
etag: W/"6405ea6b-4f94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
set-cookie: TS01551c83=015c1cbb6d3663666e0ef8698ffa0c7311eeaa4cb108fec62d9e7d9191626aeff894a9542de2ad60f98ffa4f1605391da18e82155f; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 84a6f1900cef51eba54affeb964e961f
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js

104.17.25.14

200 OK

8.3 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (542)
Size
8.3 kB (8327 bytes)
Hash
cc290e6c3aeecf5021dd82ad8df2512a
fb983aecd3940e8ebbfe5e74c8099cee9223c957
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 3074
cf-ray: 935534635b3cb524-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-2087"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 43102
expires: Tue, 14 Apr 2026 11:19:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5MoIMbeaDFzOQJH2tbOCvmljZESibaX44h4VOr1m3Z5zk3H3qJs35Yth2UJfBzVkI7G2HC%2BlfVnUN1sqHFG2jAcb5MtjLSzXNC71dIgiUgxefeJ4qU0wGmB7d5aVogOhW3sBqyox"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/grs-icon/edkicon.216.216.woff2

31.3.2.116

200 OK

7.4 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/grs-icon/edkicon.216.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7360, version 1.0
Size
7.4 kB (7360 bytes)
Hash
7ef250144d7240727034bcf40401c3a0
2b5cef679caf6466cf8e7ff1734262dc3d0eaa07
14a8546479c035fd277d74a73c6bbeb865caa2ea2f3ebfea18c0c529ef3eb3ff

HTTP Headers

GET /themes/izmir/fonts/grs-icon/edkicon.216.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-1cc0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6d3581e5a0bbfa93d193918e9ce28a652b335db81311a500633c5fed2093d80d1ba2c1d5490390cd9c1e89a660ad3f1401; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 67109cb7270051161dcc0a5efce82f0b
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET islemleriniziburdanyapin.click/assets/js/uaParser.min.js

188.114.96.1

200 OK

20 kB

URL GET
islemleriniziburdanyapin.click/assets/js/uaParser.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (19896)
Size
20 kB (19996 bytes)
Hash
9549ba66ac12481e77f9f4b707abd871
9e086ac71e3b9721a466549976a0064590b122c5
ef398d29b25da7035b7c6a07833c225201548a1d3f0ee3b18f4f725cddf44561

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

GET /assets/js/uaParser.min.js HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:15 GMT
content-type: text/javascript
content-length: 7498
server: cloudflare
last-modified: Thu, 17 Nov 2022 17:29:20 GMT
etag: "4e1c-63766f70-a79db7c16e23186e;br"
content-encoding: br
vary: Accept-Encoding
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 935534633e8f542e-TLL
server-timing: cfExtPri

GET islemleriniziburdanyapin.click/assets/js/jquery.signalR-2.2.2.min.js

188.114.96.1

200 OK

37 kB

URL GET
islemleriniziburdanyapin.click/assets/js/jquery.signalR-2.2.2.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type
JavaScript source, ASCII text, with very long lines (37063), with CRLF line terminators
Size
37 kB (37320 bytes)
Hash
470ca7ca2f05687aa940ad690f5e816c
b6d7476470447fe5e436ebd65a9ec66497a2b421
6894d06880b8cf276519153693eef44a168bb7be3e8551d05cd0d93cf0b3b15a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

GET /assets/js/jquery.signalR-2.2.2.min.js HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:15 GMT
content-type: text/javascript
content-length: 11239
server: cloudflare
last-modified: Mon, 22 Aug 2022 21:44:32 GMT
etag: "91c8-6303f8c0-51c4c8fffa9c021f;br"
content-encoding: br
vary: Accept-Encoding
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 935534633ea1542e-TLL
server-timing: cfExtPri

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRNrZKF09E3HY4.216.woff2

31.3.2.116

200 OK

19 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRNrZKF09E3HY4.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19140, version 1.0
Size
19 kB (19140 bytes)
Hash
b2ace7b9069352ce8287f4f9a6435e2e
629e56ae923e5c9433a737a2bf968ca80719877d
baa4939ce5526f6345842e8324ea0a248d0e139eef54fe377492fd44a79803a5

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRNrZKF09E3HY4.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-4ac4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6dcb3771fdcfc72ea6ac076d756f18f4ebd2f68e86d55e0f688a47afa81c55a18d1232eb60636ba077e8ee5788eb0683ad; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 89499bee4ed7465a38271e76c37ddbbd
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

POST islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154

188.114.96.1

200 OK

0 B

URL POST
islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

POST /veri.php?ip=91.90.42.154 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:28 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
content-encoding: br
cf-ray: 935534b4fb39542e-TLL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154

188.114.96.1

200 OK

0 B

URL POST
islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

POST /veri.php?ip=91.90.42.154 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:31 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
content-encoding: br
cf-ray: 935534c49f88542e-TLL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sMzZCDf9_T_10ZxCFuj5-v.216.woff2

31.3.2.116

200 OK

9.6 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sMzZCDf9_T_10ZxCFuj5-v.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9604, version 1.0
Size
9.6 kB (9604 bytes)
Hash
703d8707b09c729302a6d13fcd6bd431
1bffa87f2ff421a2756f535090e2f95b8be5540b
7d79596300bbb0d5208efbeb996a0dd57030fb5bed5f8d1ec3e909054c41ec72

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sMzZCDf9_T_10ZxCFuj5-v.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-2584"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6d226fe9acaa144c6183227c1cd3bf6542f25f0d240d4d4bee8c293dcf0ffae10296e51e6744a7ebabeeaf03d0c6aeee22; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: c7cc8ce8237db5432fcb2ff64313c209
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

POST islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154

188.114.96.1

200 OK

0 B

URL POST
islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

POST /veri.php?ip=91.90.42.154 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
server: cloudflare
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
content-encoding: br
cf-ray: 935534670b6e542e-TLL
server-timing: cfExtPri

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9C1kiL2t2dkPJA.216.woff2

31.3.2.116

200 OK

20 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9C1kiL2t2dkPJA.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20372, version 1.0
Size
20 kB (20372 bytes)
Hash
d741c07b12195f652ed16fd7a91e478a
7de6599ca1aff94e7b3576b285619a7364b34042
9c6e2b09ac19fe1395ca10c2872f9b132eb136faedb9bd7896779453497fec87

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9C1kiL2t2dkPJA.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:17 GMT
content-type: application/octet-stream
vary: Accept-Encoding
last-modified: Mon, 06 Mar 2023 13:28:11 GMT
etag: W/"6405ea6b-4f94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
set-cookie: TS01551c83=015c1cbb6d3663666e0ef8698ffa0c7311eeaa4cb108fec62d9e7d9191626aeff894a9542de2ad60f98ffa4f1605391da18e82155f; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 55fce842b6f4c313917ffc84df27f940
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET islemleriniziburdanyapin.click/assets/js/minified68b3.js?ver=1

188.114.96.1

200 OK

839 kB

URL GET
islemleriniziburdanyapin.click/assets/js/minified68b3.js?ver=1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type
JavaScript source, ASCII text, with very long lines (38632), with CRLF line terminators
Size
839 kB (838644 bytes)
Hash
fcb9d846bb4f7fe28ec74d4535a26a15
39bc99794c61295c37f39e0defd5b14c7c75e8fa
90993dba46a3a82fc34e1f3bc55957823c3afab464a07e17fb439ed625f9614c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

GET /assets/js/minified68b3.js?ver=1 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:15 GMT
content-type: text/javascript
content-length: 166729
last-modified: Mon, 22 Aug 2022 21:44:32 GMT
etag: "ccbf4-6303f8c0-c1842ec948e2a544;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
server: cloudflare
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
cf-ray: 935534633e9e542e-TLL
server-timing: cfExtPri

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRDrZKF09E3.216.woff2

31.3.2.116

200 OK

9.6 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRDrZKF09E3.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9572, version 1.0
Size
9.6 kB (9572 bytes)
Hash
308d7d82bea788e1fd2afe36582e54fe
8dc2e848c04091b5e58d30bfd9ea7d96dac918b9
b1fd7ed49a8246ec384c86e59d428c8ab8bbcbb247eaa0f8866d92f47ce7b6f5

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRDrZKF09E3.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-2564"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6dbbee09188a348a27fac3183aa45a4ffa24aa297686470ea42a02fccf1254d4f1cb24047fda776f00d832ce4c8eca678c; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 59b154c4e01940800798bd977fb8ca92
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sMzZCDf9_T_10XxCFuj5-v6dg.216.woff2

31.3.2.116

200 OK

19 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sMzZCDf9_T_10XxCFuj5-v6dg.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19020, version 1.0
Size
19 kB (19020 bytes)
Hash
ebbf9284ae822df4a26e536208d91832
8616631c78c4bc063bf7080403a55ddea1c0423e
1f634d0016221534cb3f7a6f0a369972d44cb2b5f7b5b17c70144be47791c882

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sMzZCDf9_T_10XxCFuj5-v6dg.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-4a4c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6d4e8b43a1d8068d349105fbe0f9c0c3bf92721106ac073ad6f1bfff8a6a1a84a055dfbdeb2fd27885d1e53fe6df8351e9; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: f5645c94f3c7aba0273f055978970254
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9CNkiL2t2dk.216.woff2

31.3.2.116

200 OK

10 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9CNkiL2t2dk.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9972, version 1.0
Size
10 kB (9972 bytes)
Hash
54734c4538a8ace156da21fa69c7346d
77cb8a43290d748e3421d40dc79ac16046fefc1f
ad13b3fe0d7ffedfef7b0495f001577ceafcf0da1691cccd060ce8171137e7b7

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9CNkiL2t2dk.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-26f4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6d9470383f607715d640b8499c0a7857f003103e5fb56aa28867d65f6902a0ff5e8425daa326fe844e7d7440bb298c8d22; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 86587ec9df7319d67ae9af40666a593f
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sMzZCDf9_T_10XxCFuj5-v6dg.216.woff2

31.3.2.116

200 OK

19 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sMzZCDf9_T_10XxCFuj5-v6dg.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19020, version 1.0
Size
19 kB (19020 bytes)
Hash
ebbf9284ae822df4a26e536208d91832
8616631c78c4bc063bf7080403a55ddea1c0423e
1f634d0016221534cb3f7a6f0a369972d44cb2b5f7b5b17c70144be47791c882

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sMzZCDf9_T_10XxCFuj5-v6dg.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-4a4c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6d4e8b43a1d8068d349105fbe0f9c0c3bf92721106ac073ad6f1bfff8a6a1a84a055dfbdeb2fd27885d1e53fe6df8351e9; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 37ed3b86e04eb667a39d35b094c56f96
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9CNkiL2t2dk.216.woff2

31.3.2.116

200 OK

10 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9CNkiL2t2dk.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9972, version 1.0
Size
10 kB (9972 bytes)
Hash
54734c4538a8ace156da21fa69c7346d
77cb8a43290d748e3421d40dc79ac16046fefc1f
ad13b3fe0d7ffedfef7b0495f001577ceafcf0da1691cccd060ce8171137e7b7

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sCzZCDf9_T_10c9CNkiL2t2dk.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-26f4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6d9470383f607715d640b8499c0a7857f003103e5fb56aa28867d65f6902a0ff5e8425daa326fe844e7d7440bb298c8d22; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 8b6d02cb6087822a1687006ebea65d6b
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

POST islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154

188.114.96.1

200 OK

0 B

URL POST
islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

POST /veri.php?ip=91.90.42.154 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:26 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
content-encoding: br
cf-ray: 935534a55f1d542e-TLL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154

188.114.96.1

200 OK

0 B

URL POST
islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

POST /veri.php?ip=91.90.42.154 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:21 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
content-encoding: br
cf-ray: 935534862ce0542e-TLL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154

188.114.96.1

200 OK

0 B

URL POST
islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

POST /veri.php?ip=91.90.42.154 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:23 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
content-encoding: br
cf-ray: 93553495b9d7542e-TLL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET islemleriniziburdanyapin.click/step1

188.114.96.1

200 OK

12 kB

URL User Request GET
islemleriniziburdanyapin.click/step1
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
12 kB (12451 bytes)
Hash
2e063538a50f6aa5d284e223b2fdbfc2
e96c54dc81dbc9d293c862f6a556cfec68700354
efbed74abf45f282c17106e6bfc30557c708020d9ab38a7768386e76a1deb135

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

GET /step1 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:15 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 935534605ec35424-TLL
X-Firefox-Spdy: h2

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sMzZCDf9_T_10ZxCFuj5-v.216.woff2

31.3.2.116

200 OK

9.6 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sMzZCDf9_T_10ZxCFuj5-v.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9604, version 1.0
Size
9.6 kB (9604 bytes)
Hash
703d8707b09c729302a6d13fcd6bd431
1bffa87f2ff421a2756f535090e2f95b8be5540b
7d79596300bbb0d5208efbeb996a0dd57030fb5bed5f8d1ec3e909054c41ec72

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sMzZCDf9_T_10ZxCFuj5-v.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-2584"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6d226fe9acaa144c6183227c1cd3bf6542f25f0d240d4d4bee8c293dcf0ffae10296e51e6744a7ebabeeaf03d0c6aeee22; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 99ee82b7c85870e7c46b9dc881a6a761
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRNrZKF09E3HY4.216.woff2

31.3.2.116

200 OK

19 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRNrZKF09E3HY4.216.woff2
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19140, version 1.0
Size
19 kB (19140 bytes)
Hash
b2ace7b9069352ce8287f4f9a6435e2e
629e56ae923e5c9433a737a2bf968ca80719877d
baa4939ce5526f6345842e8324ea0a248d0e139eef54fe377492fd44a79803a5

HTTP Headers

GET /themes/izmir/fonts/arimo/P5sBzZCDf9_T_1Wi4TRNrZKF09E3HY4.216.woff2 HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://cdn.e-devlet.gov.tr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:16 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-4ac4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6dcb3771fdcfc72ea6ac076d756f18f4ebd2f68e86d55e0f688a47afa81c55a18d1232eb60636ba077e8ee5788eb0683ad; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 4a8df8db9367d20f46dc871d5a901525
access-control-allow-origin: *
cache-control: max-age=7776000
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

POST islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154

188.114.96.1

200 OK

0 B

URL POST
islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

POST /veri.php?ip=91.90.42.154 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:18 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
content-encoding: br
cf-ray: 93553476a870542e-TLL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154

188.114.96.1

200 OK

0 B

URL POST
islemleriniziburdanyapin.click/veri.php?ip=91.90.42.154
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

POST /veri.php?ip=91.90.42.154 HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://islemleriniziburdanyapin.click
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:33 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.20, PleskLin
server: cloudflare
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
priority: u=3,i=?0
content-encoding: br
cf-ray: 935534d43c58542e-TLL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdn.e-devlet.gov.tr/themes/izmir/css/login-main.1.9.5.css

31.3.2.116

200 OK

50 kB

URL GET
cdn.e-devlet.gov.tr/themes/izmir/css/login-main.1.9.5.css
IP
31.3.2.116:443
ASN
#21245 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGlobalSign nv-sa
Subjectcdn.e-devlet.gov.tr
Fingerprint56:60:95:91:44:14:50:73:E8:9D:59:14:A2:6D:F5:C7:EC:D2:F1:53
ValidityWed, 26 Feb 2025 16:48:11 GMT - Mon, 30 Mar 2026 16:48:10 GMT

File type
ASCII text, with very long lines (50500), with no line terminators
Size
50 kB (50500 bytes)
Hash
e1a5a38574b83271a12f2651e670a84f
c292e7df120ace771b6a1d78f300ff5fe823c3f8
57e3e6e7ee9cd1a21d5953dd25144a319afbc6363311891a5f9dcc1e144e941e

HTTP Headers

GET /themes/izmir/css/login-main.1.9.5.css HTTP/1.1
Host: cdn.e-devlet.gov.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 24 Apr 2025 11:19:15 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, User-Agent
last-modified: Fri, 18 Apr 2025 15:45:25 GMT
etag: W/"68027395-c544"
expires: Thu, 31 Dec 2037 23:55:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains
x-frame-options: SAMEORIGIN
set-cookie: TS01551c83=015c1cbb6d4bdd74e45902e8bb64ad57683cf5f55f2b790bdf3fadefddd7d16c08e8856b49be521dd0298e65dad26e3adbefa7771b; Path=/; Domain=.static.turkiye.gov.tr
x-mserver: DE-372
content-encoding: gzip
server: MNCDN-2133
x-edge-location: DE-372
x-mnrequest-id: 6da28c57dbe0d6581f8e63448405f3fb
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-cache-status: Edge : HIT,
X-Firefox-Spdy: h2

GET islemleriniziburdanyapin.click/assets/js/mainFunction.js

188.114.96.1

200 OK

3.9 kB

URL GET
islemleriniziburdanyapin.click/assets/js/mainFunction.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type
JavaScript source, ASCII text, with very long lines (2091), with CRLF line terminators
Size
3.9 kB (3879 bytes)
Hash
5708d81be7f5f8d4aa09a900dd1c1b14
ecc1ae34667d3928aa8bc911e387fb0abc03a990
193ca2ca3adf0d0ee10962e30e57e71806f6298810cf0501d0b1de58b42831b8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

GET /assets/js/mainFunction.js HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:15 GMT
content-type: text/javascript
content-length: 1785
server: cloudflare
last-modified: Mon, 21 Nov 2022 21:55:42 GMT
etag: "f27-637bf3de-20a02fd04a602ee0;br"
content-encoding: br
vary: Accept-Encoding
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 935534633e8a542e-TLL
server-timing: cfExtPri

GET islemleriniziburdanyapin.click/assets/js/js.cookie.min.js

188.114.96.1

200 OK

1.7 kB

URL GET
islemleriniziburdanyapin.click/assets/js/js.cookie.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://islemleriniziburdanyapin.click/step1
Certificate
IssuerGoogle Trust Services
Subjectislemleriniziburdanyapin.click
FingerprintB8:2E:5B:3D:B2:B4:42:97:01:06:B5:DD:7C:2F:29:1A:5A:E5:7F:B8
ValidityWed, 23 Apr 2025 11:07:47 GMT - Tue, 22 Jul 2025 12:04:55 GMT

File type
JavaScript source, ASCII text, with very long lines (1650)
Size
1.7 kB (1681 bytes)
Hash
511390c6668bb8cb2c65b03dc65cf6de
9ec5bdca09eb11492910672fcb48594d04eb63af
d07dcdbb3ddaba0dda7d56d496cbb5d8fbb1bdadc23f812126d3c4c6ab39e158

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - e-Devlet

HTTP Headers

GET /assets/js/js.cookie.min.js HTTP/1.1
Host: islemleriniziburdanyapin.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://islemleriniziburdanyapin.click/step1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 24 Apr 2025 11:19:15 GMT
content-type: text/javascript
content-length: 750
server: cloudflare
last-modified: Tue, 08 Nov 2022 04:00:08 GMT
etag: "691-6369d448-960fcb70fde25fff;br"
content-encoding: br
vary: Accept-Encoding
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 935534633e98542e-TLL
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML