Report - hesaplimagaza.com/

Report Overview

URL

hesaplimagaza.com/
IP

78.135.82.40

ASN

#207326 HostLAB Bilisim Teknolojileri A.S.
Submitted

2023-02-23T17:10:01Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

40

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com (1)	235	2015-04-17T22:46:33Z	2023-03-14T05:10:25Z	429	6654	104.17.25.14
hesaplimagaza.com (1)	unknown	2014-07-03T00:56:33Z	2023-02-23T18:10:32Z	349	565	78.135.82.40
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-14T05:09:37Z	333	391	34.117.237.239
www.hesaplimagaza.com (54)	unknown	2019-07-31T01:38:17Z	2023-02-23T18:09:43Z	29646	2476612	78.135.82.40
content-signature-2.cdn.mozilla.net (3)	1152	2020-11-03T13:26:46Z	2023-03-14T05:09:37Z	1267	17607	34.160.144.191
firefox.settings.services.mozilla.com (17)	867	2020-06-04T22:08:41Z	2023-03-13T18:13:28Z	8063	284560	35.241.9.150
shavar.services.mozilla.com (1)	3602	2015-09-28T08:30:01Z	2023-03-14T05:09:38Z	453	204	44.225.87.128
firefox-settings-attachments.cdn.mozilla.net (1)	11509	2019-11-30T10:32:57Z	2023-03-14T05:09:39Z	412	807705	34.111.73.144
connect.facebook.net (1)	139	2012-05-22T04:51:28Z	2023-03-14T05:10:26Z	379	28822	31.13.72.12
detectportal.firefox.com (2)	1601	2018-08-30T11:52:03Z	2023-03-14T05:09:38Z	606	428	34.107.221.82
r3.o.lencr.org (8)	344	2020-12-02T09:52:13Z	2023-03-14T05:09:04Z	2704	7092	23.33.119.27
getpocket.cdn.mozilla.net (1)	1369	2018-08-28T15:15:36Z	2023-03-14T05:09:37Z	435	47327	34.120.5.221
ocsp.digicert.com (3)	86	2012-05-21T09:02:23Z	2023-03-14T08:09:39Z	1023	2390	93.184.220.29
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-14T05:09:38Z	606	127	54.186.103.190
ocsp.pki.goog (8)	175	2018-07-01T08:43:07Z	2023-03-13T18:12:07Z	2744	5598	142.250.74.131
fonts.gstatic.com (6)	unknown	2014-09-09T02:40:21Z	2023-03-14T08:49:03Z	2992	107566	142.250.74.35
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3260	52805	34.120.237.76
www.facebook.com (1)	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	636	349	31.13.72.36
fonts.googleapis.com (1)	8877	2013-06-10T22:14:26Z	2023-03-14T02:50:33Z	424	630	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-23	medium	hesaplimagaza.com/	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/icons/fonts/icomoon.woff2?v1	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/icons/style.minimal.css?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/lib/masterslider/skins/minimal/style.css?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/lib/swiper/swiper.min.css?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/stylesheet/style.css?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/javascript/bootstrap/js/bootstrap.min.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/javascript/common.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/logo/site-logo-400x111.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/demo22/slider-1-3000x1000.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/yap%C4%B1-market-250x350.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/demo22/slider-2-3000x1000.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/banyo-aksesuarlar%C4%B112-250x350.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/perde13-250x350.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/bah%C3%A7e-tak%C4%B1m12-250x350.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/unnamed-512x512.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/lib/anime/anime.min.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/lib/countdown/jquery.countdown.min.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/demo22/1-100x100-1-100x100.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/demo22/2-100x100-2-100x100.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/demo22/3-100x100-3-100x100.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/demo22/g5-5-1-100x100.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/demo22/4-100x100-4-100x100.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/logo/storeapp-119x39.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/logo/storeplay-119x39.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/logo/footerkartlar-min-613x69-613x69-613x69.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/lib/typeahead/typeahead.jquery.min.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/demo22/sd4-3000x1000h.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/lib/hoverintent/jquery.hoverIntent.min.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/lib/cjs/cjs.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/lib/masterslider/masterslider.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/theme/journal3/js/journal.js?v=14218c54	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/javascript/facebook_business/facebook_pixel_3_1_2.js	Malware
2023-02-23	medium	www.hesaplimagaza.com/catalog/view/javascript/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/product/625f434573618_3ccf34e1b922401f9a7d24187c7ff089-300x400w.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/product/62a8726fa8fe5_793f372d3a10484cb0db8cf945339e49-300x400w.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/product/61e87e6f8bf6e_8783686c0ac64046916e23d647e7b1e6-300x400w.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/product/611d0215af3c1_4f705221a5034ec7b37de480fc135595-300x400h.webp	Malware
2023-02-23	medium	www.hesaplimagaza.com/image/cache/catalog/product/63d3c9a84e8b8_b71ef00b11784722a4b98f6deebcea1f-300x400w.webp	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (117)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

URL HTTP/1.1

detectportal.firefox.com/success.txt?ipv4
IP

34.107.221.82:0
ASN

#15169 GOOGLE

Magic

ASCII text

Size

8
Hash

ae780585f49b94ce1444eb7d28906123

7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86

81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

                                        GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 23 Feb 2023 14:02:14 GMT
Age: 11248
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

hesaplimagaza.com/

Turkey HostLAB Bilisim Teknolojileri A.S.

78.135.82.40

301 Moved Permanently

URL HTTP/1.1

hesaplimagaza.com/
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET / HTTP/1.1
Host: hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Set-Cookie: lisansimo=1677172180
OCSESSID=c66c6b3a4a4942fc6dc4262fba; path=/
OCSESSID=b88a06c591f2dd819c6a9deb3e; path=/
language=tr-tr; expires=Sat, 25-Mar-2023 17:09:40 GMT; Max-Age=2592000; path=/; domain=hesaplimagaza.com
currency=TRY; expires=Sat, 25-Mar-2023 17:09:40 GMT; Max-Age=2592000; path=/; domain=hesaplimagaza.com
CSP-Redir: http (Mode:4, SSL:0, WWW:0)
Location: https://www.hesaplimagaza.com/
Content-Type: text/html; charset=UTF-8;
Content-Length: 0
Date: Thu, 23 Feb 2023 17:09:40 GMT

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

67fc460ed2f69dde3c410ec607ef3510

ba9f582ec321351e5c06c9b2c381f06b685ef274

85df74fac7d59d76840b6359bac24648fede201c0048f2a8382af6468225ffb8

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85DF74FAC7D59D76840B6359BAC24648FEDE201C0048F2A8382AF6468225FFB8"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9647
Expires: Thu, 23 Feb 2023 19:50:30 GMT
Date: Thu, 23 Feb 2023 17:09:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

3bf2985444924fcb7c28583d95fe3e07

95b5b25c5e28758f16327475be944d68ba858b4d

1e1b4f9fd2e5b5c38916cea3f07edc4abe897defb9db47123d374bc979cad933

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E1B4F9FD2E5B5C38916CEA3F07EDC4ABE897DEFB9DB47123D374BC979CAD933"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12257
Expires: Thu, 23 Feb 2023 20:34:00 GMT
Date: Thu, 23 Feb 2023 17:09:43 GMT
Connection: keep-alive

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

URL HTTP/1.1

detectportal.firefox.com/success.txt?ipv4
IP

34.107.221.82:0
ASN

#15169 GOOGLE

Magic

ASCII text

Size

8
Hash

ae780585f49b94ce1444eb7d28906123

7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86

81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

                                        GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 23 Feb 2023 14:02:14 GMT
Age: 11249
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

46641

URL HTTP/2

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP

34.120.5.221:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (65536), with no line terminators

Size

46641
Hash

41f1143d65f4627ba9ac44f5611fb2e4

e030d7a8e2a83c45a70c8756041c47fcd04bdbe4

543c2556817b6ea7f553b7baee47c3ebb74b4edf823b5b37a57a5e3d3ef08a12

HTTP Headers

                                        GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: Lwoez3Wbhmbm3jY1XIgZzTRPOgVK1jjbfMWGpvV-NBf55n2LvG8bRQ==
content-encoding: gzip
via: 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 17:05:51 GMT
age: 658
content-type: application/json
vary: Accept-Encoding
content-length: 46641
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d4569ebd95f766b8f22ed69d69334c37

a7fcd3f640877885077a4126708968d7e1e0d252

e485343a8251f50009506dfc6a42c82ca6b09b434d1e0984ea7c2dfea7dcd28d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E485343A8251F50009506DFC6A42C82CA6B09B434D1E0984EA7C2DFEA7DCD28D"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5374
Expires: Thu, 23 Feb 2023 18:39:17 GMT
Date: Thu, 23 Feb 2023 17:09:43 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

67d5a988edcda47bc3b3b3f65d32b4b6

d4f0e0da8b3690cc7da925026d3414b68c7d954f

55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: 2yDSgORj0kC15EaOJb8hOmINGeqCgWwP4KQ6mKD+dxzCRnufUhMsIqYLprCL9RsKSAZZEzpbH6c=
x-amz-request-id: NG3PY6M3B4GYYW6W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 16:20:24 GMT
age: 2959
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 17:09:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

6f313739c4c44174fc9a97ac63621b46

319da68d06694330ad9f7901bcde1ca0a6eeac0d

321236ee07769c741890815bc56fd2700ff1974b0534368b9ff2e96320ae4fee

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "321236EE07769C741890815BC56FD2700FF1974B0534368B9FF2E96320AE4FEE"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2305
Expires: Thu, 23 Feb 2023 17:48:08 GMT
Date: Thu, 23 Feb 2023 17:09:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

4ad6984a756720fbfff47b37a75513a2

355e35258114452af8b9638985ed9d8ef3bf0aca

43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 16:53:56 GMT
content-type: application/json
age: 947
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

5aa46280b9f4ef8602f5e1b6864d898f

f1b8d2278116c2873ec0683122818fc186c74392

bb61e1178bc48dc26984f63f54d2621706fe49faa6f9a5651b06befa53cea9a0

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5881
Cache-Control: max-age=91424
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 17:09:44 GMT
Etag: "63f648ff-1d7"
Expires: Fri, 24 Feb 2023 18:33:28 GMT
Last-Modified: Wed, 22 Feb 2023 16:55:27 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Expires, Last-Modified, Cache-Control, ETag, Backoff, Content-Type, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Feb 2023 16:51:26 GMT
age: 1098
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5fa728a339ca32e616d483e61d0aebcd

6a63966de94d16390c8f1e47e5b67fe5bb67f7cd

7e83729d554404e59f1f1ff809ac776d3596487e2b062a1e38af8e29f33c0686

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E83729D554404E59F1F1FF809AC776D3596487E2B062A1E38AF8E29F33C0686"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11659
Expires: Thu, 23 Feb 2023 20:24:03 GMT
Date: Thu, 23 Feb 2023 17:09:44 GMT
Connection: keep-alive

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

44.225.87.128

200 OK

URL HTTP/1.1

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP

44.225.87.128:0
ASN

#16509 AMAZON-02

Magic

ASCII text

Size

8
Hash

29fc57841962e407cb50c1be60284bf7

ce968a77e2996da5eee8925182318f171ccdce47

ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

                                        POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 23 Feb 2023 17:09:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

push.services.mozilla.com/

54.186.103.190

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

54.186.103.190:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AMvp8yAKR24Ij3DAJjcHmQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5ldaY98tE1CVvIQoL2ZhsbZjlio=

www.hesaplimagaza.com/catalog/view/theme/journal3/icons/fonts/icomoon.woff2?v1

78.135.82.40

200 OK

153680

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/icons/fonts/icomoon.woff2?v1
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

Web Open Font Format (Version 2), TrueType, length 153680, version 1.0\012- data

Size

153680
Hash

4425e89e07010a02214ddf4a2d71365b

a5d9872f403493d46cd5903e63e65887ecd37d99

9d3cb8c2161075a2a868afc19fe3c026c5f4ed4552d43a4bf22ce9e34b8057b7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /catalog/view/theme/journal3/icons/fonts/icomoon.woff2?v1 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: font/woff2
last-modified: Thu, 01 Apr 2021 01:32:06 GMT
accept-ranges: bytes
content-length: 153680
date: Thu, 23 Feb 2023 17:09:42 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/javascript/bootstrap/css/bootstrap.min.css?v=14218c54

78.135.82.40

200 OK

16378

URL HTTP/2

www.hesaplimagaza.com/catalog/view/javascript/bootstrap/css/bootstrap.min.css?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text, with very long lines (65371)

Size

16378
Hash

0d2c5cefedf9a1fcfb5ad9a8470f880d

204249ea236087ce204b0c7440fc115c6d6dfb80

cc7224290f899218d6cf3b4d6af0cd12339f5e6f58b9ff3f83dc96d45b9656d8

HTTP Headers

                                        GET /catalog/view/javascript/bootstrap/css/bootstrap.min.css?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: text/css
last-modified: Sat, 22 Jul 2017 10:58:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 16378
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/javascript/font-awesome/css/font-awesome.min.css?v=14218c54

78.135.82.40

200 OK

5633

URL HTTP/2

www.hesaplimagaza.com/catalog/view/javascript/font-awesome/css/font-awesome.min.css?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text, with very long lines (30837)

Size

5633
Hash

1e1637ad1a171618a0de37b7a2ae2aa2

b4daa2dfc83fe639253646e80b64eb0343c4793c

52ff237a3cb893fbcbd754cd47b6a232d6ea9a951c3bd114265bcd310f401724

HTTP Headers

                                        GET /catalog/view/javascript/font-awesome/css/font-awesome.min.css?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: text/css
last-modified: Sat, 22 Jul 2017 10:58:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5633
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/theme/journal3/icons/style.minimal.css?v=14218c54

78.135.82.40

200 OK

258

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/icons/style.minimal.css?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text

Size

258
Hash

d03ff709e13ec19a64d0e11be72defd1

9b8ccdf83b72574dc0f420714f304e3264459667

d26988e141a11458df2f55ca4cb3f9a1e0af4abcf53a7b42cf16bb93e797f2fb

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /catalog/view/theme/journal3/icons/style.minimal.css?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: text/css
last-modified: Thu, 01 Apr 2021 01:31:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 258
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

295ecb42da084d2556789eada5291422

24c3605ff6984776ca77a2aa3b3b4bba4267f76f

f787cdc01fe5b6c0889f133cdf9cd0e38973f4cb8515014e8a14418521af04bf

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 17:09:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.hesaplimagaza.com/

78.135.82.40

200 OK

51034

URL HTTP/2

www.hesaplimagaza.com/
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7002)

Size

51034
Hash

a49f363bc2f087e0c3be9230547ec661

dabe0a71c1857825e1b8647cf694b07760ff90f5

013a055bd4af8b68ffe8c4d5a201d3baa97bcb381526d1f2072e2136f5eab68b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET / HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/2 200 OK
set-cookie: lisansimo=1677172181
OCSESSID=8e73fd33ebf86c96da1d99d000; path=/
OCSESSID=f69cc83ace55998d344f68dcd9; path=/
language=tr-tr; expires=Sat, 25-Mar-2023 17:09:41 GMT; Max-Age=2592000; path=/; domain=www.hesaplimagaza.com
currency=TRY; expires=Sat, 25-Mar-2023 17:09:41 GMT; Max-Age=2592000; path=/; domain=www.hesaplimagaza.com
content-type: text/html; charset=utf-8
content-encoding: br
vary: Accept-Encoding
date: Thu, 23 Feb 2023 17:09:42 GMT
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/masterslider/skins/minimal/style.css?v=14218c54

78.135.82.40

200 OK

796

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/masterslider/skins/minimal/style.css?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text

Size

796
Hash

5c2890afb7f54e471c3009adebfc7526

e71d31f265aba1858b8cca8c4909133869355c12

07eb82581100590c5602dcf4bafdd8a9da0f7eb8c16129640cc200178a8bc789

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /catalog/view/theme/journal3/lib/masterslider/skins/minimal/style.css?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: text/css
last-modified: Thu, 01 Apr 2021 01:34:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 796
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/swiper/swiper.min.css?v=14218c54

78.135.82.40

200 OK

2589

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/swiper/swiper.min.css?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text, with very long lines (19533)

Size

2589
Hash

0ea88050720f5c8e58510ed3ded7cecf

cfcb9f0ecc76d8db3b646a4b188990b9f67f71ec

cd47dfca625896020e3bea01c5f09beb449eec60f54aa61596a21d6682a67aff

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /catalog/view/theme/journal3/lib/swiper/swiper.min.css?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: text/css
last-modified: Thu, 01 Apr 2021 01:32:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2589
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/theme/journal3/stylesheet/style.css?v=14218c54

78.135.82.40

200 OK

26906

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/stylesheet/style.css?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text

Size

26906
Hash

8584527d1c41978b0771cd9fc609d73d

c14e97f17a191472827a775ad5ea0dba9b3d9937

a0df5cf56fdb6b94856ec7a780fcbc5f474227aad14315e59b4410af834e6e01

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /catalog/view/theme/journal3/stylesheet/style.css?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: text/css
last-modified: Sun, 18 Apr 2021 23:20:13 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 26906
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/modernizr/modernizr-custom.js?v=14218c54

78.135.82.40

200 OK

1992

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/modernizr/modernizr-custom.js?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text, with very long lines (4868)

Size

1992
Hash

62106eddbd51734b506ffd620738587b

126b3058ffaf30b4081010445abaabad47bf4fad

73ee46fe2e6ea92af21ce7bfbf075fd72a3a43be02aa2446e7a30e2fc383e666

HTTP Headers

                                        GET /catalog/view/theme/journal3/lib/modernizr/modernizr-custom.js?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: application/javascript
last-modified: Thu, 01 Apr 2021 01:32:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1992
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/jquery/jquery-2.1.1.min.js?v=14218c54

78.135.82.40

200 OK

26637

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/jquery/jquery-2.1.1.min.js?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text, with very long lines (32061)

Size

26637
Hash

6e3a191fba73c5493278d42a5bb86481

35f2cb5410860b3527e099e2bba031e11eec4d76

1b18e06f87c1cddda0d2925aebe7d2862335547092710eae3bd705787dd686c2

HTTP Headers

                                        GET /catalog/view/theme/journal3/lib/jquery/jquery-2.1.1.min.js?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: application/javascript
last-modified: Thu, 01 Apr 2021 01:32:15 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 26637
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/javascript/bootstrap/js/bootstrap.min.js?v=14218c54

78.135.82.40

200 OK

8640

URL HTTP/2

www.hesaplimagaza.com/catalog/view/javascript/bootstrap/js/bootstrap.min.js?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text, with very long lines (32034)

Size

8640
Hash

ed68c4f2106d2ad6f0892c3e8c6327b9

bfc9e8a24030446447f76dc4f7b888131612e5d7

34732ac788da14a0902f9ac97f3024a096e6c170dc7de10c01b7e77edfd50af6

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /catalog/view/javascript/bootstrap/js/bootstrap.min.js?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: application/javascript
last-modified: Sat, 22 Jul 2017 10:58:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8640
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/javascript/common.js?v=14218c54

78.135.82.40

200 OK

2462

URL HTTP/2

www.hesaplimagaza.com/catalog/view/javascript/common.js?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text

Size

2462
Hash

2444088e0d62edbeaee2a590570184ef

b541ff8056239fb1026024e33354dff112202b20

9ec5482f99f1415625813c19e92de422dbf2dec738afc0924a8842865303c20b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /catalog/view/javascript/common.js?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: application/javascript
last-modified: Sat, 22 Jul 2017 10:58:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2462
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/image/cache/catalog/logo/site-logo-400x111.webp

78.135.82.40

200 OK

5448

URL HTTP/2

www.hesaplimagaza.com/image/cache/catalog/logo/site-logo-400x111.webp
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

5448
Hash

a4cd13c3717a774757aa81815643dc33

f2024e2fa5a029e11f6c8ddf5c5fbc6e8da4de94

f13aabb29818564c37bd55486bfb14c12fd2ff9b43a862007e31fa1721bbf13f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /image/cache/catalog/logo/site-logo-400x111.webp HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: image/webp
last-modified: Wed, 29 Sep 2021 23:07:40 GMT
accept-ranges: bytes
content-length: 5448
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/image/cache/catalog/demo22/slider-1-3000x1000.webp

78.135.82.40

200 OK

132778

URL HTTP/2

www.hesaplimagaza.com/image/cache/catalog/demo22/slider-1-3000x1000.webp
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 3000x1000, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

132778
Hash

6445d436912a8b63e56b8b3fea7ec2f2

cfd7fc7e779ba180ca3f0e3f5433f25b7b666093

dee919f80e6ec13c6bad8f17145aa00ff7c5e64b00a27b736c8877566520cbdf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /image/cache/catalog/demo22/slider-1-3000x1000.webp HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: image/webp
last-modified: Wed, 29 Sep 2021 23:29:10 GMT
accept-ranges: bytes
content-length: 132778
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/image/cache/catalog/yap%C4%B1-market-250x350.webp

78.135.82.40

200 OK

17168

URL HTTP/2

www.hesaplimagaza.com/image/cache/catalog/yap%C4%B1-market-250x350.webp
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 250x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

17168
Hash

e9307cb64e6fd8d7fb7514ebcbf90bf4

306a827d938ef64120a7c73c7d67eaeb2830f11c

5ae244d312c6a53393bfa7e988fdc8584fb221096f0178ae8ff53dd25a205c82

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /image/cache/catalog/yap%C4%B1-market-250x350.webp HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: image/webp
last-modified: Tue, 05 Oct 2021 15:57:22 GMT
accept-ranges: bytes
content-length: 17168
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/image/cache/catalog/demo22/slider-2-3000x1000.webp

78.135.82.40

200 OK

138276

URL HTTP/2

www.hesaplimagaza.com/image/cache/catalog/demo22/slider-2-3000x1000.webp
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 3000x1000, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

138276
Hash

25735d047be13933e834aec497befc57

bb34e20a778b6216b909bb39a147305ea217ab63

4fa93734568b42e8044bccf067cfef45efbc0fe67fbb56f54be7c369084540f9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /image/cache/catalog/demo22/slider-2-3000x1000.webp HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: image/webp
last-modified: Wed, 29 Sep 2021 23:40:45 GMT
accept-ranges: bytes
content-length: 138276
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/image/cache/catalog/banyo-aksesuarlar%C4%B112-250x350.webp

78.135.82.40

200 OK

13280

URL HTTP/2

www.hesaplimagaza.com/image/cache/catalog/banyo-aksesuarlar%C4%B112-250x350.webp
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 250x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

13280
Hash

912f8abf476d22d8d8b512e6b59674ba

7edafefdfaedd7bdf786f2decc39760679ebea52

07a1b095be4a05f04f9b0ee6057a84e7998988e33f31070074ca6d21a8a2b742

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /image/cache/catalog/banyo-aksesuarlar%C4%B112-250x350.webp HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: image/webp
last-modified: Tue, 05 Oct 2021 15:57:23 GMT
accept-ranges: bytes
content-length: 13280
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/image/cache/catalog/perde13-250x350.webp

78.135.82.40

200 OK

28320

URL HTTP/2

www.hesaplimagaza.com/image/cache/catalog/perde13-250x350.webp
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 250x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

28320
Hash

a0476c5da648b5d1e479277e6d3cc4c1

956a16c9b72995aa86936a48b1d3354a996658c8

40e02243e8665e0bd690f8505ea85341065d6df0edc4dfdfe5594d45f81db018

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /image/cache/catalog/perde13-250x350.webp HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: image/webp
last-modified: Thu, 07 Oct 2021 14:50:29 GMT
accept-ranges: bytes
content-length: 28320
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/image/cache/catalog/bah%C3%A7e-tak%C4%B1m12-250x350.webp

78.135.82.40

200 OK

12320

URL HTTP/2

www.hesaplimagaza.com/image/cache/catalog/bah%C3%A7e-tak%C4%B1m12-250x350.webp
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 250x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

12320
Hash

405dd858be4eeb03cec83a58686ac752

bed8eac7329ba004dbeb080d82be1037a5dd577b

f77be7cf88ccb22eace4731ce0429f0682d09dd26175dd388b19a78d138e0df5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /image/cache/catalog/bah%C3%A7e-tak%C4%B1m12-250x350.webp HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: image/webp
last-modified: Tue, 05 Oct 2021 15:57:23 GMT
accept-ranges: bytes
content-length: 12320
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/image/cache/catalog/unnamed-512x512.webp

78.135.82.40

200 OK

35876

URL HTTP/2

www.hesaplimagaza.com/image/cache/catalog/unnamed-512x512.webp
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

RIFF (little-endian) data, Web/P image, VP8 encoding, 512x512, Scaling: [none]x[none], YUV color, decoders should clamp\012- data

Size

35876
Hash

feb70ec1dae1bc312183d9dd8c0173b0

b432734f27dd4a36fd8ab17abbe740d3166f6a03

b9a4496f31229334e70796cbdd4c93ef6d36a30f5047d3b9a1632f648d833a57

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /image/cache/catalog/unnamed-512x512.webp HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: image/webp
last-modified: Fri, 05 Nov 2021 15:11:30 GMT
accept-ranges: bytes
content-length: 35876
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/anime/anime.min.js?v=14218c54

78.135.82.40

200 OK

5533

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/anime/anime.min.js?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text, with very long lines (547)

Size

5533
Hash

9aefc3049445a1443e7527f2bb54ac6f

6191713116f5629d3cb403bc5c33032053fada1b

29d9f20dda081548969b3450d757c7f2f6e91d057dcd7110d3d19e81bc7724d2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /catalog/view/theme/journal3/lib/anime/anime.min.js?v=14218c54 HTTP/1.1
Host: www.hesaplimagaza.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hesaplimagaza.com/
Cookie: lisansimo=1677172181; OCSESSID=f69cc83ace55998d344f68dcd9; language=tr-tr; currency=TRY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Thu, 02 Mar 2023 17:09:42 GMT
content-type: application/javascript
last-modified: Thu, 01 Apr 2021 01:32:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5533
date: Thu, 23 Feb 2023 17:09:42 GMT
X-Firefox-Spdy: h2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/vanilla-lazyload/lazyload.min.js?v=14218c54

78.135.82.40

200 OK

2388

URL HTTP/2

www.hesaplimagaza.com/catalog/view/theme/journal3/lib/vanilla-lazyload/lazyload.min.js?v=14218c54
IP

78.135.82.40:0
ASN

#207326 HostLAB Bilisim Teknolojileri A.S.

Magic

ASCII text, with very long lines (7889)

Size

23

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

#1 JS:Script (size: 128898)

#2 JS:Script (size: 17409)

#3 JS:Script (size: 0)

#4 JS:Script (size: 13369)

#5 JS:Script (size: 636)

#6 JS:Script (size: 194)

#7 JS:Script (size: 7890)

#8 JS:Script (size: 3877)

#9 JS:Script (size: 65286)

#10 JS:Script (size: 386362)

#11 JS:Script (size: 8213)

#12 JS:Script (size: 174)

#13 JS:Script (size: 172)

#14 JS:Script (size: 2066)

#15 JS:Script (size: 475)

#16 JS:Script (size: 3884)

#17 JS:Script (size: 3069)

#18 JS:Script (size: 1375)

#19 JS:Script (size: 268097)

#20 JS:Script (size: 2244)

#21 JS:Script (size: 36816)

#22 JS:Script (size: 4982)

#23 JS:Script (size: 26900)

#24 JS:Script (size: 50077)

#25 JS:Script (size: 3640)

#26 JS:Script (size: 108696)

HTTP Transactions (117)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers