Turkish

Within the .sh country-code top-level domain, 'vakifbankasifaizsizkredi.surge.sh' is registered; it also runs on subdomain 'vakifbankasifaizsizkredi'. The registrable portion 'surge' spans 5 characters split between 2 vowels and 3 consonants. Splitting it apart reveals one word: surge. 'surge' is most common in Portuguese usage. You will also see it in Portuguese (Brazil) and English contexts.

html/65/7a/657a6aa4-89c4-413e-9f76-8c2f0f6a867e_fallback.html.gz

project not found

fullName

phoneNumber

birthDate

html/65/7a/657a6aa4-89c4-413e-9f76-8c2f0f6a867e.html.gz

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src-elem 'self' 'unsafe-inline' data: https://www.googletagmanager.com/ https://cdn.cerezgo.com/ https://fonts.googleapis.com https://fws.forinvestcdn.com/ https://maps.googleapis.com https://developers.google.com https://apigw.vakifbank.com.tr https://inbound.apigateway.vakifbank.com.tr:8443/ https://pisano-web.vakifbank.com.tr/; connect-src 'self' 'unsafe-inline' https://vbassets.vakifbank.com.tr/ https://pdfreader.signfordeaf.com/ https://api.cerezgo.com/ https://www.google-analytics.com/ https://api-sanal-borsa.foreks.com/ https://kor01rp02.signfordeaf.com/ https://web-api.forinvestcdn.com/ https://maps.googleapis.com https://apigw.vakifbank.com.tr https://pisano-api.vakifbank.com.tr/ https://pisano-web.vakifbank.com.tr/ https://inbound.apigateway.vakifbank.com.tr:8443/ wss://pisano-realtime.vakifbank.com.tr/ https://apigw.vakifbank.com.tr:8443/; style-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/ https://jsonip.com/; style-src-elem 'self' 'unsafe-inline' https://fonts.cdnfonts.com/ https://cdn.cerezgo.com/ https://fws.forinvestcdn.com/ https://fonts.googleapis.com https://apigw.vakifbank.com.tr https://inbound.apigateway.vakifbank.com.tr:8443/; img-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://www.vakifbank.com.tr/ https://maps.gstatic.com https://maps.googleapis.com https://apigw.vakifbank.com.tr https://vbassets.vakifbank.com.tr/ https://imgsrv.vakifbank.com.tr/ https://inbound.apigateway.vakifbank.com.tr:8443/ https://pisano-api.vakifbank.com.tr/ data: blob:; font-src 'self' 'unsafe-inline' https://fonts.cdnfonts.com/ https://fonts.gstatic.com https://apigw.vakifbank.com.tr https://inbound.apigateway.vakifbank.com.tr:8443/ data:; frame-src 'self' 'unsafe-inline' https://www.dreamreality.com.tr/ https://vtube.vakifbank.com.tr/ https://vbassets.vakifbank.com.tr/ https://www.youtube.com/; media-src 'self' 'unsafe-inline' https://cdn01.signfordeaf.com/ https://vbassets.vakifbank.com.tr/

c7c1f6193122fbecadc6e19224be531b83fc2618eb58e45855122318d8aa8eea

viewport

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

⚡ Medium Risk - http://vakifbankasifaizsizkredi.surge.sh/

Requests	IP Address	Location	AS Autonomous System
1	138.68.112.220	Frankfurt am Main, Hesse, Germany	AS14061DIGITALOCEAN-ASN
1	195.142.202.197	Turkey	AS39095Turkiye Vakiflar Bankasi Tao
1	142.250.186.67	United States	AS15169GOOGLE
1	142.250.185.234	United States	AS15169GOOGLE
1	2a00:1450:4001:800::200a	Frankfurt am Main, Hesse, Germany	AS15169GOOGLE
1	142.250.186.99	United States	AS15169GOOGLE
1	2a00:1450:4001:82b::2003	Frankfurt am Main, Hesse, Germany	AS15169GOOGLE
13	7	-	-

Security Scan Report: vakifbankasifaizsizkredi.surge.sh

Summary

AI Security Verdict

Confirmed Scam

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History