fabrikamalzemeleri.org Open in urlscan Pro
89.252.130.86  Malicious Activity! Public Scan

Submitted URL: http://x.co/6ntGy
Effective URL: http://fabrikamalzemeleri.org/link1/
Submission: On November 29 via manual from US

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 11 HTTP transactions. The main IP is 89.252.130.86, located in Turkey and belongs to NETINTERNET Netinternet Bilisim Teknolojileri AS, TR. The main domain is fabrikamalzemeleri.org.
This is the only time fabrikamalzemeleri.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
2 2 45.40.140.1 26496 (AS-26496-...)
7 89.252.130.86 51559 (NETINTERN...)
1 2 2a01:4f9:2a:f... 24940 (HETZNER-AS)
2 151.101.12.193 54113 (FASTLY)
1 1 2600:9000:204... 16509 (AMAZON-02)
1 2600:9000:21c... 16509 (AMAZON-02)
11 4
Apex Domain
Subdomains
Transfer
7 fabrikamalzemeleri.org
fabrikamalzemeleri.org
130 KB
2 tinypic.com
i63.tinypic.com
tinypic.com
16 KB
2 imgur.com
i.imgur.com
51 KB
2 freeiconspng.com
www.freeiconspng.com
401 B
2 x.co
x.co
290 B
11 5
Domain Requested by
7 fabrikamalzemeleri.org fabrikamalzemeleri.org
2 i.imgur.com fabrikamalzemeleri.org
2 www.freeiconspng.com 1 redirects fabrikamalzemeleri.org
2 x.co 2 redirects
1 tinypic.com fabrikamalzemeleri.org
1 i63.tinypic.com 1 redirects
11 6

This site contains no links.

Subject Issuer Validity Valid
freeiconspng.com
COMODO RSA Domain Validation Secure Server CA
2018-12-06 -
2019-12-24
a year crt.sh

This page contains 1 frames:

Primary Page: http://fabrikamalzemeleri.org/link1/
Frame ID: 3BE8FCF69CD5141EA9701E48675C0000
Requests: 11 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://x.co/6ntGy HTTP 301
    https://x.co/6ntGy HTTP 302
    http://fabrikamalzemeleri.org/link1/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

11
Requests

9 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

4
IPs

3
Countries

197 kB
Transfer

194 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://x.co/6ntGy HTTP 301
    https://x.co/6ntGy HTTP 302
    http://fabrikamalzemeleri.org/link1/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://www.freeiconspng.com/ptp.php?pdf-word-icon-31 HTTP 302
  • https://www.freeiconspng.com/img/2082
Request Chain 8
  • http://i63.tinypic.com/33wr6fd.png HTTP 301
  • http://tinypic.com/images/goodbye.jpg

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
fabrikamalzemeleri.org/link1/
Redirect Chain
  • http://x.co/6ntGy
  • https://x.co/6ntGy
  • http://fabrikamalzemeleri.org/link1/
7 KB
7 KB
Document
General
Full URL
http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
89.252.130.86 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR),
Reverse DNS
j5zywj4z.ni.net.tr
Software
Apache /
Resource Hash
7df02fc6b482258e0f416f8ed8cb9fc01f3591070b84773f3bef9db57a393ce3

Request headers

Host
fabrikamalzemeleri.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:42 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Keep-Alive
timeout=5, max=100
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

status
302
server
nginx/1.10.2
date
Fri, 29 Nov 2019 15:12:41 GMT
content-type
text/html; charset=utf-8
location
http://fabrikamalzemeleri.org/link1/
facebox.css
fabrikamalzemeleri.org/link1/javascript/facebox/src/
1 KB
1 KB
Stylesheet
General
Full URL
http://fabrikamalzemeleri.org/link1/javascript/facebox/src/facebox.css
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
89.252.130.86 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR),
Reverse DNS
j5zywj4z.ni.net.tr
Software
Apache /
Resource Hash
9a2a983c9ea36e030b6ee8f7f08a2d966fed84f445af2710fcc49dd98b37e832

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:43 GMT
Last-Modified
Thu, 15 Nov 2018 19:07:18 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1151
only.js
fabrikamalzemeleri.org/link1/js/
599 B
880 B
Script
General
Full URL
http://fabrikamalzemeleri.org/link1/js/only.js
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
89.252.130.86 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR),
Reverse DNS
j5zywj4z.ni.net.tr
Software
Apache /
Resource Hash
051946860b04b5b64a52df8b240e4888469c4b384b4816df4974f84a0f3408f4

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:43 GMT
Last-Modified
Thu, 15 Nov 2018 19:07:18 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=5, max=100
Content-Length
599
jquery-1.6.2.min.js
fabrikamalzemeleri.org/link1/javascript/
89 KB
90 KB
Script
General
Full URL
http://fabrikamalzemeleri.org/link1/javascript/jquery-1.6.2.min.js
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
89.252.130.86 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR),
Reverse DNS
j5zywj4z.ni.net.tr
Software
Apache /
Resource Hash
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:43 GMT
Last-Modified
Thu, 15 Nov 2018 19:07:18 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=5, max=100
Content-Length
91556
facebox.js
fabrikamalzemeleri.org/link1/javascript/facebox/src/
9 KB
9 KB
Script
General
Full URL
http://fabrikamalzemeleri.org/link1/javascript/facebox/src/facebox.js
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
89.252.130.86 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR),
Reverse DNS
j5zywj4z.ni.net.tr
Software
Apache /
Resource Hash
983747e7938326bd872ecf4734d559a8d811dbd4488fd46c05fe6f99e9b0a867

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:43 GMT
Last-Modified
Thu, 15 Nov 2018 19:07:18 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=5, max=100
Content-Length
9223
jquery.watermark.js
fabrikamalzemeleri.org/link1/javascript/watermark/
18 KB
19 KB
Script
General
Full URL
http://fabrikamalzemeleri.org/link1/javascript/watermark/jquery.watermark.js
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
89.252.130.86 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR),
Reverse DNS
j5zywj4z.ni.net.tr
Software
Apache /
Resource Hash
d76d8ccf3c229b319c08e3b8f44a9b3cbc00d72b25a5cdbe40609ef4856a8c98

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:43 GMT
Last-Modified
Thu, 15 Nov 2018 19:07:18 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=5, max=100
Content-Length
18666
javascript1.js
fabrikamalzemeleri.org/link1/javascript/
3 KB
3 KB
Script
General
Full URL
http://fabrikamalzemeleri.org/link1/javascript/javascript1.js
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
89.252.130.86 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR),
Reverse DNS
j5zywj4z.ni.net.tr
Software
Apache /
Resource Hash
c2c9196ee861cec69e7971b0439d0d448df3328f472f226971a7d5bb5dc0ec94

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:43 GMT
Last-Modified
Sun, 18 Nov 2018 14:29:04 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=5, max=100
Content-Length
3094
2082
www.freeiconspng.com/img/
Redirect Chain
  • https://www.freeiconspng.com/ptp.php?pdf-word-icon-31
  • https://www.freeiconspng.com/img/2082
0
0
Image
General
Full URL
https://www.freeiconspng.com/img/2082
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:4f9:2a:f67::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Date
Fri, 29 Nov 2019 15:12:42 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Server
nginx
X-Powered-By
PHP/5.6.40, Hetzner
X-Frame-Options
DENY
Content-Type
text/html; charset=UTF-8
location
https://www.freeiconspng.com/img/2082
Transfer-Encoding
chunked
Connection
keep-alive
X-Frame-X-XSS-Protection
1
Yyjfy0T.png
i.imgur.com/
4 KB
4 KB
Image
General
Full URL
http://i.imgur.com/Yyjfy0T.png
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
0cf7c2b6cecd3c1605353d7e19f982842e64388883dd3d1d1c657cf78b5cdd4b

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:42 GMT
Age
4937324
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
3964
X-Served-By
cache-bwi5124-BWI, cache-fra19170-FRA
Last-Modified
Sat, 20 Aug 2016 23:24:20 GMT
Server
cat factory 1.0
X-Timer
S1575040363.712082,VS0,VE1
ETag
"ffa8b494c982e6de1e6cb45623a403c0"
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
cache-control
public, max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
2, 1
goodbye.jpg
tinypic.com/images/
Redirect Chain
  • http://i63.tinypic.com/33wr6fd.png
  • http://tinypic.com/images/goodbye.jpg
15 KB
16 KB
Image
General
Full URL
http://tinypic.com/images/goodbye.jpg
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
2600:9000:21c7:7e00:1a:9447:e40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f610dc2752e938d77dab1c4e9fb1f0f7f53b25e527d130ce4e034b7de09da053

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 14:06:46 GMT
Via
1.1 acf9ad664f94bee3e3cf93077b65edeb.cloudfront.net (CloudFront)
Last-Modified
Wed, 18 Sep 2019 21:23:53 GMT
Server
AmazonS3
Age
4209
ETag
"32af06ac4b80d728f7e4c8780eb6b6d7"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
X-Amz-Cf-Pop
AMS54-C1
Connection
keep-alive
Content-Length
15616
X-Amz-Cf-Id
tOBhp5ZjhQWxQyaVRtcsrhdMMeQ6oOv1lLux5TYijzjxvrsMNc0ovw==

Redirect headers

Date
Thu, 28 Nov 2019 16:43:12 GMT
Via
1.1 e4a44efc4b3241dc23019df63a1f645c.cloudfront.net (CloudFront)
Server
AmazonS3
X-Amz-Cf-Pop
FRA54
X-Cache
Hit from cloudfront
Location
http://tinypic.com/images/goodbye.jpg
Connection
keep-alive
Content-Length
0
X-Amz-Cf-Id
yQHIXWVaIhUZqeCYJMy8LNqO6iyblaVoIisx1bomh6vAlzdKScOxXw==
7dHA6V2.jpg
i.imgur.com/
46 KB
47 KB
Image
General
Full URL
http://i.imgur.com/7dHA6V2.jpg
Requested by
Host: fabrikamalzemeleri.org
URL: http://fabrikamalzemeleri.org/link1/
Protocol
HTTP/1.1
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
2d9b3835ce3a659c907acd33d613bab446a7894f108dddca2f2d1407263cd2d0

Request headers

Referer
http://fabrikamalzemeleri.org/link1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 Nov 2019 15:12:42 GMT
Age
1846311
X-Cache
MISS, HIT
Connection
keep-alive
Content-Length
47302
X-Served-By
cache-bwi5127-BWI, cache-fra19170-FRA
Last-Modified
Mon, 24 Jul 2017 20:28:23 GMT
Server
cat factory 1.0
X-Timer
S1575040363.780060,VS0,VE1
ETag
"c81c1d527a24c0df8f061bb682e4cc24"
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
cache-control
public, max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
0, 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| jQuery16209297524763839533 function| script function| click_to_download function| make_the_delay function| redirect_the function| now_download

0 Cookies