www.ortakmarketimiz.com Open in urlscan Pro
31.186.8.167 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.ortakmarketimiz.com/sms.php
Submission: On August 07 via automatic, source openphish (August 7th 2017, 10:38:12 pm UTC)

Summary HTTP 90 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 4 domains to perform 90 HTTP transactions. The main IP is 31.186.8.167, located in Turkey and belongs to BETAINTERNATIONAL, TR. The main domain is www.ortakmarketimiz.com.

This is the only time www.ortakmarketimiz.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yapi Kredi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
69	31.186.8.167 31.186.8.167	199484 (BETAINTER...) (BETAINTERNATIONAL)
2	176.34.188.30 176.34.188.30	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	54.228.231.139 54.228.231.139	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2400:cb00:204... 2400:cb00:2048:1::6811:6659	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	193.254.228.215 193.254.228.215	25323 (ASN-YKB G...) (ASN-YKB Gebze 41480)
2	151.101.114.109 151.101.114.109	54113 (FASTLY) (FASTLY - Fastly)
1	2400:cb00:204... 2400:cb00:2048:1::6811:6959	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	173.255.118.158 173.255.118.158	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2400:cb00:204... 2400:cb00:2048:1::6811:6759	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
90	10

69 31.186.8.167 (Turkey)

ASN199484 (BETAINTERNATIONAL, TR)
PTR: reverse-31-186-8-167.turkticaret.net

www.ortakmarketimiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.34.188.30 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-176-34-188-30.eu-west-1.compute.amazonaws.com

internetsubesi2.yapikredi.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.228.231.139 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-228-231-139.eu-west-1.compute.amazonaws.com

destek.yapikredi.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2400:cb00:2048:1::6811:6659 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

embed.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static-v.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.254.228.215 (Turkey)

ASN25323 (ASN-YKB Gebze 41480, TR)
PTR: internetsube.yapikredi.com.tr

internetsube.yapikredi.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.109 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6811:6959 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

static-v.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.255.118.158 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: 158.118.255.173.bc.googleusercontent.com

va.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6811:6759 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

static-v.tawk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
69	ortakmarketimiz.com www.ortakmarketimiz.com	1 MB
6	tawk.to embed.tawk.to static-v.tawk.to va.tawk.to vs50.tawk.to Failed	134 KB
6	yapikredi.com.tr internetsubesi2.yapikredi.com.tr destek.yapikredi.com.tr internetsube.yapikredi.com.tr	8 KB
2	jsdelivr.net cdn.jsdelivr.net	51 KB
90	4

	Domain	Requested by
69	www.ortakmarketimiz.com	www.ortakmarketimiz.com destek.yapikredi.com.tr
4	static-v.tawk.to	embed.tawk.to www.ortakmarketimiz.com
3	destek.yapikredi.com.tr	www.ortakmarketimiz.com
2	cdn.jsdelivr.net	embed.tawk.to
2	internetsubesi2.yapikredi.com.tr	www.ortakmarketimiz.com
1	va.tawk.to	embed.tawk.to
1	internetsube.yapikredi.com.tr	www.ortakmarketimiz.com
1	embed.tawk.to	www.ortakmarketimiz.com
0	vs50.tawk.to Failed	embed.tawk.to
90	9

This site contains links to these domains. Also see Links.

Domain
www.yapikredi.com.tr

Subject Issuer	Validity	Valid
internetsubesi2.yapikredi.com.tr Symantec Class 3 Secure Server CA - G4	`2016-06-20` - `2018-06-11`	2 years	crt.sh
destek.yapikredi.com.tr Symantec Class 3 Secure Server CA - G4	`2016-06-20` - `2018-06-11`	2 years	crt.sh
ssl765174.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2017-06-12` - `2018-03-11`	9 months	crt.sh
internetsube.yapikredi.com.tr Symantec Class 3 EV SSL CA - G3	`2016-08-29` - `2018-10-28`	2 years	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2017-08-02` - `2018-05-04`	9 months	crt.sh
*.tawk.to COMODO RSA Domain Validation Secure Server CA	`2016-03-03` - `2019-04-09`	3 years	crt.sh

This page contains 5 frames:

Primary Page: http://www.ortakmarketimiz.com/sms.php
Frame ID: 32379.1
Requests: 83 HTTP requests in this frame

Frame: https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css
Frame ID: 32379.2
Requests: 4 HTTP requests in this frame

Frame: https://static-v.tawk.to/a-v3-38/fonts/icomoon.ttf?-7rca1q
Frame ID: 32379.3
Requests: 1 HTTP requests in this frame

Frame: http://www.ortakmarketimiz.com/false/pL6.html/discovercard.com/dfs/accounthome/summary/-www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///https://snsbank.nl/mijnsns/secure/login/httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl/httponline.eurobank.pl/?cid=5&si=0&e=http%3A%2F%2Fwww.ortakmarketimiz.com&LSESSIONID=jLd1paIc5IYudyiLJhws3DwCoP%2BSpX%2FfUk21EXavFtPX08UvMcF55sCu&t=xframe&eu=http%3A%2F%2Fwww.ortakmarketimiz.com%2Fsms.php
Frame ID: 32379.8
Requests: 1 HTTP requests in this frame

Frame: http://www.ortakmarketimiz.com/false/n6AQ.html?si=0&e=http%3A%2F%2Fwww.ortakmarketimiz.com&LSESSIONID=jLd1paIc5IYudyiLJhws3DwCoP%2BSpX%2FfUk21EXavFtPX08UvMcF55sCu&t=xframe&eu=http%3A%2F%2Fwww.ortakmarketimiz.com%2Fsms.php
Frame ID: 32379.9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

90
Requests

14 %
HTTPS

33 %
IPv6

4
Domains

9
Subdomains

10
IPs

3
Countries

1614 kB
Transfer

2242 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.yapikredi.com.tr/sinirsiz-bankacilik/internet/internet-subesi-onerilen-tarayicilar.aspx
Title: tıklayınız

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

90 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request sms.php Show response
www.ortakmarketimiz.com/ 35 KB
35 KB 2491ms
2431ms Document
text/html 31.186.8.167
BETAINTERNATIONAL

General

www.ortakmarketimiz.com Open in urlscan Pro 31.186.8.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

90 Requests

14 %HTTPS

33 %IPv6

4 Domains

9 Subdomains

10 IPs

3 Countries

1614 kBTransfer

2242 kBSize

1 Cookies

1 Outgoing links

Redirected requests

90 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.ortakmarketimiz.com Open in urlscan Pro
31.186.8.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

90
Requests

14 %
HTTPS

33 %
IPv6

4
Domains

9
Subdomains

10
IPs

3
Countries

1614 kB
Transfer

2242 kB
Size

1
Cookies

90 HTTP transactions
0 data transactions