opticool.com.tr - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 185.171.24.22, located in Turkey and belongs to BURSABIL, TR. The main domain is opticool.com.tr.
TLS certificate: Issued by R3 on January 23rd 2023. Valid for: 3 months.

This is the only time opticool.com.tr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication) Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 6	185.171.24.22 185.171.24.22	60721 (BURSABIL) (BURSABIL)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
6	2

6 185.171.24.22 (Turkey) 1 redirects

ASN60721 (BURSABIL, TR)
PTR: narin.net.tr

opticool.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	opticool.com.tr 1 redirects opticool.com.tr	2 MB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	30 KB
6	2

	Domain	Requested by
6	opticool.com.tr	1 redirects opticool.com.tr
1	code.jquery.com	opticool.com.tr
6	2

This site contains no links.

Subject Issuer	Validity	Valid
opticool.com.tr R3	`2023-01-23` - `2023-04-23`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://opticool.com.tr/macmoci/
Frame ID: 414C2E35932748910CAACD28AF4D06D6
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://opticool.com.tr/macmoci HTTP 301
https://opticool.com.tr/macmoci/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1683 kB
Transfer

1851 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://opticool.com.tr/macmoci HTTP 301
https://opticool.com.tr/macmoci/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response opticool.com.tr/macmoci/ Redirect Chain https://opticool.com.tr/macmoci https://opticool.com.tr/macmoci/	195 KB 41 KB	325ms 324ms	Document text/html	185.171.24.22 BURSABIL
General Check archive.org Show headers Download Go to Full URL https://opticool.com.tr/macmoci/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.171.24.22 , Turkey, ASN60721 (BURSABIL, TR), Reverse DNS narin.net.tr Software nginx / PleskLin Resource Hash `f305fa79c01f4cccf0c97a5149814e31ccd166a48cc7bfe5cce7972d282431e9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 accept-language en-US,en;q=0.9 Response headers content-encoding br content-type text/html date Thu, 16 Mar 2023 04:26:49 GMT etag W/"641270ea-30d95" last-modified Thu, 16 Mar 2023 01:29:14 GMT server nginx x-powered-by PleskLin Redirect headers content-length 240 content-type text/html; charset=iso-8859-1 date Thu, 16 Mar 2023 04:26:49 GMT location https://opticool.com.tr/macmoci/ server nginx x-powered-by PleskLin
GET H2	200	micr.svg opticool.com.tr/macmoci/	5 KB 5 KB	316ms 312ms	Image image/svg+xml	185.171.24.22 BURSABIL
General Check archive.org Show headers Download Go to Show image Full URL https://opticool.com.tr/macmoci/micr.svg Requested by Host: opticool.com.tr URL: https://opticool.com.tr/macmoci/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.171.24.22 , Turkey, ASN60721 (BURSABIL, TR), Reverse DNS narin.net.tr Software nginx / PleskLin Resource Hash `aa5cd34d736b5c8993b516d52211748d3248830f720d4e5a5f4defc64b59db0a` Request headers accept-language en-US,en;q=0.9 Referer https://opticool.com.tr/macmoci/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Thu, 16 Mar 2023 04:26:50 GMT last-modified Thu, 16 Mar 2023 01:29:07 GMT server nginx etag "641270e3-1566" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 5478
GET H2	200	arrow.svg opticool.com.tr/macmoci/	513 B 686 B	316ms 314ms	Image image/svg+xml	185.171.24.22 BURSABIL
General Check archive.org Show headers Download Go to Show image Full URL https://opticool.com.tr/macmoci/arrow.svg Requested by Host: opticool.com.tr URL: https://opticool.com.tr/macmoci/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.171.24.22 , Turkey, ASN60721 (BURSABIL, TR), Reverse DNS narin.net.tr Software nginx / PleskLin Resource Hash `34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58` Request headers accept-language en-US,en;q=0.9 Referer https://opticool.com.tr/macmoci/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Thu, 16 Mar 2023 04:26:50 GMT last-modified Thu, 16 Mar 2023 01:29:07 GMT server nginx x-accel-version 0.01 etag "201-5f6fa63129543" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 513
GET H2	200	jquery-3.6.1.min.js Show response code.jquery.com/	88 KB 30 KB	332ms 108ms	Script application/javascript	2001:4de0:ac18::1:a:3b STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.1.min.js Requested by Host: opticool.com.tr URL: https://opticool.com.tr/macmoci/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash `a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74` Request headers accept-language en-US,en;q=0.9 Referer https://opticool.com.tr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Thu, 16 Mar 2023 04:26:51 GMT content-encoding gzip last-modified Fri, 26 Aug 2022 17:36:05 GMT server nginx etag W/"63090485-15e40" vary Accept-Encoding x-hw 1678940811.dop250.am5.t,1678940811.cds290.am5.hn,1678940811.cds012.am5.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30957
GET H2	200	back.svg opticool.com.tr/macmoci/	2 MB 2 MB	161ms 159ms	Image image/svg+xml	185.171.24.22 BURSABIL
General Check archive.org Show headers Download Go to Show image Full URL https://opticool.com.tr/macmoci/back.svg Requested by Host: opticool.com.tr URL: https://opticool.com.tr/macmoci/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.171.24.22 , Turkey, ASN60721 (BURSABIL, TR), Reverse DNS narin.net.tr Software nginx / PleskLin Resource Hash `7fa8902a0eab478d31da7d5af7f6f44934b388c6695ef7bea2c115632e8389a4` Request headers accept-language en-US,en;q=0.9 Referer https://opticool.com.tr/macmoci/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Thu, 16 Mar 2023 04:26:50 GMT last-modified Thu, 16 Mar 2023 01:29:07 GMT server nginx etag "641270e3-186978" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 1599864
GET H2	200	/ opticool.com.tr/macmoci/	0 41 KB	176ms 175ms	Other text/html	185.171.24.22 BURSABIL
General Check archive.org Show headers Download Go to Full URL https://opticool.com.tr/macmoci/ Requested by Host: opticool.com.tr URL: https://opticool.com.tr/macmoci/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.171.24.22 , Turkey, ASN60721 (BURSABIL, TR), Reverse DNS narin.net.tr Software nginx / PleskLin Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language en-US,en;q=0.9 Referer https://opticool.com.tr/macmoci/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers date Thu, 16 Mar 2023 04:26:51 GMT content-encoding br last-modified Thu, 16 Mar 2023 01:29:14 GMT server nginx etag W/"641270ea-30d95" x-powered-by PleskLin content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication) Microsoft (Consumer)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
opticool.com.tr
185.171.24.22
2001:4de0:ac18::1:a:3b
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
7fa8902a0eab478d31da7d5af7f6f44934b388c6695ef7bea2c115632e8389a4
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
aa5cd34d736b5c8993b516d52211748d3248830f720d4e5a5f4defc64b59db0a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f305fa79c01f4cccf0c97a5149814e31ccd166a48cc7bfe5cce7972d282431e9

opticool.com.tr Open in urlscan Pro 185.171.24.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1683 kBTransfer

1851 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

20 JavaScript Global Variables

0 Cookies

Indicators

opticool.com.tr Open in urlscan Pro
185.171.24.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1683 kB
Transfer

1851 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!