Report - clicktime.symantec.com/39owJdzAR1PgEWbSN54vPhA7Vc?u=https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844

Report Overview

Submitted URL
clicktime.symantec.com/39owJdzAR1PgEWbSN54vPhA7Vc?u=https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844
IP
13.51.229.89
ASN
#16509 AMAZON-02
Submitted
2023-05-30 13:51:25
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.ergunbas.com	unknown	2015-05-23	2019-12-18	2023-05-29	517 B	866 B	185.52.231.165
lmo-secure.redeemintl.com	unknown	2013-07-15	2023-05-25	2023-05-29	556 B	437 B	208.91.197.27
ipfs.io	41400	2014-05-16	2015-09-09	2023-05-29	581 B	172 kB	209.94.90.1
clicktime.symantec.com	48067	1992-11-24	2016-11-24	2023-05-29	575 B	298 B	13.50.218.151
ergunbas.com	unknown	2015-05-23	2015-10-10	2023-05-29	980 B	1.1 kB	185.52.231.165

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-30 13:51:10	medium	Client IP	Internal IP	ET INFO Peer-to-Peer File Sharing Service Domain in DNS Lookup (ipfs .io)
2023-05-30 13:51:10	medium	Client IP	Internal IP	ET INFO Peer-to-Peer File Sharing Service Domain in DNS Lookup (ipfs .io)
2023-05-30 13:51:10	medium	Client IP	209.94.90.1	ET INFO Observed Peer-to-Peer File Sharing Service Domain (ipfs .io in TLS SNI)
2023-05-30 13:51:11	low	208.91.197.27	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	ipfs.io/ipfs/bafybeiezko2yndrnmfd4lvpt5nvzpqcfbpwuwxawkwaz5o6tio7gfle6hi/WilhuffTarkin.html#cherie.keese@sulzer.com	171 kB	2023-05-25	2023-06-12
Pretty URL ipfs.io/ipfs/bafybeiezko2yndrnmfd4lvpt5nvzpqcfbpwuwxawkwaz5o6tio7gfle6hi/WilhuffTarkin.html#cherie.keese@sulzer.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-25 20:30:16 Last Seen2023-06-12 15:24:01 Times Seen73 Hash 0e0c30e9b2ec2c3c563d5cb8e50d6fd8 a36e5c652a60f2a57803ecaf53d9d1ab608a78ea 6c3e5f901e79d59892b3f4c3e41b2865228985ea68998c5b52baec6278066616 Loading...

	unknown	79 B	2023-04-11	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38:58 Last Seen2024-04-26 02:29:06 Times Seen124473 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unknown	37 B	2023-04-11	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-04-26 02:43:31 Times Seen231546 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

HTTP Transactions (6)

	URL	IP	Response	Size
	clicktime.symantec.com/39owJdzAR1PgEWbSN54vPhA7Vc?u=https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844	13.50.218.151	307 Temporary Redirect	0 B
URL User Request GET HTTP/1.1 clicktime.symantec.com/39owJdzAR1PgEWbSN54vPhA7Vc?u=https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844 IP 13.50.218.151:443 ASN #16509 AMAZON-02 Certificate IssuerDigiCert Inc Subjectclicktime.symantec.com Fingerprint9D:75:F9:28:E4:5A:3C:2F:F0:FB:F1:A0:9D:CB:86:B3:39:71:4E:D6 ValidityTue, 25 Apr 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /39owJdzAR1PgEWbSN54vPhA7Vc?u=https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844 HTTP/1.1 Host: clicktime.symantec.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 307 Temporary Redirect Server: nginx Date: Tue, 30 May 2023 13:51:08 GMT Transfer-Encoding: chunked Connection: keep-alive Location: https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844 TA-CODE: ignored X-EventId: 1564059 X-HostId: 647bb57572f300b5d00a7c076a12c112`

	ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844	185.52.231.165	200 OK	179 B
URL User Request GET HTTP/1.1 ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844 IP 185.52.231.165:443 ASN #61966 FMA Bilisim Teknolojileri Sanayi ve Ticaret LTD STI Certificate IssuerLet's Encrypt Subject.ergunbas.com Fingerprint58:D8:5A:D2:BA:D4:96:A2:D8:8F:F5:DA:C8:92:9E:62:E4:8D:33:65 ValidityFri, 07 Apr 2023 15:52:47 GMT - Thu, 06 Jul 2023 15:52:46 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators Size 179 B (179 bytes) Hash 5ac95b91dba1b176f2cad7b01e52a956 4884d470a1889c03ca0846b075d447a59b3c0193 b9b021ed5fb52ff55f33b35c88518e137a432f4aae7397911827daf7db57ce32 HTTP Headers `GET /doyle/3907867/cherie.keese@sulzer.com/88364844 HTTP/1.1 Host: ergunbas.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Tue, 30 May 2023 13:51:05 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: br Content-Length: 179 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8`

	ergunbas.com/favicon.ico	185.52.231.165	302 Found	1 B
URL GET HTTP/1.1 ergunbas.com/favicon.ico IP 185.52.231.165:443 ASN #61966 FMA Bilisim Teknolojileri Sanayi ve Ticaret LTD STI Requested by https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844 Certificate IssuerLet's Encrypt Subject.ergunbas.com Fingerprint58:D8:5A:D2:BA:D4:96:A2:D8:8F:F5:DA:C8:92:9E:62:E4:8D:33:65 ValidityFri, 07 Apr 2023 15:52:47 GMT - Thu, 06 Jul 2023 15:52:46 GMT File type very short file (no magic) Size 1 B (1 bytes) Hash eccbc87e4b5ce2fe28308fd9f2a7baf3 77de68daecd823babbb58edb1c8e14d7106e83bb 4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce HTTP Headers `GET /favicon.ico HTTP/1.1 Host: ergunbas.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 302 Found Date: Tue, 30 May 2023 13:51:05 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Link: <https://www.ergunbas.com/wp-json/>; rel="https://api.w.org/" X-Redirect-By: WordPress Set-Cookie: PHPSESSID=8245c1699b8e92c7e21a16fe091a683c; path=/; samesite=None; domain=ergunbas.com; secure; HttpOnly; SameSite=None Location: https://www.ergunbas.com/dosyalar/2022/02/cropped-Ergunbas_favicon-1-1-32x32.png Vary: Accept-Encoding Content-Encoding: br Content-Length: 1 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

	www.ergunbas.com/dosyalar/2022/02/cropped-Ergunbas_favicon-1-1-32x32.png	185.52.231.165	200 OK	626 B
URL GET HTTP/1.1 www.ergunbas.com/dosyalar/2022/02/cropped-Ergunbas_favicon-1-1-32x32.png IP 185.52.231.165:443 ASN #61966 FMA Bilisim Teknolojileri Sanayi ve Ticaret LTD STI Requested by https://ergunbas.com/doyle/3907867/cherie.keese@sulzer.com/88364844 Certificate IssuerLet's Encrypt Subject.ergunbas.com Fingerprint58:D8:5A:D2:BA:D4:96:A2:D8:8F:F5:DA:C8:92:9E:62:E4:8D:33:65 ValidityFri, 07 Apr 2023 15:52:47 GMT - Thu, 06 Jul 2023 15:52:46 GMT File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data Size 626 B (626 bytes) Hash a49c8aa1affc9ddee64902aa811bef23 0b8c5d46dcdf49d9813fd35a16d5bf833ee2c82b 834b83f737f66df8bf336757c9f212c3e1a48b5e89db963968b59ef73578c69f HTTP Headers GET /dosyalar/2022/02/cropped-Ergunbas_favicon-1-1-32x32.png HTTP/1.1 Host: www.ergunbas.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://ergunbas.com/ DNT: 1 Connection: keep-alive Cookie: PHPSESSID=8245c1699b8e92c7e21a16fe091a683c Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Tue, 30 May 2023 13:51:06 GMT Server: Apache Last-Modified: Fri, 04 Feb 2022 16:42:03 GMT Accept-Ranges: bytes Content-Length: 626 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/png`

	lmo-secure.redeemintl.com/?T3KdJ8=71ij6E&username=cherie.keese%40sulzer.com	208.91.197.27	403 Forbidden	272 B
URL GET HTTP/1.1 lmo-secure.redeemintl.com/?T3KdJ8=71ij6E&username=cherie.keese%40sulzer.com IP 208.91.197.27:443 ASN #40034 CONFLUENCE-NETWORK-INC Requested by https://ipfs.io/ipfs/bafybeiezko2yndrnmfd4lvpt5nvzpqcfbpwuwxawkwaz5o6tio7gfle6hi/WilhuffTarkin.html#cherie.keese@sulzer.com Certificate IssuerZeroSSL Subjectlmo-secure.redeemintl.com Fingerprint27:9B:A2:3E:39:3A:1E:62:31:D9:2A:C0:EE:18:74:0E:90:2C:5C:BE ValidityThu, 25 May 2023 00:00:00 GMT - Wed, 23 Aug 2023 23:59:59 GMT File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size 272 B (272 bytes) Hash e7bfb9316e89ce5212b1b2507dd8830a df5086be1b3eb047dddeb4e3d35dbd66897281a0 b5378a12e359a27a0c92f53fefa2b4c21673781b7e76f54495d58ad72a927839 HTTP Headers GET /?T3KdJ8=71ij6E&username=cherie.keese%40sulzer.com HTTP/1.1 Host: lmo-secure.redeemintl.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://ipfs.io/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 403 Forbidden Server: openresty Date: Tue, 30 May 2023 13:51:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 272 Connection: keep-alive`

	ipfs.io/ipfs/bafybeiezko2yndrnmfd4lvpt5nvzpqcfbpwuwxawkwaz5o6tio7gfle6hi/WilhuffTarkin.html	209.94.90.1	200 OK	171 kB
URL User Request GET HTTP/2 ipfs.io/ipfs/bafybeiezko2yndrnmfd4lvpt5nvzpqcfbpwuwxawkwaz5o6tio7gfle6hi/WilhuffTarkin.html IP 209.94.90.1:443 ASN #40680 PROTOCOL Certificate IssuerLet's Encrypt Subject.i.ipfs.io FingerprintDF:57:ED:7D:45:D6:8D:9D:25:3C:13:85:2E:51:0D:AD:64:B8:E5:84 ValidityMon, 27 Mar 2023 17:15:30 GMT - Sun, 25 Jun 2023 17:15:29 GMT File type Size 171 kB (171160 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /ipfs/bafybeiezko2yndrnmfd4lvpt5nvzpqcfbpwuwxawkwaz5o6tio7gfle6hi/WilhuffTarkin.html HTTP/1.1 Host: ipfs.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://ergunbas.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK server: openresty date: Tue, 30 May 2023 13:51:11 GMT content-type: text/html vary: Accept-Encoding cache-control: public, max-age=29030400, immutable etag: W/"bafkreihltz4s7bvqlneq5varkiizrwdqx5iikwhun6244dyz4u6ux7axya" x-ipfs-gateway-host: ipfs-bank14-fr2 x-ipfs-path: /ipfs/bafybeiezko2yndrnmfd4lvpt5nvzpqcfbpwuwxawkwaz5o6tio7gfle6hi/WilhuffTarkin.html x-ipfs-roots: bafybeiezko2yndrnmfd4lvpt5nvzpqcfbpwuwxawkwaz5o6tio7gfle6hi,bafkreihltz4s7bvqlneq5varkiizrwdqx5iikwhun6244dyz4u6ux7axya x-ipfs-pop: ipfs-bank14-fr2 timing-allow-origin: x-ipfs-datasize: 171160 access-control-allow-origin: * access-control-allow-methods: GET, GET, POST, OPTIONS access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output x-ipfs-lb-pop: gateway-bank1-fr2 x-bfid: 028c9dde5f2d6a131ba99744196d7df8 strict-transport-security: max-age=31536000; includeSubDomains; preload x-proxy-cache: MISS content-encoding: gzip X-Firefox-Spdy: h2