Report - erkaradyator.com.tr/Areas/My5PdKnB/

Report Overview

Submitted URL
erkaradyator.com.tr/Areas/My5PdKnB/
IP
188.132.217.107
ASN
#42910 PremierDC Veri Merkezi Anonim Sirketi
Submitted
2023-04-30 14:12:28
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-04-30	340 B	946 B	54.230.80.227
erkaradyator.com.tr	unknown	2010-01-28	2016-01-27	2023-04-30	399 B	576 kB	188.132.217.107
bbuseruploads.s3.amazonaws.com	419617	2005-08-18	2014-05-24	2023-04-30	1.2 kB	43 MB	52.217.128.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-30 14:12:13	low	188.132.217.107	Client IP	ET INFO Packed Executable Download
2023-04-30 14:12:13	high	188.132.217.107	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2023-04-30 14:12:13	high	188.132.217.107	Client IP	ETPRO MALWARE Emotet Payload Inbound (2023-03-16)
2023-04-30 14:12:13	low	188.132.217.107	Client IP	ET INFO EXE - Served Attached HTTP

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-04-30	medium	erkaradyator.com.tr

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-04-30	medium	erkaradyator.com.tr

ThreatFox

No alerts detected

Files detected

URL
erkaradyator.com.tr/Areas/My5PdKnB/
IP
188.132.217.107
ASN
#42910 PremierDC Veri Merkezi Anonim Sirketi

File type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows\012- data
Size
575 kB (574976 bytes)
Hash
c901c8089c5e017f8e9b4b15c8ef154f
336c2bea43bfa2e8afd27a164dba640f36c0013c
fd79e8fa5e3801101a1305b6aba7a5e7fdc852ed9036d6d9a5210be414a5cc5a

Detections

Analyzer	Verdict	Alert
VirusTotal	54/70	VirusTotal -

JavaScript (9)

	URL	Size	First Seen	Last Seen
	about:home?jscache	101 kB	2023-04-30	2023-04-30
Pretty URL about:home?jscache IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-30 16:12:28 Last Seen2023-04-30 16:12:28 Times Seen1 Hash abd59a43c41ba8299c96f0f1e2c82555 3d813528322d0232af70db3b438dc20d2a119a66 b18ab8673ecf9665761332d8a10405d8c27d798b52af835ef23619cba0dbda6a Loading...

	resource://activity-stream/vendor/redux.js	31 kB	2023-04-05	2023-05-05
Pretty URL resource://activity-stream/vendor/redux.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-05 09:01:43 Last Seen2023-05-05 20:54:56 Times Seen103 Hash 31733d156e6ecea997777a52c969ff62 1ca3dd9d301203cd277a5a28c2f3f693f1b516c3 67df5299a459bc214fa4ca5effb3ebdcbf9074607c25116356493e02fa4012f4 Loading...

	resource://activity-stream/data/content/activity-stream.bundle.js	515 kB	2023-04-05	2023-05-06
Pretty URL resource://activity-stream/data/content/activity-stream.bundle.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-05 09:01:43 Last Seen2023-05-06 01:12:05 Times Seen129 Hash 98fb1d2cafc4c7b72bc3fb9eb16de356 a1ebbf5dc5bd0a95c87a1d724027c0467e471f1e 2a2aabbc8f26fd8ff52ed2556b94befb0d4f22f08295acc47fe2d88b37e0f17f Loading...

	resource://activity-stream/vendor/react-redux.js	16 kB	2023-03-11	2024-04-12
Pretty URL resource://activity-stream/vendor/react-redux.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-11 09:59:05 Last Seen2024-04-12 22:34:59 Times Seen244 Hash fa30c6c303c5db2384ff8c89592d2277 70e8aff282cfaf8372ba879cd4d31ccde959d383 76f0dddea6123242a7f1b07cfd17a54703227cb103b7ccde5439c0935fda63b3 Loading...

	resource://activity-stream/vendor/react.js	12 kB	2023-03-07	2024-04-25
Pretty URL resource://activity-stream/vendor/react.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-07 12:07:35 Last Seen2024-04-25 09:08:20 Times Seen1178 Hash edf56a42bca6b565bf7dfcbd8ffc221a 31cb4cea0064ed80c1b0c5f5d58e1956a7e2293f c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe Loading...

	resource://activity-stream/data/content/newtab-render.js	424 B	2023-04-12	2023-05-05
Pretty URL resource://activity-stream/data/content/newtab-render.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-12 07:14:53 Last Seen2023-05-05 20:54:56 Times Seen116 Hash c14133fffff201b4a1e74ff4086a7290 21c0511c662d89193eefdd883719f16646b50a4b 733eeabce980690a5899ebea87f7f91087f25fdc69e1d5306099246eb1942578 Loading...

	resource://activity-stream/vendor/prop-types.js	2.7 kB	2023-03-11	2024-04-08
Pretty URL resource://activity-stream/vendor/prop-types.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-11 15:03:13 Last Seen2024-04-08 12:22:43 Times Seen112 Hash e6e2d25d20bf3d8c1d67ec4057418c48 a8b707d67f1f8e0c0d745593639c8e9fcf6d72a5 84c57f0b16de70d0b9c97158c353f18188f40318a68835325896da705066f6f1 Loading...

	resource://activity-stream/vendor/react-transition-group.js	18 kB	2023-03-10	2023-05-05
Pretty URL resource://activity-stream/vendor/react-transition-group.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-10 01:47:02 Last Seen2023-05-05 20:54:56 Times Seen68 Hash 1ad087f79d93056f6e61e80b42a97f9a bc9bbc98903036e387d76d7c29a7b9bf4b799bc4 e8d770347c329fc909f500b98c69cb32ec3ef2d7213b23df7ebfdd3a66c7c879 Loading...

	resource://activity-stream/vendor/react-dom.js	119 kB	2023-03-07	2024-04-23
Pretty URL resource://activity-stream/vendor/react-dom.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-07 12:21:57 Last Seen2024-04-23 14:08:21 Times Seen629 Hash dcf51763fb4a654e15a4e6e7754ca5d2 bf19ec32af23fb8f2c0c75549a3996b725f80d35 bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25 Loading...

HTTP Transactions (3)

URL IP Response Size

ocsp.r2m01.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
03946e88f0b9f86ab2a5d74a71594232
88fa0d91017b9cd9676cd5db4078272168160636
8960f90ff484c0b6e605c8bb6084bc534736d17cf056133c2af27e1579fc9b5c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 30 Apr 2023 14:12:13 GMT
Last-Modified: Sun, 30 Apr 2023 13:06:40 GMT
Server: ECAcc (nya/78C0)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2UEw5LJfG0hx7TRqwxZApPS6-vWa7c0_Ohct2XxtfQwGMaoxD4LZkg==
Age: 3933

erkaradyator.com.tr/Areas/My5PdKnB/

188.132.217.107

575 kB

URL
erkaradyator.com.tr/Areas/My5PdKnB/
IP
188.132.217.107:0
ASN
#42910 PremierDC Veri Merkezi Anonim Sirketi

File type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows\012- data
Size
575 kB (574976 bytes)
Hash
c901c8089c5e017f8e9b4b15c8ef154f
336c2bea43bfa2e8afd27a164dba640f36c0013c
fd79e8fa5e3801101a1305b6aba7a5e7fdc852ed9036d6d9a5210be414a5cc5a

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed
VirusTotal	54/70	VirusTotal -

NIDS	Severity	Alert
suricata	low	ET INFO Packed Executable Download
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP
suricata	high	ETPRO MALWARE Emotet Payload Inbound (2023-03-16)
suricata	low	ET INFO EXE - Served Attached HTTP

HTTP Headers

GET /Areas/My5PdKnB/ HTTP/1.1
Host: erkaradyator.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: application/x-msdownload
Expires: Sun, 30 Apr 2023 14:11:59 GMT
Last-Modified: Sun, 30 Apr 2023 14:11:59 GMT
Server: Microsoft-IIS/8.5
Set-Cookie: 644e772f69d9d=1682863919; expires=Sun, 30-Apr-2023 14:12:59 GMT; Max-Age=60; path=/
Content-Disposition: attachment; filename="NXQUvsX.dll"
Content-Transfer-Encoding: binary
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Sun, 30 Apr 2023 14:11:58 GMT
Content-Length: 574976

bbuseruploads.s3.amazonaws.com/29cfe55e-e8ba-43aa-8efd-982e471efd8e/downloads/e90627f7-8ccb-4bc3-9b34-76556e229c37/nordVPN.rar?response-content-disposition=attachment%3B%20filename%3D%22nordVPN.rar%22&AWSAccessKeyId=ASIA6KOSE3BNM5CLNLH4&Signature=hIfTikWUR8hmTVQoJImuCKRuLUw%3D&x-amz-security-token=FwoGZXIvYXdzEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDBwjCItDBPj7oB38QCK%2BAT2I4N07Wny%2FR5CNZpd80%2FjIsby7KgQeusg9%2FegcF9ZV3oW29DcAdVek0rUXNX7e9srnVwznE2Q7dOhs4E9llVDpDpCyzWk82uSQQ%2BNNeGEJ5VAe49vkIJWAQX7bw1r6h5tLTHa5XYhbtqulcvpTL%2BNM3YpOVpbj0ixmjFzSYuTgYhgavIbWZ94RDNAwq10%2FmtNjdK%2BgfVRphI1HI%2BHDTfUxIBrZvo4juMNVTeo2Q1PG4jGcFT%2Bm2TLWLg10QZEo8eq5ogYyLZ5S9DB0gbPh7A8VfS9VVftQdQrwuZvAFWCKzLpM%2BzIVs6mYTDT3J4TumHGsiA%3D%3D&Expires=1682865273

52.217.128.137

43 MB

URL
bbuseruploads.s3.amazonaws.com/29cfe55e-e8ba-43aa-8efd-982e471efd8e/downloads/e90627f7-8ccb-4bc3-9b34-76556e229c37/nordVPN.rar?response-content-disposition=attachment%3B%20filename%3D%22nordVPN.rar%22&AWSAccessKeyId=ASIA6KOSE3BNM5CLNLH4&Signature=hIfTikWUR8hmTVQoJImuCKRuLUw%3D&x-amz-security-token=FwoGZXIvYXdzEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDBwjCItDBPj7oB38QCK%2BAT2I4N07Wny%2FR5CNZpd80%2FjIsby7KgQeusg9%2FegcF9ZV3oW29DcAdVek0rUXNX7e9srnVwznE2Q7dOhs4E9llVDpDpCyzWk82uSQQ%2BNNeGEJ5VAe49vkIJWAQX7bw1r6h5tLTHa5XYhbtqulcvpTL%2BNM3YpOVpbj0ixmjFzSYuTgYhgavIbWZ94RDNAwq10%2FmtNjdK%2BgfVRphI1HI%2BHDTfUxIBrZvo4juMNVTeo2Q1PG4jGcFT%2Bm2TLWLg10QZEo8eq5ogYyLZ5S9DB0gbPh7A8VfS9VVftQdQrwuZvAFWCKzLpM%2BzIVs6mYTDT3J4TumHGsiA%3D%3D&Expires=1682865273
IP
52.217.128.137:0
ASN
#16509 AMAZON-02

File type
data
Size
43 MB (43211785 bytes)
Hash
a190070409a0b3ab15dc840b497457ea
51da749134739e4c011227ee7282fe6d25005891
5331acca7a220f1d182bd211e76bf76cb0e3eb1cc87be8e6a69566e2b58e1645

HTTP Headers

GET /29cfe55e-e8ba-43aa-8efd-982e471efd8e/downloads/e90627f7-8ccb-4bc3-9b34-76556e229c37/nordVPN.rar?response-content-disposition=attachment%3B%20filename%3D%22nordVPN.rar%22&AWSAccessKeyId=ASIA6KOSE3BNM5CLNLH4&Signature=hIfTikWUR8hmTVQoJImuCKRuLUw%3D&x-amz-security-token=FwoGZXIvYXdzEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDBwjCItDBPj7oB38QCK%2BAT2I4N07Wny%2FR5CNZpd80%2FjIsby7KgQeusg9%2FegcF9ZV3oW29DcAdVek0rUXNX7e9srnVwznE2Q7dOhs4E9llVDpDpCyzWk82uSQQ%2BNNeGEJ5VAe49vkIJWAQX7bw1r6h5tLTHa5XYhbtqulcvpTL%2BNM3YpOVpbj0ixmjFzSYuTgYhgavIbWZ94RDNAwq10%2FmtNjdK%2BgfVRphI1HI%2BHDTfUxIBrZvo4juMNVTeo2Q1PG4jGcFT%2Bm2TLWLg10QZEo8eq5ogYyLZ5S9DB0gbPh7A8VfS9VVftQdQrwuZvAFWCKzLpM%2BzIVs6mYTDT3J4TumHGsiA%3D%3D&Expires=1682865273 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=24299909-
If-Match: "51f76490d258b1fdffe423d247658e7c-9"
If-Unmodified-Since: Wed, 05 Apr 2023 08:23:57 GMT

HTTP/1.1 206 Partial Content
x-amz-id-2: IEtjzWCAhdQUufvksE61HkshTq/npE8CRuQhKx1siCpn/7U3kDa3H5KJbITNB4cMIl4UbIXZVqY=
x-amz-request-id: 81XHDPTBPDWQ5B8E
Date: Sun, 30 Apr 2023 14:12:14 GMT
Last-Modified: Wed, 05 Apr 2023 08:23:57 GMT
ETag: "51f76490d258b1fdffe423d247658e7c-9"
x-amz-server-side-encryption: AES256
x-amz-version-id: ycFmPXjC951TCpqXSJZM6TnXwln4eTF0
Content-Disposition: attachment; filename="nordVPN.rar"
Accept-Ranges: bytes
Content-Range: bytes 24299909-67511693/67511694
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 43211785

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by