| www.dosya.tc/server41/2z8jq4/reach.zip.html | 88.99.254.43 | 200 OK | 3.6 kB |
URL User Request GET HTTP/1.1www.dosya.tc/server41/2z8jq4/reach.zip.html IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeJavaScript source, ISO-8859 text Hashcaf57a0b27a8d77a11079053224b3ae3 cdc092afeba1e36b040d813c6943b9f711ea099c d5763f13a596a868d1a9aafd23482341fead24c5ad4f55e236622a4bbbfed19d
GET /server41/2z8jq4/reach.zip.html HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| www.dosya.tc/style/style.css | 88.99.254.43 | 200 OK | 15 kB |
URL GET HTTP/1.1www.dosya.tc/style/style.css IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeassembler source, ASCII text Hashe36585a9f4a781f9445425224c85e695 4a34bb8474bd8d15a5313a157ca72bf8552910cc 2b8c3599f9d693fc1422d4ad7c8fe6b9fbb2ade6b19a89c55e0d94f02252410a
GET /style/style.css HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:15 GMT
Accept-Ranges: bytes
Content-Length: 14629
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| www.dosya.tc/style/bootstrap.css | 88.99.254.43 | 200 OK | 146 kB |
URL GET HTTP/1.1www.dosya.tc/style/bootstrap.css IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (386) Size146 kB (145933 bytes) Hash2dbb985a5bb6dd8ef0a7b21d290ea9ae f8676e1f4a902a63088f45982f3f9b6a6c401b47 d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a
GET /style/bootstrap.css HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:15 GMT
Accept-Ranges: bytes
Content-Length: 145933
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| www.dosya.tc/images/footer-icon1.png | 88.99.254.43 | 200 OK | 582 B |
URL GET HTTP/1.1www.dosya.tc/images/footer-icon1.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hashe62d200d08f565563cc9b713729bbaa6 3a130f79117f2aaa91154eb56a22b47de8c06a50 101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3
GET /images/footer-icon1.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/logo.png | 88.99.254.43 | 200 OK | 7.2 kB |
URL GET HTTP/1.1www.dosya.tc/images/logo.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 191 x 53, 8-bit/color RGB, non-interlaced Hash2a193802d40b18cd55b0d159571bf63c 1a4e4bdf88317471241d9e5ee29d9572be3f37e3 77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a
GET /images/logo.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:10 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/footer-icon3.png | 88.99.254.43 | 200 OK | 1.7 kB |
URL GET HTTP/1.1www.dosya.tc/images/footer-icon3.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash3a61d85a6bb0a45429b1e4b7d945aa95 6fcdf44c20d1ed269303583e16a98e245fa7b69b c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732
GET /images/footer-icon3.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/uye-girisi.png | 88.99.254.43 | 200 OK | 3.0 kB |
URL GET HTTP/1.1www.dosya.tc/images/uye-girisi.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 140 x 51, 8-bit/color RGB, non-interlaced Hash6925e8f5c208aae4dd55cadd1340f180 a03365e7fb59c9588b3b7963e18c0b3e5d4cb369 6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d
GET /images/uye-girisi.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:11 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/footer-icon2.png | 88.99.254.43 | 200 OK | 850 B |
URL GET HTTP/1.1www.dosya.tc/images/footer-icon2.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash51a472b4a51ea9245ee6f4386f07818f a19e86c411dc6da3592d1f90e89ddf68df1fee3c eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750
GET /images/footer-icon2.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/download.gif | 88.99.254.43 | 200 OK | 7.2 kB |
URL GET HTTP/1.1www.dosya.tc/images/download.gif IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeGIF image data, version 89a, 300 x 86 Hasha9a5324512e43e463fe0a00118ad0c37 5375ae6855a34619ce428da5f835fc9d9ce06124 7964b17bc443c3bcf422211a690ac4bc62ad981d77d5c0b6bdddc982b8615a25
GET /images/download.gif HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:05 GMT
Accept-Ranges: bytes
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif
|
|
| www.dosya.tc/images/background.webp | 88.99.254.43 | 200 OK | 113 kB |
URL GET HTTP/1.1www.dosya.tc/images/background.webp IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1050, Scaling: [none]x[none], YUV color, decoders should clamp Size113 kB (112776 bytes) Hash2b08bddebb64127b30bc913f73cdab61 f8911fd91f0302e88e7fe6e089ba20af32269b79 0804b26a6993fc6ee8e977f77aa9ce5ddf9c4fe69773b296cc292ee7b2a5ac1b
GET /images/background.webp HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:03 GMT
Accept-Ranges: bytes
Content-Length: 112776
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/webp
|
|
| www.dosya.tc/images/menu-ayrac.png | 88.99.254.43 | 200 OK | 125 B |
URL GET HTTP/1.1www.dosya.tc/images/menu-ayrac.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 2 x 52, 8-bit/color RGB, non-interlaced Hash35a0591c63feeb75e3e547e894ff6e2d 7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c 9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced
GET /images/menu-ayrac.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:10 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/apple-touch-icon.png | 88.99.254.43 | 200 OK | 6.6 kB |
URL GET HTTP/1.1www.dosya.tc/apple-touch-icon.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced Hashbfd9b50e03f63b25c253a5d6fa5c5ef4 b4c68746da8a1da96b57d37990bfbfb0f716c14b ca0f27136956761254299ac92d78aecca2c21841760c56904d894eb13ea0237f
GET /apple-touch-icon.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:24 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:55:43 GMT
Accept-Ranges: bytes
Content-Length: 6556
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/favicon-16x16.png | 88.99.254.43 | 200 OK | 1.6 kB |
URL GET HTTP/1.1www.dosya.tc/favicon-16x16.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash05c5d89a72c5dc5e863e151cc5fa9b68 df5a0242031f54494fe0bf1b2d7290cd5e864a15 cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46
GET /favicon-16x16.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:24 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:55:45 GMT
Accept-Ranges: bytes
Content-Length: 1594
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
|
|
| my.rtmark.net/gid.js?userId=0080588517664caeee1f0695ab8e039d | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=0080588517664caeee1f0695ab8e039d IP139.45.195.8:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashfb12de2d9a06747cae6d8bd516b705f6 f807b099f5da956b2e233b1c54f778ec1eaaa1be e768051c241dc8ad916c3c1d0710e204b742eb504d3031cdab9afb8dc8fc8042
GET /gid.js?userId=0080588517664caeee1f0695ab8e039d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 | 139.45.197.250 | 200 OK | 880 B |
URL GET HTTP/2moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashc443b2804666b23b6b9aa07e87a1e87a 49b957a75cdb23928f7708c30e9cee246159bda4 da3741713f86830bf25ec6bc51242e0be9fc170eb46cb11c17df0e4a02dadfd2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 08b78ede435c5a9a7f76e8fe2c1089ef
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| deenoacepok.com/?rb=iO-LP5Y2h2tAvmTtJFRx59Xn_y9W6lvZUlSsUotJkpfnmAZOtshuT4pgJ5Z17KkCjaFC99ci5mpIJ8zVvxdJdM6_X4KAOkfcZ7lKQIjNxWXeUXoZVZcVjK0kWtwIGUXf5lKWHmP1mXNKfERTDtbefgvQzeb8OOYI5uaPsgBb9MWUH4_PKqNF-QoXnxWgdm4_B3PZUNEhU__9rC0YS40DS3poAid7u9xKLpLtMvYG2iDORAHmDzuUt7gSOkfxWY8wVswCb2Mi1kM%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=e77493c2-183f-4962-8c57-ab88697644dd&wasm=1&userId=0080588517664caeee1f0695ab8e039d&m=link | 139.45.197.242 | 200 OK | 35 kB |
URL GET HTTP/2deenoacepok.com/?rb=iO-LP5Y2h2tAvmTtJFRx59Xn_y9W6lvZUlSsUotJkpfnmAZOtshuT4pgJ5Z17KkCjaFC99ci5mpIJ8zVvxdJdM6_X4KAOkfcZ7lKQIjNxWXeUXoZVZcVjK0kWtwIGUXf5lKWHmP1mXNKfERTDtbefgvQzeb8OOYI5uaPsgBb9MWUH4_PKqNF-QoXnxWgdm4_B3PZUNEhU__9rC0YS40DS3poAid7u9xKLpLtMvYG2iDORAHmDzuUt7gSOkfxWY8wVswCb2Mi1kM%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=e77493c2-183f-4962-8c57-ab88697644dd&wasm=1&userId=0080588517664caeee1f0695ab8e039d&m=link IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectdeenoacepok.com Fingerprint0D:76:17:06:1C:25:7C:C3:91:09:56:0F:C9:97:C9:9E:3E:AB:60:FB ValidityThu, 09 May 2024 18:55:12 GMT - Wed, 07 Aug 2024 18:55:11 GMT
File typegzip compressed data, max speed, from Unix Hash25318b16a4b537837bc510d4b6ebe6bd bfeafdf62e6100a81525994238655950580cc495 b8b5c27b6f4b86d4c03fff34104fcb376dfe93d362ba6f3a06471353068d7c7b
GET /?rb=iO-LP5Y2h2tAvmTtJFRx59Xn_y9W6lvZUlSsUotJkpfnmAZOtshuT4pgJ5Z17KkCjaFC99ci5mpIJ8zVvxdJdM6_X4KAOkfcZ7lKQIjNxWXeUXoZVZcVjK0kWtwIGUXf5lKWHmP1mXNKfERTDtbefgvQzeb8OOYI5uaPsgBb9MWUH4_PKqNF-QoXnxWgdm4_B3PZUNEhU__9rC0YS40DS3poAid7u9xKLpLtMvYG2iDORAHmDzuUt7gSOkfxWY8wVswCb2Mi1kM%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=e77493c2-183f-4962-8c57-ab88697644dd&wasm=1&userId=0080588517664caeee1f0695ab8e039d&m=link HTTP/1.1
Host: deenoacepok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: OAID=0080588517664caeee1f0695ab8e039d; oaidts=1715348544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json
x-trace-id: 536fd64288288e7ca05af36254bee8f9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 17 May 2024 13:42:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| cameesse.net/1?z=5968116 | 139.45.197.242 | 200 OK | 16 kB |
IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typegzip compressed data, max speed, from Unix Hashe4ab8556ac03e54a33997511e271c4e0 db7b0b2616a62888a2ee1879189db04dd2c3c9ee ed386d21e70845ab984cf8834fd1517d63ba886bc3455bba5fbeb1db08637ed7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1?z=5968116 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 499da4b783c52cb6e6077e03251a835f
access-control-expose-headers: X-Sc
x-sc: 3qRyzQfWi1ZM0pFBIYavr6W9OZmnkfrdNopgDIrD4lZMgeCsFtHlgh8LrlZQM3XUrUjmW3HOdFjgEOA8dpRyNcTBIyI=
set-cookie: scm=1; expires=Sat, 10 May 2025 13:42:24 GMT; secure; SameSite=None
OAID=04005887ea5747cbe48055edc9d34443; expires=Sat, 10 May 2025 13:42:24 GMT; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:24 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 391
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a5ba6bff148276c8d6fea06687564d2a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| www.dosya.tc/sw.js | 88.99.254.43 | 404 Not Found | 3.6 kB |
IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeJavaScript source, ISO-8859 text Hashabca2f9dd88e6a7b1673979a0f446b7f 80644e4480fd9cf476740e03dc28e01620319cf4 fad0b231e90295e6c492cdb977f73af3ac2d6613ebc3c32fa5c5fa3c0e950685
GET /sw.js HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
DNT: 1
Connection: keep-alive
Cookie: prefetchAd_5968118=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 13:42:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 747
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5ad2cffea82255c3f5d887143495da27
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=f5fda502-a7ff-426d-9a9b-696a2ab2c9aa | 139.45.195.254 | 200 OK | 12 B |
URL POST HTTP/1.1fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=f5fda502-a7ff-426d-9a9b-696a2ab2c9aa IP139.45.195.254:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerSectigo Limited Subjectfleraprt.com Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=f5fda502-a7ff-426d-9a9b-696a2ab2c9aa HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1412
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 10 May 2024 13:42:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.dosya.tc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2gishejuy.com/500/5968115?excludes=&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /500/5968115?excludes=&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashb5cfdf33dccf867b4b9fb0cc80282f99 58f3985a885fa97383ad876dd3cfaeafe4b8c4a4 0fc8499be86251e27d6799adce388d4209d932be7e6872bb7fee3be1f63af7af
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 527
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d | 139.45.197.242 | 204 No Content | 0 B |
URL OPTIONS HTTP/2cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash77a6d302a90ba172d9fae74b9bc66133 5ba9ee361e48eda966b40bcc1540017cf98f98bc 94a6a459e0513ca4174db64bd6150398e94f44248bb5605f6639855b40edde25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 1715
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?pub=0&userId=10a0d42c9f114b0fb1e30bbb9a40d3b7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?pub=0&userId=10a0d42c9f114b0fb1e30bbb9a40d3b7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher IP139.45.195.8:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashfb12de2d9a06747cae6d8bd516b705f6 f807b099f5da956b2e233b1c54f778ec1eaaa1be e768051c241dc8ad916c3c1d0710e204b742eb504d3031cdab9afb8dc8fc8042
GET /gid.js?pub=0&userId=10a0d42c9f114b0fb1e30bbb9a40d3b7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: ID=0080588517664caeee1f0695ab8e039d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 172.67.22.216 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP172.67.22.216:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:25 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 10 May 2024 20:16:56 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62729
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a36fb9fb50f-OSL
X-Firefox-Spdy: h2
|
|
| cameesse.net/11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=134 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2cameesse.net/11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=134 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=134 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=0080588517664caeee1f0695ab8e039d; oaidts=1715348544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: cd2004dceeaaf77e11975e7e9c8bb083
access-control-expose-headers: X-Sc
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| cameesse.net/121?rnd=311753044&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D812793314160939008&cln={CELL_NUMBER}&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&bag=12zEY1nBan10dqfOdX7fmNsP-KAjIJqm&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008 | 139.45.197.242 | 302 Found | 0 B |
URL GET HTTP/2cameesse.net/121?rnd=311753044&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D812793314160939008&cln={CELL_NUMBER}&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&bag=12zEY1nBan10dqfOdX7fmNsP-KAjIJqm&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /121?rnd=311753044&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D812793314160939008&cln={CELL_NUMBER}&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&bag=12zEY1nBan10dqfOdX7fmNsP-KAjIJqm&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=0080588517664caeee1f0695ab8e039d; oaidts=1715348544
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-length: 0
location: https://www.nbfcs.org/#signUp=812793314160939008
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 1ae76fce5e1c5f7aba86f88b6e3e391d
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d | 139.45.197.242 | 204 No Content | 2.6 kB |
URL OPTIONS HTTP/2cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hash5b612c636f60ce7e9d4b1e6310a7d5de 4c5303a3194343086567fc1387c895a63bdd1a22 9a0bfaefcdd679046aa8e8aff6448cb824f369638ceb8c40f5d58152dccb0ee8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 354
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=04005887ea5747cbe48055edc9d34443; oaidts=1715348544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 14b625ad650437cfd7d5e39fef55d072
access-control-expose-headers: X-Sc
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash07ccf494111812c3536226af3a979e5f fd6d88de73356bbf438acc8966741a16afa957e0 1be48101cf038b38264ee57efe8ced7fa97f59317ebd04dc5fa4d8482a835735
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 527
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a | 139.45.197.242 | 200 OK | 131 kB |
URL GET HTTP/2cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typegzip compressed data, max speed, from Unix Size131 kB (131084 bytes) Hash3fa88502945dcc697baa30a2d98e4b88 812c54c78141c94f125e5789d14d8b98ea23dc27 1cfa9dc6e1163fa92ed0684a382e84d399c42b0d319ee4a2bee3c25a2200862e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=04005887ea5747cbe48055edc9d34443; oaidts=1715348544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: eb493e0a04800572d0dc4a753807ad5f
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 388
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d40ef76702d4cbc0e41327b6855eeece
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/defaultSkin.min.js | 139.45.197.250 | 200 OK | 28 kB |
URL GET HTTP/2moonoafy.net/pfe/current/defaultSkin.min.js IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typegzip compressed data, max speed, from Unix Hashd73d4ab40324602db2f5cb961ac4d0b9 f7c16cca23fb07bb9df2f6d295d4b61ebb151d06 7ad86340f1531d6cad452b93c04c64798b95786532daa80235c1892868138383
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-df63"
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.nbfcs.org/ | 95.211.117.215 | | 11 B |
IP95.211.117.215:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeASCII text, with no line terminators Hash32682312d17c7cbf18e73594f5570319 60e22121bdd0bc71cdb2bae2a3aa577006b2eae9 e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 10 May 2024 13:42:25 GMT
location: http://ww1.nbfcs.org/?subid1=2299fbb5-0ed3-11ef-81fd-51e67a067a85
server: Cowboy
set-cookie: sid=2299fbb5-0ed3-11ef-81fd-51e67a067a85; path=/; domain=.nbfcs.org; expires=Wed, 28 May 2092 16:56:32 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/tE89IitxTejLi_UxhVxq6aOAfkGDLdp2lNn-j770BQYJAVCUd_zMi_qoyhjWwprWRd07AEhpNzc8JM_KpR_j9WqAc4bac1pA7tK6ybsbjd4NAcoxl0D-y0EJs2RLSzdzB8iZcAl28gguFigbZBM3439q9ywTzUH7Ab06z6U-F57TsJVvZ0wPBu3slvXJpWq4KKX-Rv3-3O3VTa7PbgbfH04he0rAYueiR9seCzWFQRSoRrUzXXtzQStS1xcvza-nF1I8wzg5Hl4JjbtWDTlkxcaUm2g2uR5F_aOL0e6S-K28ZFPBFe1oLOWPJVIdwHXkKQ9cQVB39yQ-5KoBFGSPuZmRSG3X27rVtgn7pseOfeBL78Up078x5s-0DcTJiYzswMNN6_EmwofWP5Z89rOEk2cSosBOlwNHcfFsRwKCfB57roQnIjgTA9mtfubyqRbYNKLAaTFz4lOOrfCil0QegLno2kJn1d6pDGohYo_4NC1bix8xyXvkEy97STfZHrqKTtR47aRaeTkNQBCOv0a93c1qs8dzGfABJFOJ5VETj_R8vBKcLQ1lSdIX2HH11e2H563j45z5IbD965On6RXc9oUWzMuS1MqW31kPA97sIutrOCCHt7cMGHYm55xjxIVHQNLokbtuxcke-nYjuoQldw==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/tE89IitxTejLi_UxhVxq6aOAfkGDLdp2lNn-j770BQYJAVCUd_zMi_qoyhjWwprWRd07AEhpNzc8JM_KpR_j9WqAc4bac1pA7tK6ybsbjd4NAcoxl0D-y0EJs2RLSzdzB8iZcAl28gguFigbZBM3439q9ywTzUH7Ab06z6U-F57TsJVvZ0wPBu3slvXJpWq4KKX-Rv3-3O3VTa7PbgbfH04he0rAYueiR9seCzWFQRSoRrUzXXtzQStS1xcvza-nF1I8wzg5Hl4JjbtWDTlkxcaUm2g2uR5F_aOL0e6S-K28ZFPBFe1oLOWPJVIdwHXkKQ9cQVB39yQ-5KoBFGSPuZmRSG3X27rVtgn7pseOfeBL78Up078x5s-0DcTJiYzswMNN6_EmwofWP5Z89rOEk2cSosBOlwNHcfFsRwKCfB57roQnIjgTA9mtfubyqRbYNKLAaTFz4lOOrfCil0QegLno2kJn1d6pDGohYo_4NC1bix8xyXvkEy97STfZHrqKTtR47aRaeTkNQBCOv0a93c1qs8dzGfABJFOJ5VETj_R8vBKcLQ1lSdIX2HH11e2H563j45z5IbD965On6RXc9oUWzMuS1MqW31kPA97sIutrOCCHt7cMGHYm55xjxIVHQNLokbtuxcke-nYjuoQldw==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impression/tE89IitxTejLi_UxhVxq6aOAfkGDLdp2lNn-j770BQYJAVCUd_zMi_qoyhjWwprWRd07AEhpNzc8JM_KpR_j9WqAc4bac1pA7tK6ybsbjd4NAcoxl0D-y0EJs2RLSzdzB8iZcAl28gguFigbZBM3439q9ywTzUH7Ab06z6U-F57TsJVvZ0wPBu3slvXJpWq4KKX-Rv3-3O3VTa7PbgbfH04he0rAYueiR9seCzWFQRSoRrUzXXtzQStS1xcvza-nF1I8wzg5Hl4JjbtWDTlkxcaUm2g2uR5F_aOL0e6S-K28ZFPBFe1oLOWPJVIdwHXkKQ9cQVB39yQ-5KoBFGSPuZmRSG3X27rVtgn7pseOfeBL78Up078x5s-0DcTJiYzswMNN6_EmwofWP5Z89rOEk2cSosBOlwNHcfFsRwKCfB57roQnIjgTA9mtfubyqRbYNKLAaTFz4lOOrfCil0QegLno2kJn1d6pDGohYo_4NC1bix8xyXvkEy97STfZHrqKTtR47aRaeTkNQBCOv0a93c1qs8dzGfABJFOJ5VETj_R8vBKcLQ1lSdIX2HH11e2H563j45z5IbD965On6RXc9oUWzMuS1MqW31kPA97sIutrOCCHt7cMGHYm55xjxIVHQNLokbtuxcke-nYjuoQldw==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=0080588517664caeee1f0695ab8e039d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:29 GMT
content-type: image/gif
content-length: 43
x-trace-id: 5820ccf18cc9a064290de044af82706c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=19845928&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2gishejuy.com/500/5968115?excludes=19845928&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /500/5968115?excludes=19845928&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:29 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/3303c3ec46f8b840a87559e75824b84b.jpg | 172.67.22.216 | 200 OK | 9.3 kB |
URL GET HTTP/2offerimage.com/www/images/3303c3ec46f8b840a87559e75824b84b.jpg IP172.67.22.216:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash3303c3ec46f8b840a87559e75824b84b dca17ecb9395b5e83d50ba8c140af48d0b5a76ae a680f7fe40d758da9e24159585e9d43a5080c8130fcf8349fae977243b6a0987
GET /www/images/3303c3ec46f8b840a87559e75824b84b.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:30 GMT
content-type: image/jpeg
content-length: 9292
cache-control: max-age=86400
cf-bgj: h2pri
etag: "64aecb18-244c"
expires: Fri, 10 May 2024 20:16:41 GMT
last-modified: Wed, 12 Jul 2023 15:47:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62749
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a558935b50f-OSL
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 172.67.22.216 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP172.67.22.216:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:30 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 10 May 2024 20:16:56 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62734
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a567ac0b50f-OSL
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/jVoa7TYCNgF6Bu4Yg5WN1yKeifsauMJsnaxvguSTmwMPMnTPA4d7P6TeV9YDQsNe9UJSzEJebkCXAWCtntVa5eFUUgEUIEcEPBCNRHVDCvrty_NOIaIPh10Ib9zfqjqAzZz67CG2n7k7X012ZIfTiS3fWcv36XMCb8PtgOdN2AbF5avZtcCWcZTooV4Y82GCe6byE-D84Ct1d1F4TrI2APi-aV9iMnuZRnVQAcza58IUEd1IbVenawl1cZLgAjkZ9bXJvw2PiaydJUE0teq8MTNxZw7JumrcYUSCIJvDyM-V29x_gHxNgz5hsGBaafZBN3hPI_Rduuu4rxhRcAem3e-U8E2IpjSPh00h-1gH9q0h21KnMVlDeggqmf0kIB_mTBK_q92egQGMD19usyjNy2mLPx5l-INbQUEVN0F8fTYzCltdilrJJ2YkTev4kM9vJ0qQI-XJxUpe7S5GMCzMdcxVCtzBEhhytFLOib_MV6mrBvN6gP6OBTAyNo6Mfq8HUIigHTa7r9l1WQio3PsMJXTT6gdZ84Mzf2WTQz5aNjuc8YOrenlppIl3ThU5loLeQD83MxGa2cB9JwjfwiAylICX2YAr5SQUJYoT_cL7zf7Rs6rDNBEBjpZHXr5BVZbyxrkWZHxmfao=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/jVoa7TYCNgF6Bu4Yg5WN1yKeifsauMJsnaxvguSTmwMPMnTPA4d7P6TeV9YDQsNe9UJSzEJebkCXAWCtntVa5eFUUgEUIEcEPBCNRHVDCvrty_NOIaIPh10Ib9zfqjqAzZz67CG2n7k7X012ZIfTiS3fWcv36XMCb8PtgOdN2AbF5avZtcCWcZTooV4Y82GCe6byE-D84Ct1d1F4TrI2APi-aV9iMnuZRnVQAcza58IUEd1IbVenawl1cZLgAjkZ9bXJvw2PiaydJUE0teq8MTNxZw7JumrcYUSCIJvDyM-V29x_gHxNgz5hsGBaafZBN3hPI_Rduuu4rxhRcAem3e-U8E2IpjSPh00h-1gH9q0h21KnMVlDeggqmf0kIB_mTBK_q92egQGMD19usyjNy2mLPx5l-INbQUEVN0F8fTYzCltdilrJJ2YkTev4kM9vJ0qQI-XJxUpe7S5GMCzMdcxVCtzBEhhytFLOib_MV6mrBvN6gP6OBTAyNo6Mfq8HUIigHTa7r9l1WQio3PsMJXTT6gdZ84Mzf2WTQz5aNjuc8YOrenlppIl3ThU5loLeQD83MxGa2cB9JwjfwiAylICX2YAr5SQUJYoT_cL7zf7Rs6rDNBEBjpZHXr5BVZbyxrkWZHxmfao=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impression/jVoa7TYCNgF6Bu4Yg5WN1yKeifsauMJsnaxvguSTmwMPMnTPA4d7P6TeV9YDQsNe9UJSzEJebkCXAWCtntVa5eFUUgEUIEcEPBCNRHVDCvrty_NOIaIPh10Ib9zfqjqAzZz67CG2n7k7X012ZIfTiS3fWcv36XMCb8PtgOdN2AbF5avZtcCWcZTooV4Y82GCe6byE-D84Ct1d1F4TrI2APi-aV9iMnuZRnVQAcza58IUEd1IbVenawl1cZLgAjkZ9bXJvw2PiaydJUE0teq8MTNxZw7JumrcYUSCIJvDyM-V29x_gHxNgz5hsGBaafZBN3hPI_Rduuu4rxhRcAem3e-U8E2IpjSPh00h-1gH9q0h21KnMVlDeggqmf0kIB_mTBK_q92egQGMD19usyjNy2mLPx5l-INbQUEVN0F8fTYzCltdilrJJ2YkTev4kM9vJ0qQI-XJxUpe7S5GMCzMdcxVCtzBEhhytFLOib_MV6mrBvN6gP6OBTAyNo6Mfq8HUIigHTa7r9l1WQio3PsMJXTT6gdZ84Mzf2WTQz5aNjuc8YOrenlppIl3ThU5loLeQD83MxGa2cB9JwjfwiAylICX2YAr5SQUJYoT_cL7zf7Rs6rDNBEBjpZHXr5BVZbyxrkWZHxmfao=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=0080588517664caeee1f0695ab8e039d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:32 GMT
content-type: image/gif
content-length: 43
x-trace-id: f6b859596feeeab068ab56cd59a4c840
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/3303c3ec46f8b840a87559e75824b84b.jpg | 172.67.22.216 | 200 OK | 9.3 kB |
URL GET HTTP/2offerimage.com/www/images/3303c3ec46f8b840a87559e75824b84b.jpg IP172.67.22.216:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash3303c3ec46f8b840a87559e75824b84b dca17ecb9395b5e83d50ba8c140af48d0b5a76ae a680f7fe40d758da9e24159585e9d43a5080c8130fcf8349fae977243b6a0987
GET /www/images/3303c3ec46f8b840a87559e75824b84b.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:33 GMT
content-type: image/jpeg
content-length: 9292
cache-control: max-age=86400
cf-bgj: h2pri
etag: "64aecb18-244c"
expires: Fri, 10 May 2024 20:16:41 GMT
last-modified: Wed, 12 Jul 2023 15:47:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62752
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a693f2eb50f-OSL
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=xeu0HIRlK0x8GW47TN6nlmwh741EbsBIqtCdmVliV4T6KfOxFIiElamfXsbBC-t7FnWtm5siz4cGjNA7Bacrf1d7qBMQlGzumMIShTjjO1_EuEYFKskBT7GkBO47sFx4
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 10 May 2024 13:40:50 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 112
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| cameesse.net/11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2cameesse.net/11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=0080588517664caeee1f0695ab8e039d; oaidts=1715348544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:45 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: d503aed27f43e2e8cb19a6d0f31e3034
access-control-expose-headers: X-Sc
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:45 GMT; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:45 GMT; secure; SameSite=None
oaidvc=1; expires=Sat, 10 May 2025 13:42:45 GMT; secure; SameSite=None
CNT=1_v1_o4fwAAEAAACNTQAA; expires=Fri, 10 May 2024 14:42:45 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/tag.min.js?z=5968117 | 139.45.197.250 | 200 OK | 15 kB |
URL GET HTTP/2moonoafy.net/pfe/current/tag.min.js?z=5968117 IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (14612), with no line terminators Hashffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/tag.min.js?z=5968117 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| inklinkor.com/tag.min.js | 172.67.211.29 | 200 OK | 90 kB |
IP172.67.211.29:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerGoogle Trust Services LLC Subjectinklinkor.com Fingerprint28:84:D7:8F:63:D7:99:15:D5:E8:2C:F5:74:62:0D:94:C1:0A:EF:95 ValidityWed, 17 Apr 2024 17:58:45 GMT - Tue, 16 Jul 2024 17:58:44 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashe3024b1a3cbcc47f3eef4bab101c0b7f 73f6d27a2ff5cbf11ab455917016b5f70ba63444 41e1c3be0f91a1766e024356a7c4feee73a360f9f5691b79d6ceab270fd51edc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:23 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 572b03ef9cee94d3764156900ed5fe51
cache-control: max-age=86400
last-modified: Thu, 09 May 2024 21:47:18 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 11 May 2024 13:40:21 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 122
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C4vPzEGRcsEgGHRH6KPDJ%2BBTF4IISC5ajvPjURAhPWhICnjxymRXCPK0SzCyOY0YN4ULoWwXN7nqtaaTZUxrcdThwWFh%2BWxrPxpf%2F2GEAnqBlrH%2FF9E9AOjwdL3NgvKk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a2fb8415685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.nbfcs.org/ | 95.211.117.215 | 302 Found | 0 B |
IP95.211.117.215:443 ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectnbfcs.org FingerprintE3:83:6F:69:48:41:C8:15:8B:C9:60:80:00:84:9A:A7:01:18:85:36 ValidityFri, 05 Apr 2024 04:35:50 GMT - Thu, 04 Jul 2024 04:35:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 10 May 2024 13:42:25 GMT
location: http://ww1.nbfcs.org/?subid1=2299fbb5-0ed3-11ef-81fd-51e67a067a85
server: Cowboy
set-cookie: sid=2299fbb5-0ed3-11ef-81fd-51e67a067a85; path=/; domain=.nbfcs.org; expires=Wed, 28 May 2092 16:56:32 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
|
|
| tzegilo.com/stattag.js | 172.67.193.52 | 200 OK | 19 kB |
IP172.67.193.52:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerGoogle Trust Services LLC Subjecttzegilo.com Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1 ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT
File typeJavaScript source, ASCII text, with very long lines (18486) Hash70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5044
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u755Zc5MAkiFdvh2JvRgb%2FLL162se9QM6kjXTHA%2FZGoI5w7oVTxF01GxKs%2F9RGlngL3jORI%2BZduN0a7Vr7B26ZQ2FD5dpt96x9iac6w2G0mOM3zTFecFpLZ5jZdX1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a341eb85691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/universal.min.js?v=3.1.504 | 139.45.197.250 | 200 OK | 90 kB |
URL GET HTTP/2moonoafy.net/pfe/current/universal.min.js?v=3.1.504 IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-15efa"
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| gishejuy.com/400/5968115 | 139.45.197.242 | 200 OK | 84 kB |
IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hasha77625f22af70d0aa562629dc324a058 24db27eecd92a25de56dd16215be62fe35eb0e00 3e40e68120f2dfb4e5a6be6fd22cb47af0e9f78d4733816209211ccbba88383c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /400/5968115 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
x-trace-id: 385b2de3935c757fd9fac89f5629c843
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03005812f0f14bcee0c3d7b80ff1f5c5; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| deenoacepok.com/5/5968118/?oo=1&js_build=iclick-v1.792.1-auto | 139.45.197.242 | 200 OK | 3.0 kB |
URL GET HTTP/2deenoacepok.com/5/5968118/?oo=1&js_build=iclick-v1.792.1-auto IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server41/2z8jq4/reach.zip.html CertificateIssuerLet's Encrypt Subjectdeenoacepok.com Fingerprint0D:76:17:06:1C:25:7C:C3:91:09:56:0F:C9:97:C9:9E:3E:AB:60:FB ValidityThu, 09 May 2024 18:55:12 GMT - Wed, 07 Aug 2024 18:55:11 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3217), with no line terminators Hashfd48edecce6cb4dc9374752848af4fca e69d248a5d244843c67d8eeec4e0750b23547491 e85b83da841dc370af6d9447cea3abd602c91c0b3a3d562e0e5ca91d7c6f8837
GET /5/5968118/?oo=1&js_build=iclick-v1.792.1-auto HTTP/1.1
Host: deenoacepok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json
x-trace-id: 42a36a16977b11b31e7a3822605d6e40
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|