Report - www.dosya.tc/server14/lyelia/FiveMYol.zip.html

Report Overview

Submitted URL
www.dosya.tc/server14/lyelia/FiveMYol.zip.html
IP
88.99.254.43
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-08 18:52:46
Access
public
Website Title
FiveMYol.zip dosyasını indir - download
Final URL
www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
moonoafy.net	unknown	2024-01-09	2024-01-09	2024-04-30	3.3 kB	110 kB	139.45.197.250
glakaits.net	unknown	unknown	No data	No data	1.6 kB	22 kB	139.45.197.242
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-07	512 B	1.2 kB	35.244.181.201
externalde.com	unknown	2024-02-28	2024-02-28	2024-05-07	655 B	1.7 kB	188.114.96.1
track.jefytrack.com	unknown	2023-07-04	2023-09-05	2024-05-07	744 B	2.2 kB	143.204.55.73
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-08	1.0 kB	1.5 kB	139.45.195.8
inklinkor.com	unknown	2022-04-01	2022-04-01	2024-05-02	395 B	32 kB	172.67.211.29
fleraprt.com	unknown	2022-01-14	2022-01-14	2024-05-07	563 B	480 B	139.45.195.254
offerimage.com	304078	2019-06-10	2019-06-10	2024-05-07	1.8 kB	80 kB	104.22.32.172
gishejuy.com	unknown	2023-10-25	2023-10-25	2024-05-04	6.0 kB	38 kB	139.45.197.242
tzegilo.com	unknown	2022-01-14	2022-01-14	2024-05-07	393 B	8.3 kB	172.67.193.52
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-07	2.0 kB	2.2 kB	139.45.197.250
cameesse.net	unknown	2023-10-18	2023-10-18	2024-05-02	6.4 kB	465 kB	139.45.197.242
securedpeacomm.com	unknown	2023-02-27	2023-02-27	2024-05-08	673 B	892 B	104.21.64.36
lkbx.me	117868	2020-11-24	2020-12-14	2024-05-08	496 B	1.4 kB	47.89.248.255
www.dosya.tc	unknown	2008-08-26	2012-05-20	2024-03-09	6.4 kB	313 kB	88.99.254.43
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-07	338 B	942 B	143.204.53.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	moonoafy.net	Sinkholed
2024-05-08	medium	gishejuy.com	Sinkholed
2024-05-08	medium	inklinkor.com	Sinkholed
2024-05-08	medium	moonoafy.net	Sinkholed
2024-05-08	medium	amunfezanttor.com	Sinkholed
2024-05-08	medium	moonoafy.net	Sinkholed
2024-05-08	medium	amunfezanttor.com	Sinkholed
2024-05-08	medium	moonoafy.net	Sinkholed
2024-05-08	medium	cameesse.net	Sinkholed
2024-05-08	medium	cameesse.net	Sinkholed
2024-05-08	medium	cameesse.net	Sinkholed
2024-05-08	medium	gishejuy.com	Sinkholed
2024-05-08	medium	amunfezanttor.com	Sinkholed
2024-05-08	medium	amunfezanttor.com	Sinkholed
2024-05-08	medium	gishejuy.com	Sinkholed
2024-05-08	medium	moonoafy.net	Sinkholed
2024-05-08	medium	gishejuy.com	Sinkholed
2024-05-08	medium	gishejuy.com	Sinkholed
2024-05-08	medium	gishejuy.com	Sinkholed
2024-05-08	medium	cameesse.net	Sinkholed
2024-05-08	medium	cameesse.net	Sinkholed
2024-05-08	medium	moonoafy.net	Sinkholed
2024-05-08	medium	cameesse.net	Sinkholed
2024-05-08	medium	moonoafy.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a	413 kB	2024-04-11	2024-05-20
Pretty URL cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 13:26:00 Last Seen2024-05-20 00:59:07 Times Seen280 Hash 297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7 Loading...

	gishejuy.com/400/5968115	84 kB	2024-05-08	2024-05-08
Pretty URL gishejuy.com/400/5968115 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 20:52:53 Last Seen2024-05-08 20:52:53 Times Seen2 Hash 512c4848844548247678ff773ee1ccba 7a6aa3ffd03d706d2ba87136b03847cd93b6d275 0332e64ab915318cba02396fb3d7527f1ef414ff2d162d2ed8806a41fd8b8c4d Loading...

	unknown	90 kB	2024-04-25	2024-05-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen281 Hash 4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00 Loading...

	cameesse.net/1?z=5968116	43 kB	2024-05-08	2024-05-08
Pretty URL cameesse.net/1?z=5968116 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 20:52:53 Last Seen2024-05-08 20:52:53 Times Seen2 Hash 6a38272a05c7402ba0328b65c98ac2eb 907e12858733aba02730f7f8d78d191b37b111bd ad75b4bea627b55ba8e223dc095339597a515e05af40ef4c0c8f132e99159b83 Loading...

	unknown	26 kB	2023-03-07	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:51 Last Seen2024-05-19 21:09:13 Times Seen2123 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	www.dosya.tc/server14/lyelia/FiveMYol.zip.html	0 B	2023-03-07	2024-05-20
Pretty URL www.dosya.tc/server14/lyelia/FiveMYol.zip.html IP 88.99.254.43 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 01:33:13 Times Seen37850231 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	moonoafy.net/pfe/current/tag.min.js?z=5968117	15 kB	2024-04-25	2024-05-14
Pretty URL moonoafy.net/pfe/current/tag.min.js?z=5968117 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen215 Hash ffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c Loading...

	tzegilo.com/stattag.js	19 kB	2024-02-10	2024-05-20
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 03:00:18 Last Seen2024-05-20 00:59:07 Times Seen1844 Hash 70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f Loading...

	www.dosya.tc/server14/lyelia/FiveMYol.zip.html	193 B	2023-05-23	2024-05-14
Pretty URL www.dosya.tc/server14/lyelia/FiveMYol.zip.html IP 88.99.254.43 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-23 06:11:34 Last Seen2024-05-14 14:21:41 Times Seen191 Hash 419c962e4b8f01eb7a6db59d9a65c48d ad669179732f2927db555591451336a38761182b 06c42bac1c163ea85720571f261d3e13b367e30ff3fdc4dc426062cb387bd4a9 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-20
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 01:32:21 Times Seen350379 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	lkbx.me/4KqY7?uid=wkut2uh5m620na513f0cftck	0 B	2023-03-07	2024-05-20
Pretty URL lkbx.me/4KqY7?uid=wkut2uh5m620na513f0cftck IP 47.89.248.255 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 01:33:13 Times Seen37850231 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.dosya.tc/server14/lyelia/sandbox%20eval%20code	147 B	2023-04-11	2024-05-20
Pretty URL www.dosya.tc/server14/lyelia/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 01:32:21 Times Seen350894 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	inklinkor.com/tag.min.js	90 kB	2024-05-08	2024-05-09
Pretty URL inklinkor.com/tag.min.js IP 172.67.211.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:14:37 Last Seen2024-05-09 23:34:15 Times Seen51 Hash e745bff74062e85880a1f13291036bd2 c857d3f4b0325b982813490f7bf4a74708e5312b c70b66edaaf364f5992e3c511df042a24ac1dac35c0b626f22cf28b79af33bf3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 9b733f5f3f630ca6f9b31d6b11a513ab	51 kB	2023-03-26	2024-05-10
Pretty Observations First Seen2023-03-26 00:52:13 Last Seen2024-05-10 15:42:57 Times Seen78 Hash 9b733f5f3f630ca6f9b31d6b11a513ab c2a67476652d01d09e0546dbf1a5b5b7722cf109 21983caf7c27e11156f3f1e67a4afe1031bef8632595e655fb5e3077c7362e4d Loading...

HTTP Transactions (54)

URL IP Response Size

www.dosya.tc/server14/lyelia/FiveMYol.zip.html

88.99.254.43

200 OK

3.6 kB

URL User Request GET HTTP/1.1
www.dosya.tc/server14/lyelia/FiveMYol.zip.html
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3634 bytes)
Hash
563ae6107ac76fc65631cb02a54357c0
dbcb8d5f378f91e79e4195658dc483e7ef62c278
3deed5544f746e47374b954b5a4306ffcea70731e8819115ccdae3b7dedbca52

HTTP Headers

GET /server14/lyelia/FiveMYol.zip.html HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

www.dosya.tc/style/style.css

88.99.254.43

200 OK

15 kB

URL GET HTTP/1.1
www.dosya.tc/style/style.css
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
assembler source, ASCII text
Size
15 kB (14629 bytes)
Hash
e36585a9f4a781f9445425224c85e695
4a34bb8474bd8d15a5313a157ca72bf8552910cc
2b8c3599f9d693fc1422d4ad7c8fe6b9fbb2ade6b19a89c55e0d94f02252410a

HTTP Headers

GET /style/style.css HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:15 GMT
Accept-Ranges: bytes
Content-Length: 14629
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.dosya.tc/style/bootstrap.css

88.99.254.43

200 OK

146 kB

URL GET HTTP/1.1
www.dosya.tc/style/bootstrap.css
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
ASCII text, with very long lines (386)
Size
146 kB (145933 bytes)
Hash
2dbb985a5bb6dd8ef0a7b21d290ea9ae
f8676e1f4a902a63088f45982f3f9b6a6c401b47
d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a

HTTP Headers

GET /style/bootstrap.css HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:15 GMT
Accept-Ranges: bytes
Content-Length: 145933
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.dosya.tc/images/logo.png

88.99.254.43

200 OK

7.2 kB

URL GET HTTP/1.1
www.dosya.tc/images/logo.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 191 x 53, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7157 bytes)
Hash
2a193802d40b18cd55b0d159571bf63c
1a4e4bdf88317471241d9e5ee29d9572be3f37e3
77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:10 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/footer-icon3.png

88.99.254.43

200 OK

1.7 kB

URL GET HTTP/1.1
www.dosya.tc/images/footer-icon3.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
1.7 kB (1702 bytes)
Hash
3a61d85a6bb0a45429b1e4b7d945aa95
6fcdf44c20d1ed269303583e16a98e245fa7b69b
c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732

HTTP Headers

GET /images/footer-icon3.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/footer-icon2.png

88.99.254.43

200 OK

850 B

URL GET HTTP/1.1
www.dosya.tc/images/footer-icon2.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
850 B (850 bytes)
Hash
51a472b4a51ea9245ee6f4386f07818f
a19e86c411dc6da3592d1f90e89ddf68df1fee3c
eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750

HTTP Headers

GET /images/footer-icon2.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/footer-icon1.png

88.99.254.43

200 OK

582 B

URL GET HTTP/1.1
www.dosya.tc/images/footer-icon1.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
582 B (582 bytes)
Hash
e62d200d08f565563cc9b713729bbaa6
3a130f79117f2aaa91154eb56a22b47de8c06a50
101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3

HTTP Headers

GET /images/footer-icon1.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/uye-girisi.png

88.99.254.43

200 OK

3.0 kB

URL GET HTTP/1.1
www.dosya.tc/images/uye-girisi.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 140 x 51, 8-bit/color RGB, non-interlaced
Size
3.0 kB (2979 bytes)
Hash
6925e8f5c208aae4dd55cadd1340f180
a03365e7fb59c9588b3b7963e18c0b3e5d4cb369
6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d

HTTP Headers

GET /images/uye-girisi.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:11 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/download.gif

88.99.254.43

200 OK

7.2 kB

URL GET HTTP/1.1
www.dosya.tc/images/download.gif
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
GIF image data, version 89a, 300 x 86
Size
7.2 kB (7229 bytes)
Hash
a9a5324512e43e463fe0a00118ad0c37
5375ae6855a34619ce428da5f835fc9d9ce06124
7964b17bc443c3bcf422211a690ac4bc62ad981d77d5c0b6bdddc982b8615a25

HTTP Headers

GET /images/download.gif HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:05 GMT
Accept-Ranges: bytes
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

www.dosya.tc/images/menu-ayrac.png

88.99.254.43

200 OK

125 B

URL GET HTTP/1.1
www.dosya.tc/images/menu-ayrac.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 2 x 52, 8-bit/color RGB, non-interlaced
Size
125 B (125 bytes)
Hash
35a0591c63feeb75e3e547e894ff6e2d
7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c
9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced

HTTP Headers

GET /images/menu-ayrac.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:10 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/background.webp

88.99.254.43

200 OK

113 kB

URL GET HTTP/1.1
www.dosya.tc/images/background.webp
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1050, Scaling: [none]x[none], YUV color, decoders should clamp
Size
113 kB (112776 bytes)
Hash
2b08bddebb64127b30bc913f73cdab61
f8911fd91f0302e88e7fe6e089ba20af32269b79
0804b26a6993fc6ee8e977f77aa9ce5ddf9c4fe69773b296cc292ee7b2a5ac1b

HTTP Headers

GET /images/background.webp HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:03 GMT
Accept-Ranges: bytes
Content-Length: 112776
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/webp

www.dosya.tc/apple-touch-icon.png

88.99.254.43

200 OK

6.6 kB

URL GET HTTP/1.1
www.dosya.tc/apple-touch-icon.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
Size
6.6 kB (6556 bytes)
Hash
bfd9b50e03f63b25c253a5d6fa5c5ef4
b4c68746da8a1da96b57d37990bfbfb0f716c14b
ca0f27136956761254299ac92d78aecca2c21841760c56904d894eb13ea0237f

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:21 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:55:43 GMT
Accept-Ranges: bytes
Content-Length: 6556
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/favicon-16x16.png

88.99.254.43

200 OK

1.6 kB

URL GET HTTP/1.1
www.dosya.tc/favicon-16x16.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.6 kB (1594 bytes)
Hash
05c5d89a72c5dc5e863e151cc5fa9b68
df5a0242031f54494fe0bf1b2d7290cd5e864a15
cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:21 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:55:45 GMT
Accept-Ranges: bytes
Content-Length: 1594
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

my.rtmark.net/gid.js?userId=008056c9e6564ebcf5448f49e9205d10

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=008056c9e6564ebcf5448f49e9205d10
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
5776368d00e50babc07248b2fa6e60eb
11263e87a1637cf64819a760a898d2d41479e290
5b69ce9e217f33cf1a01dd9f976a1f6996cdb34fbaad2e4131f84e90c90a5012

HTTP Headers

GET /gid.js?userId=008056c9e6564ebcf5448f49e9205d10 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.250

200 OK

880 B

URL GET HTTP/2
moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
880 B (880 bytes)
Hash
c443b2804666b23b6b9aa07e87a1e87a
49b957a75cdb23928f7708c30e9cee246159bda4
da3741713f86830bf25ec6bc51242e0be9fc170eb46cb11c17df0e4a02dadfd2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 8e5c198fe31bfd776e02896656bc5b7c
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

glakaits.net/5/5968118/?oo=1&js_build=iclick-v1.791.0

139.45.197.242

200 OK

17 kB

URL GET HTTP/2
glakaits.net/5/5968118/?oo=1&js_build=iclick-v1.791.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectglakaits.net
Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02
ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT

File type
JavaScript source, ASCII text, with very long lines (42427)
Size
17 kB (17285 bytes)
Hash
4f8f54fccafc2f5f6c4a403059541822
cd72b7164ed63886da1033bca6fefa2e6113b81b
07b0d62057b8f8fa5ffc3ef99a07c02c95b0df207426a1760b4bf6741a915ca0

HTTP Headers

GET /5/5968118/?oo=1&js_build=iclick-v1.791.0 HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json
x-trace-id: 6e43a01fdeec06be41ab5776bb2ad3c4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

gishejuy.com/400/5968115

139.45.197.242

200 OK

32 kB

URL GET HTTP/2
gishejuy.com/400/5968115
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
32 kB (32102 bytes)
Hash
512c4848844548247678ff773ee1ccba
7a6aa3ffd03d706d2ba87136b03847cd93b6d275
0332e64ab915318cba02396fb3d7527f1ef414ff2d162d2ed8806a41fd8b8c4d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/5968115 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
x-trace-id: 7f0d044db0460f9ee9ae0eace9249c1c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=030056ca9350441bfd661256566de3cc; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

www.dosya.tc/sw.js

88.99.254.43

404 Not Found

3.6 kB

URL GET HTTP/1.1
www.dosya.tc/sw.js
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3610 bytes)
Hash
abca2f9dd88e6a7b1673979a0f446b7f
80644e4480fd9cf476740e03dc28e01620319cf4
fad0b231e90295e6c492cdb977f73af3ac2d6613ebc3c32fa5c5fa3c0e950685

HTTP Headers

GET /sw.js HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
DNT: 1
Connection: keep-alive
Cookie: prefetchAd_5968118=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 18:52:21 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

tzegilo.com/stattag.js

172.67.193.52

200 OK

7.5 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18486)
Size
7.5 kB (7478 bytes)
Hash
70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2313
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2FpqtTt1%2F%2FEPEW8v69dzwOH2N3UuVU4%2FFeF9J%2FLjON9l8AMEYKvC3Z1rfJQibKjcsyTt9w6Jqg3grFNGtNy0%2BHEd1g2Qcu0VOc7tkUjwF4sKzYkXd6dYydHXCF%2FXVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba57b7eaf5685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

172.67.211.29

200 OK

31 kB

URL GET HTTP/2
inklinkor.com/tag.min.js
IP
172.67.211.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectinklinkor.com
Fingerprint28:84:D7:8F:63:D7:99:15:D5:E8:2C:F5:74:62:0D:94:C1:0A:EF:95
ValidityWed, 17 Apr 2024 17:58:45 GMT - Tue, 16 Jul 2024 17:58:44 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30853 bytes)
Hash
e745bff74062e85880a1f13291036bd2
c857d3f4b0325b982813490f7bf4a74708e5312b
c70b66edaaf364f5992e3c511df042a24ac1dac35c0b626f22cf28b79af33bf3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:20 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 1782066cdd8d6658a327f6aca81dd1f4
cache-control: max-age=86400
last-modified: Wed, 08 May 2024 14:09:05 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 May 2024 17:59:06 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 3194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zcRtT%2FB5T%2Boagul9tTLi43ppY2b7aLXzzaqV65CUaSsj6aWzekgRJ%2B8oOtKwv4%2Fn8iJyof6N%2F9Xopz7h71kD6bLYnvruaOylGz4ewdSfetdkGqOF6sou0Ha3oqgOfjtK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba576df150afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 394
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6d87260a3649062ab99a8997be57745f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/universal.min.js?v=3.1.504

139.45.197.250

200 OK

34 kB

URL GET HTTP/2
moonoafy.net/pfe/current/universal.min.js?v=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33954 bytes)
Hash
4caad44ecc6a13eba45b63ed7cf9e387
e67dfe90bebd5447495d8fe962d03e55f6d13071
66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-15efa"
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
e3bb290e6f4b1c86a382bd734486f739
2146eb6b13064a6192258cb36291cf3d971ac08e
873808afaf5c4f123d541e1695b514a767cf628db170d2b0f5a94f2a20901526

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 530
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
moonoafy.net/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008056c9e6564ebcf5448f49e9205d10

139.45.197.242

204 No Content

2.8 kB

URL OPTIONS HTTP/2
cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008056c9e6564ebcf5448f49e9205d10
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
gzip compressed data, max speed, from Unix
Size
2.8 kB (2810 bytes)
Hash
0184b4a6c3d3bd235ee232280e41b03a
0ad01f78c9bece0860ea799dc8c04069ae71b8fc
76d7228cde7491dbfc8738150fbe52b2d060621a93099e9c6a228fcf6711c03b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008056c9e6564ebcf5448f49e9205d10 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 363
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=040056e66d4e4ac3fbfd3309dc9dd209; oaidts=1715194341
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: a51554c1c44c9e48716ac6522491e301
access-control-expose-headers: X-Sc
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=83

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=83
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=83 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=008056c9e6564ebcf5448f49e9205d10; oaidts=1715194341
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: bdf67f9d21ab7bfbe635e031c718044f
access-control-expose-headers: X-Sc
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=a8d78c719124439e9e16495f859cd1d8&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=a8d78c719124439e9e16495f859cd1d8&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
5776368d00e50babc07248b2fa6e60eb
11263e87a1637cf64819a760a898d2d41479e290
5b69ce9e217f33cf1a01dd9f976a1f6996cdb34fbaad2e4131f84e90c90a5012

HTTP Headers

GET /gid.js?pub=0&userId=a8d78c719124439e9e16495f859cd1d8&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: ID=008056c9e6564ebcf5448f49e9205d10
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cameesse.net/121?rnd=1501376515&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D812146539087536128&cln={CELL_NUMBER}&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&bag=ydU9kaAfa6I=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128

139.45.197.242

302 Found

0 B

URL GET HTTP/2
cameesse.net/121?rnd=1501376515&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D812146539087536128&cln={CELL_NUMBER}&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&bag=ydU9kaAfa6I=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /121?rnd=1501376515&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D812146539087536128&cln={CELL_NUMBER}&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&bag=ydU9kaAfa6I=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=008056c9e6564ebcf5448f49e9205d10; oaidts=1715194341
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-length: 0
location: https://securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=812146539087536128
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: fd0e53d2faa20c0aadd9999b6510a5a7
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

gishejuy.com/500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0fac30d0-df0e-45ff-b213-4108f53a0a09

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0fac30d0-df0e-45ff-b213-4108f53a0a09
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0fac30d0-df0e-45ff-b213-4108f53a0a09 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1414
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 08 May 2024 18:52:22 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.dosya.tc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
d30d93f9762af7e21efe96dccd18cf47
4e715b2d2352096ffb754bc56af7285702dbe58a
6324b80a9fc93ed64e5fbccc66a1c520c738a8412d0311d1f25f3393441712b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 530
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

139.45.197.242

200 OK

1.4 kB

URL OPTIONS HTTP/2
gishejuy.com/500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
JSON text data
Size
1.4 kB (1395 bytes)
Hash
014dd646e03465029520a66cb05f81ff
f2c799190d95f537cb7b8793b1c7bee86a37e6ba
b5cf5a7cec74b79fbf3d789fa204125f0637ce7162e9ae281f5e60d762567a8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=030056ca9350441bfd661256566de3cc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: application/javascript
x-trace-id: c93d64e66d417a10fffef78a96f0e967
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://www.dosya.tc
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 391
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ddf1a26d2bc49124ef7dc5ef23b0a77b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:22 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Wed, 08 May 2024 20:07:30 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81892
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba57eecb3abc8-CPH
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
322671639ff549882d5b5708a96d54fb
2a32f94ff25a76cb7ee8d1aa4bdeb6991bc0f744
2d8bac2c8b526b7d870ac7ce522136f6f74d104c53fc42ec8ab2ae9c9e20e5fc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 18:52:22 GMT
Last-Modified: Wed, 08 May 2024 18:12:24 GMT
Server: ECAcc (ska/F757)
X-Cache: Miss from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WKDJ2UKJHocS6FqvlKPzp8MMKh7yiVI4PsYgrng-pe--SGj5H1QLPA==
Age: 2398

securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=812146539087536128

104.21.64.36

302 Found

0 B

URL GET HTTP/2
securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=812146539087536128
IP
104.21.64.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectsecuredpeacomm.com
FingerprintE2:58:9B:FC:54:26:CA:CC:89:05:0D:28:D6:2E:28:9E:39:7E:5F:D6
ValidityMon, 15 Apr 2024 19:27:34 GMT - Sun, 14 Jul 2024 19:27:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=812146539087536128 HTTP/1.1
Host: securedpeacomm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 08 May 2024 18:52:22 GMT
content-type: text/html; charset=UTF-8
location: https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=812146539087536128&ctrl_fetch_dest=iframe&ctrl_id=663bc9e621ab8247404458&ctrl_ts=1715194342.1379&ctrl_ab=burp
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CXepjzQAqbF5tOeL0xL3D9ZnStXUAwAPEsLqYiDOW9ffZMeu%2BuNCe2LbQMHt9cjLsbKLmzYgjC%2B3r%2FfvDJFe4AIjFzipA9FYFu4d6VmBWaIFvhYOWOAxNprWhi6mxd%2FqQNL37pM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ba57dcc931c02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gishejuy.com/impression/ijPJdjgpT9VZWiU7ccVtuOD5bZLG6ziagcnmlpH-RU3nf27nicXc0K-YczbG6V1upP5gcvdQrVL75NextR5SOz9eqkbuGADLpIdzZfc7Z35Yk56BJFf8LLZhqp-b-REwlmnJBC93tAFsO02NuvxXK7HVffUR1yXxYGFLAT0xjgqJ2omH5fJfcgfUMrfLInpOl2JGTaHQfaMe6UlNRC6lE_24DxGokoToPF7pUI0zPIGgmJI2Bisi7YpyYPfOlF5Fb1J6lAkQ2RoOzlLiPnLC_4PQ_j5V-ENrvRUVRA2Pxxz8LwZS9UoetkdwL5_XNxGscuQXdu8z15ZYWDR_bREpgxwCuK_bWNxLGyjGfcYbaKluYmF8lZzwGMTXiVS_5F1fluRA7kmvLvSceXwJeHp2ErwJ2ZUsj7iohpNuOSH-ITuQWSwefugVj9uJAhiXHGWvwgPjehmCLpxrdVDFlblnPoThzx_3gxl4NsTYoZ-SPhKNFcbQnZPfEbi6L0Hgz6BcY9kmlfuxjMLVXEtQxDG7YtoZ-_Dq7o_2lsWvbrHcJN7U_jUGcBaGG1OC6yWVzzNW8lfdAJGfOGk6LFgfj30MwQrwVIp9pDLeFBP6mS_8pFavGKO3GOOejPxdybvIP4bj8pmlmdw-Renc4eAxUwE0sx0ggpYbDHBXg9sc_SobIO_-eNoG0xckZ_eVdt4ry8jzduzsjKzqrBFbjo5jw4OfQR458qr08XhZOKl5xnfe7mjFxFmlt03lZ3_m70DXAn5BXEgWjo13zj9v93c21h-11ENV8cWQyZWE133PXwRaxwImMKuryWycmTOrQ3U=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/ijPJdjgpT9VZWiU7ccVtuOD5bZLG6ziagcnmlpH-RU3nf27nicXc0K-YczbG6V1upP5gcvdQrVL75NextR5SOz9eqkbuGADLpIdzZfc7Z35Yk56BJFf8LLZhqp-b-REwlmnJBC93tAFsO02NuvxXK7HVffUR1yXxYGFLAT0xjgqJ2omH5fJfcgfUMrfLInpOl2JGTaHQfaMe6UlNRC6lE_24DxGokoToPF7pUI0zPIGgmJI2Bisi7YpyYPfOlF5Fb1J6lAkQ2RoOzlLiPnLC_4PQ_j5V-ENrvRUVRA2Pxxz8LwZS9UoetkdwL5_XNxGscuQXdu8z15ZYWDR_bREpgxwCuK_bWNxLGyjGfcYbaKluYmF8lZzwGMTXiVS_5F1fluRA7kmvLvSceXwJeHp2ErwJ2ZUsj7iohpNuOSH-ITuQWSwefugVj9uJAhiXHGWvwgPjehmCLpxrdVDFlblnPoThzx_3gxl4NsTYoZ-SPhKNFcbQnZPfEbi6L0Hgz6BcY9kmlfuxjMLVXEtQxDG7YtoZ-_Dq7o_2lsWvbrHcJN7U_jUGcBaGG1OC6yWVzzNW8lfdAJGfOGk6LFgfj30MwQrwVIp9pDLeFBP6mS_8pFavGKO3GOOejPxdybvIP4bj8pmlmdw-Renc4eAxUwE0sx0ggpYbDHBXg9sc_SobIO_-eNoG0xckZ_eVdt4ry8jzduzsjKzqrBFbjo5jw4OfQR458qr08XhZOKl5xnfe7mjFxFmlt03lZ3_m70DXAn5BXEgWjo13zj9v93c21h-11ENV8cWQyZWE133PXwRaxwImMKuryWycmTOrQ3U=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/ijPJdjgpT9VZWiU7ccVtuOD5bZLG6ziagcnmlpH-RU3nf27nicXc0K-YczbG6V1upP5gcvdQrVL75NextR5SOz9eqkbuGADLpIdzZfc7Z35Yk56BJFf8LLZhqp-b-REwlmnJBC93tAFsO02NuvxXK7HVffUR1yXxYGFLAT0xjgqJ2omH5fJfcgfUMrfLInpOl2JGTaHQfaMe6UlNRC6lE_24DxGokoToPF7pUI0zPIGgmJI2Bisi7YpyYPfOlF5Fb1J6lAkQ2RoOzlLiPnLC_4PQ_j5V-ENrvRUVRA2Pxxz8LwZS9UoetkdwL5_XNxGscuQXdu8z15ZYWDR_bREpgxwCuK_bWNxLGyjGfcYbaKluYmF8lZzwGMTXiVS_5F1fluRA7kmvLvSceXwJeHp2ErwJ2ZUsj7iohpNuOSH-ITuQWSwefugVj9uJAhiXHGWvwgPjehmCLpxrdVDFlblnPoThzx_3gxl4NsTYoZ-SPhKNFcbQnZPfEbi6L0Hgz6BcY9kmlfuxjMLVXEtQxDG7YtoZ-_Dq7o_2lsWvbrHcJN7U_jUGcBaGG1OC6yWVzzNW8lfdAJGfOGk6LFgfj30MwQrwVIp9pDLeFBP6mS_8pFavGKO3GOOejPxdybvIP4bj8pmlmdw-Renc4eAxUwE0sx0ggpYbDHBXg9sc_SobIO_-eNoG0xckZ_eVdt4ry8jzduzsjKzqrBFbjo5jw4OfQR458qr08XhZOKl5xnfe7mjFxFmlt03lZ3_m70DXAn5BXEgWjo13zj9v93c21h-11ENV8cWQyZWE133PXwRaxwImMKuryWycmTOrQ3U=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=008056c9e6564ebcf5448f49e9205d10
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:26 GMT
content-type: image/gif
content-length: 43
x-trace-id: 49800ea35d2fa0c7c16dce2a595dc95f
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

gishejuy.com/500/5968115?excludes=19845928&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/5968115?excludes=19845928&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/5968115?excludes=19845928&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:26 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg

104.22.32.172

200 OK

22 kB

URL GET HTTP/2
offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
22 kB (21899 bytes)
Hash
338d4afc932e0e88547350014503e81f
cad58c0262942799b278e63707d3ae00eca58a9d
73a161b3d4ac180c2cf041f98043306bc9441c87bf33893d6aa4c6b030253607

HTTP Headers

GET /www/images/338d4afc932e0e88547350014503e81f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:27 GMT
content-type: image/jpeg
content-length: 21899
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65fcad07-558b"
expires: Wed, 08 May 2024 20:07:16 GMT
last-modified: Thu, 21 Mar 2024 21:56:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81911
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba59cdfe8abc8-CPH
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:27 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Wed, 08 May 2024 20:07:30 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81897
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba59db957abc8-CPH
X-Firefox-Spdy: h2

gishejuy.com/impression/F3WX5MyJVXNIRJIVFx7nas-JYl4yjojIkhDHarOWKET6mQSV_Cm4cqZvop-3GGXR3Kp4qPNACeuzWeAuvRpkuG_Ybp1MzNEVQyzQ5js61LzZJmWSOaeujQ3ZejIaz7co4sHYQwdzEpnRU8i-AWvjQwYyK1rnSqqfIpZ9vEG7q0PWUPVuzhgkXmomezs7j4bu_YNepVk4hoA0-fd0YJOcPMsKppL4Bv7_BIPsMTnjEsUTxNnkB2m93hzSB-Ah3qI0HSuoVWfB-jbys_WutZ1VDv17BXEIezcRCOVvLXykUYWelTvK9Ld-8Xc5cuGHdNnJK847PR5YsoS8Jj66Yr0iMtixd2l8SmxDscF3RfFTJODqSG56G-LtYhDYq8DlAUrV8ZDYosyVSO-0RjqNSD7pRfmSnAGh2Ro7ZDRgA-e7mhamzRjb_dJv1MpKUlSbRy1HNU0kNgp8Gw-shDsi6cXurVQA6pAIht8oer9INqwzcrt2w_IpoJ80rIgMZ5u_UPbCl_RrIA3R4_kvqwmgdPEFd3bmZVRHO6_-867ICaliOnSelIpeaZfrNJgKVRm67pd-7867i0Mp4xwMrP5aimJPyxNwMUSQ_5x1pl9IcLGC_McSKcC1g1ZnSgXIwcq_iwQigOsr286eiVRSOgQw_0oIHjbJE-Wwg2gHLNOBzGQtAD2SL_84bWUiQF6766OeWJTqHWPrRamYklD3xTK6RRCF3s4r2VtVnsdJa-2E4TwTqazUvglZU85FE6tG-ghdMdb64mkxDUUUP2qVll8oECAoyjr0YRQj7JiMDV5AkVYuWJ4-6lbvJMv5cJYrQtw=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/F3WX5MyJVXNIRJIVFx7nas-JYl4yjojIkhDHarOWKET6mQSV_Cm4cqZvop-3GGXR3Kp4qPNACeuzWeAuvRpkuG_Ybp1MzNEVQyzQ5js61LzZJmWSOaeujQ3ZejIaz7co4sHYQwdzEpnRU8i-AWvjQwYyK1rnSqqfIpZ9vEG7q0PWUPVuzhgkXmomezs7j4bu_YNepVk4hoA0-fd0YJOcPMsKppL4Bv7_BIPsMTnjEsUTxNnkB2m93hzSB-Ah3qI0HSuoVWfB-jbys_WutZ1VDv17BXEIezcRCOVvLXykUYWelTvK9Ld-8Xc5cuGHdNnJK847PR5YsoS8Jj66Yr0iMtixd2l8SmxDscF3RfFTJODqSG56G-LtYhDYq8DlAUrV8ZDYosyVSO-0RjqNSD7pRfmSnAGh2Ro7ZDRgA-e7mhamzRjb_dJv1MpKUlSbRy1HNU0kNgp8Gw-shDsi6cXurVQA6pAIht8oer9INqwzcrt2w_IpoJ80rIgMZ5u_UPbCl_RrIA3R4_kvqwmgdPEFd3bmZVRHO6_-867ICaliOnSelIpeaZfrNJgKVRm67pd-7867i0Mp4xwMrP5aimJPyxNwMUSQ_5x1pl9IcLGC_McSKcC1g1ZnSgXIwcq_iwQigOsr286eiVRSOgQw_0oIHjbJE-Wwg2gHLNOBzGQtAD2SL_84bWUiQF6766OeWJTqHWPrRamYklD3xTK6RRCF3s4r2VtVnsdJa-2E4TwTqazUvglZU85FE6tG-ghdMdb64mkxDUUUP2qVll8oECAoyjr0YRQj7JiMDV5AkVYuWJ4-6lbvJMv5cJYrQtw=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/F3WX5MyJVXNIRJIVFx7nas-JYl4yjojIkhDHarOWKET6mQSV_Cm4cqZvop-3GGXR3Kp4qPNACeuzWeAuvRpkuG_Ybp1MzNEVQyzQ5js61LzZJmWSOaeujQ3ZejIaz7co4sHYQwdzEpnRU8i-AWvjQwYyK1rnSqqfIpZ9vEG7q0PWUPVuzhgkXmomezs7j4bu_YNepVk4hoA0-fd0YJOcPMsKppL4Bv7_BIPsMTnjEsUTxNnkB2m93hzSB-Ah3qI0HSuoVWfB-jbys_WutZ1VDv17BXEIezcRCOVvLXykUYWelTvK9Ld-8Xc5cuGHdNnJK847PR5YsoS8Jj66Yr0iMtixd2l8SmxDscF3RfFTJODqSG56G-LtYhDYq8DlAUrV8ZDYosyVSO-0RjqNSD7pRfmSnAGh2Ro7ZDRgA-e7mhamzRjb_dJv1MpKUlSbRy1HNU0kNgp8Gw-shDsi6cXurVQA6pAIht8oer9INqwzcrt2w_IpoJ80rIgMZ5u_UPbCl_RrIA3R4_kvqwmgdPEFd3bmZVRHO6_-867ICaliOnSelIpeaZfrNJgKVRm67pd-7867i0Mp4xwMrP5aimJPyxNwMUSQ_5x1pl9IcLGC_McSKcC1g1ZnSgXIwcq_iwQigOsr286eiVRSOgQw_0oIHjbJE-Wwg2gHLNOBzGQtAD2SL_84bWUiQF6766OeWJTqHWPrRamYklD3xTK6RRCF3s4r2VtVnsdJa-2E4TwTqazUvglZU85FE6tG-ghdMdb64mkxDUUUP2qVll8oECAoyjr0YRQj7JiMDV5AkVYuWJ4-6lbvJMv5cJYrQtw=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=008056c9e6564ebcf5448f49e9205d10
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:29 GMT
content-type: image/gif
content-length: 43
x-trace-id: 9ab569277e0cfda0738b9912d29a7ec5
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg

104.22.32.172

200 OK

22 kB

URL GET HTTP/2
offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
22 kB (21899 bytes)
Hash
338d4afc932e0e88547350014503e81f
cad58c0262942799b278e63707d3ae00eca58a9d
73a161b3d4ac180c2cf041f98043306bc9441c87bf33893d6aa4c6b030253607

HTTP Headers

GET /www/images/338d4afc932e0e88547350014503e81f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:30 GMT
content-type: image/jpeg
content-length: 21899
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65fcad07-558b"
expires: Wed, 08 May 2024 20:07:16 GMT
last-modified: Thu, 21 Mar 2024 21:56:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81914
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba5b07a1eabc8-CPH
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=3QPNRgPr8gqJmwejjjm-0HjXs87Di5_Rdm5Y2iVFCQW_3hswVY5uj9OBbivnKROJdZsd932DxFi_oVqnInSMdwEwpWwfhPveUdAq_11wo9uplSjVXHqDWcgagV-jp6zd
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Wed, 08 May 2024 18:50:32 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 126
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

cameesse.net/11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

0 B

URL GET
cameesse.net/11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:0
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=008056c9e6564ebcf5448f49e9205d10; oaidts=1715194341
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:41 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 0bfef31760f2a6a563645ef085dcf5e5
access-control-expose-headers: X-Sc
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:41 GMT; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:41 GMT; secure; SameSite=None
oaidvc=1; expires=Thu, 08 May 2025 18:52:41 GMT; secure; SameSite=None
CNT=1_v1_rtk9AQEAAACLTQAA; expires=Wed, 08 May 2024 19:52:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

glakaits.net/?rb=zRXnbuAUR5tH2dl_uI-4WSEBYLTKU2TZuu8yIcNADlqOvC19GILkbSC6p_yH0QE_7SGIFn7gdjHzR6LWOaoJ2pQKvWz3H-PFJfGSk07DTZsZQY7596hSFy6kSs945AMms6swJIYnAan3Da_RLDeCc1-X0lcJITc1MMDtqgxSmNADnojJZDLBcFxB0abDvMcbGlgCA-QSGMWMjeBwlM9F8-GFTNUKZflvpslEzLX8tX-y9Tr8J5CIEevW22X8Wc02BamWgO7Ggyw%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.791.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.791.0&navlng=en-US&pnt=0&pnrc=0&bs=69cf5d93-581d-4372-8553-ddf918be3b39&wasm=1&userId=008056c9e6564ebcf5448f49e9205d10&m=link

139.45.197.242

200 OK

2.8 kB

URL GET HTTP/2
glakaits.net/?rb=zRXnbuAUR5tH2dl_uI-4WSEBYLTKU2TZuu8yIcNADlqOvC19GILkbSC6p_yH0QE_7SGIFn7gdjHzR6LWOaoJ2pQKvWz3H-PFJfGSk07DTZsZQY7596hSFy6kSs945AMms6swJIYnAan3Da_RLDeCc1-X0lcJITc1MMDtqgxSmNADnojJZDLBcFxB0abDvMcbGlgCA-QSGMWMjeBwlM9F8-GFTNUKZflvpslEzLX8tX-y9Tr8J5CIEevW22X8Wc02BamWgO7Ggyw%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.791.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.791.0&navlng=en-US&pnt=0&pnrc=0&bs=69cf5d93-581d-4372-8553-ddf918be3b39&wasm=1&userId=008056c9e6564ebcf5448f49e9205d10&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectglakaits.net
Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02
ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2808), with no line terminators
Size
2.8 kB (2778 bytes)
Hash
bbd3b8c4444670f72c00e37ead9cec4a
93b224912ed6c6802487c6154665195ef39b08a7
cde06cc3e88d8b44870726873bc43f7baad9749fb3175e4e6b2e76711f0adabd

HTTP Headers

GET /?rb=zRXnbuAUR5tH2dl_uI-4WSEBYLTKU2TZuu8yIcNADlqOvC19GILkbSC6p_yH0QE_7SGIFn7gdjHzR6LWOaoJ2pQKvWz3H-PFJfGSk07DTZsZQY7596hSFy6kSs945AMms6swJIYnAan3Da_RLDeCc1-X0lcJITc1MMDtqgxSmNADnojJZDLBcFxB0abDvMcbGlgCA-QSGMWMjeBwlM9F8-GFTNUKZflvpslEzLX8tX-y9Tr8J5CIEevW22X8Wc02BamWgO7Ggyw%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.791.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.791.0&navlng=en-US&pnt=0&pnrc=0&bs=69cf5d93-581d-4372-8553-ddf918be3b39&wasm=1&userId=008056c9e6564ebcf5448f49e9205d10&m=link HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: OAID=008056c9e6564ebcf5448f49e9205d10; oaidts=1715194341
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json
x-trace-id: 0662ea3a56c3bed0efb41d63e7abed42
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 15 May 2024 18:52:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

externalde.com/out/xyhkxckud/?ctrl_id=663bc9e621ab8247404458&ctrl_ab=burp&ctrl_ts=1715194342.1379&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wkut2uh5m620na513f0cftck

188.114.96.1

302 Found

1.1 kB

URL GET HTTP/2
externalde.com/out/xyhkxckud/?ctrl_id=663bc9e621ab8247404458&ctrl_ab=burp&ctrl_ts=1715194342.1379&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wkut2uh5m620na513f0cftck
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectexternalde.com
Fingerprint0D:2A:5D:DC:29:15:BD:05:1C:8E:F1:C5:82:D4:C0:5C:D6:A5:AB:58
ValiditySat, 27 Apr 2024 14:00:09 GMT - Fri, 26 Jul 2024 14:00:08 GMT

File type

Size
1.1 kB (1073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /out/xyhkxckud/?ctrl_id=663bc9e621ab8247404458&ctrl_ab=burp&ctrl_ts=1715194342.1379&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wkut2uh5m620na513f0cftck HTTP/1.1
Host: externalde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 08 May 2024 18:52:22 GMT
content-type: text/html; charset=UTF-8
location: https://lkbx.me/4KqY7?uid=wkut2uh5m620na513f0cftck
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CBQoX1CXsfSizEiaLZJojnSGrCgiV%2Fnk95IzaTLytnaW7K%2BHn%2FOwK4BZvCqNZM6uOJF9vnym7N0L2Y4Dm%2FY94YRCmHc8DkH33X%2BTxMa%2B4SakrvHNJXMs%2FPz9%2FimZesby%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ba5807b0e0b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

413 kB

URL GET HTTP/2
cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65523)
Size
413 kB (413423 bytes)
Hash
297cc248309ba835cf13a1f82fd3f938
1e6f51ce257a0ee53e25280dd44092ed33339847
b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=040056e66d4e4ac3fbfd3309dc9dd209; oaidts=1715194341
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 66043195163c0edf9f1851c89723e6a3
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=812146539087536128&ctrl_fetch_dest=iframe&ctrl_id=663bc9e621ab8247404458&ctrl_ts=1715194342.1379&ctrl_ab=burp

143.204.55.73

302 Found

1.1 kB

URL GET HTTP/2
track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=812146539087536128&ctrl_fetch_dest=iframe&ctrl_id=663bc9e621ab8247404458&ctrl_ts=1715194342.1379&ctrl_ab=burp
IP
143.204.55.73:443
ASN
#16509 AMAZON-02

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerAmazon
Subjecttrack.jefytrack.com
FingerprintD9:FC:91:D1:FD:F0:F4:2D:48:E9:47:EE:31:A0:1C:23:D3:9A:29:D8
ValiditySun, 21 Apr 2024 00:00:00 GMT - Tue, 20 May 2025 23:59:59 GMT

File type

Size
1.1 kB (1073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=812146539087536128&ctrl_fetch_dest=iframe&ctrl_id=663bc9e621ab8247404458&ctrl_ts=1715194342.1379&ctrl_ab=burp HTTP/1.1
Host: track.jefytrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://externalde.com/out/xyhkxckud/?ctrl_id=663bc9e621ab8247404458&ctrl_ab=burp&ctrl_ts=1715194342.1379&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wkut2uh5m620na513f0cftck
date: Wed, 08 May 2024 18:52:22 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 145f6684-c379-407a-a2eb-922622a713e1-v4=LNyQXP0X1Teb-UFkGeZp7GQ5FWfgqlXQzKU-ihV79Rw; Max-Age=86400; Expires=Thu, 09-May-2024 18:52:22 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22wkut2uh5m620na513f0cftck%22%2C%22caid%22%3A%22145f6684-c379-407a-a2eb-922622a713e1%22%7D; Max-Age=31536000; Expires=Thu, 08-May-2025 18:52:22 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ISZ_3DmMkrcRicsn46JEBHUpqGc5ve8rJ2_qjGk5ATQoRCx4ABk_Eg==
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/tag.min.js?z=5968117

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
moonoafy.net/pfe/current/tag.min.js?z=5968117
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (14612), with no line terminators
Size
15 kB (14612 bytes)
Hash
ffdd38e0a5a1a47cb341a116a3318e0e
2fd730feff506cf56e14c531e9d89cdea2cca424
7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/tag.min.js?z=5968117 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/1?z=5968116

139.45.197.242

200 OK

43 kB

URL GET HTTP/2
cameesse.net/1?z=5968116
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (42427)
Size
43 kB (43417 bytes)
Hash
6a38272a05c7402ba0328b65c98ac2eb
907e12858733aba02730f7f8d78d191b37b111bd
ad75b4bea627b55ba8e223dc095339597a515e05af40ef4c0c8f132e99159b83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=5968116 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 7476a90dbc87964bea22f18508e5e21b
access-control-expose-headers: X-Sc
x-sc: lfg0WDpgUXzOjX4T83-oxYBnAVjaq_vn_pUfeEJDknYMfsn0fEuKHw4wnn7-rtmn4d9Z2nz2iC3-0c0IbkDslI-ia0g=
set-cookie: scm=1; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
OAID=040056e66d4e4ac3fbfd3309dc9dd209; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

lkbx.me/4KqY7?uid=wkut2uh5m620na513f0cftck

47.89.248.255

200 OK

1.1 kB

URL GET HTTP/2
lkbx.me/4KqY7?uid=wkut2uh5m620na513f0cftck
IP
47.89.248.255:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerDigiCert Inc
Subjectlkbx.me
Fingerprint85:1C:F3:96:31:0D:EC:E9:85:9D:6E:27:5F:AE:1D:6C:F2:9B:F5:BD
ValidityMon, 27 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1129), with no line terminators
Size
1.1 kB (1073 bytes)
Hash
0228825ea9613e2da35a34b42a5208fb
a988f0625f5ddf64956061279e2606a528b592ed
d58099a490a4394c1a316a95d2c5f3a26a06e4b3042755589607e883606f5349

HTTP Headers

GET /4KqY7?uid=wkut2uh5m620na513f0cftck HTTP/1.1
Host: lkbx.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:23 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: discuz_2132_saltkey=2AXIgjir; expires=Fri, 07-Jun-2024 18:52:23 GMT; Max-Age=2592000; path=/; secure; httponly
discuz_2132_lang=en; path=/; secure
discuz_2132_lang=en; path=/; secure
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
moonoafy.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-df63"
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by