| www.dosya.tc/server14/lyelia/FiveMYol.zip.html | 88.99.254.43 | 200 OK | 3.6 kB |
URL User Request GET HTTP/1.1www.dosya.tc/server14/lyelia/FiveMYol.zip.html IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeJavaScript source, ISO-8859 text Hash563ae6107ac76fc65631cb02a54357c0 dbcb8d5f378f91e79e4195658dc483e7ef62c278 3deed5544f746e47374b954b5a4306ffcea70731e8819115ccdae3b7dedbca52
GET /server14/lyelia/FiveMYol.zip.html HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| www.dosya.tc/style/style.css | 88.99.254.43 | 200 OK | 15 kB |
URL GET HTTP/1.1www.dosya.tc/style/style.css IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeassembler source, ASCII text Hashe36585a9f4a781f9445425224c85e695 4a34bb8474bd8d15a5313a157ca72bf8552910cc 2b8c3599f9d693fc1422d4ad7c8fe6b9fbb2ade6b19a89c55e0d94f02252410a
GET /style/style.css HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:15 GMT
Accept-Ranges: bytes
Content-Length: 14629
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| www.dosya.tc/style/bootstrap.css | 88.99.254.43 | 200 OK | 146 kB |
URL GET HTTP/1.1www.dosya.tc/style/bootstrap.css IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (386) Size146 kB (145933 bytes) Hash2dbb985a5bb6dd8ef0a7b21d290ea9ae f8676e1f4a902a63088f45982f3f9b6a6c401b47 d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a
GET /style/bootstrap.css HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:15 GMT
Accept-Ranges: bytes
Content-Length: 145933
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| www.dosya.tc/images/logo.png | 88.99.254.43 | 200 OK | 7.2 kB |
URL GET HTTP/1.1www.dosya.tc/images/logo.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 191 x 53, 8-bit/color RGB, non-interlaced Hash2a193802d40b18cd55b0d159571bf63c 1a4e4bdf88317471241d9e5ee29d9572be3f37e3 77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a
GET /images/logo.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:10 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/footer-icon3.png | 88.99.254.43 | 200 OK | 1.7 kB |
URL GET HTTP/1.1www.dosya.tc/images/footer-icon3.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash3a61d85a6bb0a45429b1e4b7d945aa95 6fcdf44c20d1ed269303583e16a98e245fa7b69b c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732
GET /images/footer-icon3.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/footer-icon2.png | 88.99.254.43 | 200 OK | 850 B |
URL GET HTTP/1.1www.dosya.tc/images/footer-icon2.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash51a472b4a51ea9245ee6f4386f07818f a19e86c411dc6da3592d1f90e89ddf68df1fee3c eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750
GET /images/footer-icon2.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/footer-icon1.png | 88.99.254.43 | 200 OK | 582 B |
URL GET HTTP/1.1www.dosya.tc/images/footer-icon1.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hashe62d200d08f565563cc9b713729bbaa6 3a130f79117f2aaa91154eb56a22b47de8c06a50 101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3
GET /images/footer-icon1.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/uye-girisi.png | 88.99.254.43 | 200 OK | 3.0 kB |
URL GET HTTP/1.1www.dosya.tc/images/uye-girisi.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 140 x 51, 8-bit/color RGB, non-interlaced Hash6925e8f5c208aae4dd55cadd1340f180 a03365e7fb59c9588b3b7963e18c0b3e5d4cb369 6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d
GET /images/uye-girisi.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:11 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/download.gif | 88.99.254.43 | 200 OK | 7.2 kB |
URL GET HTTP/1.1www.dosya.tc/images/download.gif IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeGIF image data, version 89a, 300 x 86 Hasha9a5324512e43e463fe0a00118ad0c37 5375ae6855a34619ce428da5f835fc9d9ce06124 7964b17bc443c3bcf422211a690ac4bc62ad981d77d5c0b6bdddc982b8615a25
GET /images/download.gif HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:05 GMT
Accept-Ranges: bytes
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif
|
|
| www.dosya.tc/images/menu-ayrac.png | 88.99.254.43 | 200 OK | 125 B |
URL GET HTTP/1.1www.dosya.tc/images/menu-ayrac.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 2 x 52, 8-bit/color RGB, non-interlaced Hash35a0591c63feeb75e3e547e894ff6e2d 7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c 9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced
GET /images/menu-ayrac.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:10 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/background.webp | 88.99.254.43 | 200 OK | 113 kB |
URL GET HTTP/1.1www.dosya.tc/images/background.webp IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1050, Scaling: [none]x[none], YUV color, decoders should clamp Size113 kB (112776 bytes) Hash2b08bddebb64127b30bc913f73cdab61 f8911fd91f0302e88e7fe6e089ba20af32269b79 0804b26a6993fc6ee8e977f77aa9ce5ddf9c4fe69773b296cc292ee7b2a5ac1b
GET /images/background.webp HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:20 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:03 GMT
Accept-Ranges: bytes
Content-Length: 112776
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/webp
|
|
| www.dosya.tc/apple-touch-icon.png | 88.99.254.43 | 200 OK | 6.6 kB |
URL GET HTTP/1.1www.dosya.tc/apple-touch-icon.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced Hashbfd9b50e03f63b25c253a5d6fa5c5ef4 b4c68746da8a1da96b57d37990bfbfb0f716c14b ca0f27136956761254299ac92d78aecca2c21841760c56904d894eb13ea0237f
GET /apple-touch-icon.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:21 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:55:43 GMT
Accept-Ranges: bytes
Content-Length: 6556
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/favicon-16x16.png | 88.99.254.43 | 200 OK | 1.6 kB |
URL GET HTTP/1.1www.dosya.tc/favicon-16x16.png IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash05c5d89a72c5dc5e863e151cc5fa9b68 df5a0242031f54494fe0bf1b2d7290cd5e864a15 cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46
GET /favicon-16x16.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 18:52:21 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:55:45 GMT
Accept-Ranges: bytes
Content-Length: 1594
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
|
|
| my.rtmark.net/gid.js?userId=008056c9e6564ebcf5448f49e9205d10 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=008056c9e6564ebcf5448f49e9205d10 IP139.45.195.8:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash5776368d00e50babc07248b2fa6e60eb 11263e87a1637cf64819a760a898d2d41479e290 5b69ce9e217f33cf1a01dd9f976a1f6996cdb34fbaad2e4131f84e90c90a5012
GET /gid.js?userId=008056c9e6564ebcf5448f49e9205d10 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 | 139.45.197.250 | 200 OK | 880 B |
URL GET HTTP/2moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashc443b2804666b23b6b9aa07e87a1e87a 49b957a75cdb23928f7708c30e9cee246159bda4 da3741713f86830bf25ec6bc51242e0be9fc170eb46cb11c17df0e4a02dadfd2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 8e5c198fe31bfd776e02896656bc5b7c
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| glakaits.net/5/5968118/?oo=1&js_build=iclick-v1.791.0 | 139.45.197.242 | 200 OK | 17 kB |
URL GET HTTP/2glakaits.net/5/5968118/?oo=1&js_build=iclick-v1.791.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectglakaits.net Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02 ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT
File typeJavaScript source, ASCII text, with very long lines (42427) Hash4f8f54fccafc2f5f6c4a403059541822 cd72b7164ed63886da1033bca6fefa2e6113b81b 07b0d62057b8f8fa5ffc3ef99a07c02c95b0df207426a1760b4bf6741a915ca0
GET /5/5968118/?oo=1&js_build=iclick-v1.791.0 HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json
x-trace-id: 6e43a01fdeec06be41ab5776bb2ad3c4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| gishejuy.com/400/5968115 | 139.45.197.242 | 200 OK | 32 kB |
IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash512c4848844548247678ff773ee1ccba 7a6aa3ffd03d706d2ba87136b03847cd93b6d275 0332e64ab915318cba02396fb3d7527f1ef414ff2d162d2ed8806a41fd8b8c4d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /400/5968115 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
x-trace-id: 7f0d044db0460f9ee9ae0eace9249c1c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=030056ca9350441bfd661256566de3cc; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.dosya.tc/sw.js | 88.99.254.43 | 404 Not Found | 3.6 kB |
IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeJavaScript source, ISO-8859 text Hashabca2f9dd88e6a7b1673979a0f446b7f 80644e4480fd9cf476740e03dc28e01620319cf4 fad0b231e90295e6c492cdb977f73af3ac2d6613ebc3c32fa5c5fa3c0e950685
GET /sw.js HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/server14/lyelia/FiveMYol.zip.html
DNT: 1
Connection: keep-alive
Cookie: prefetchAd_5968118=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 18:52:21 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| tzegilo.com/stattag.js | 172.67.193.52 | 200 OK | 7.5 kB |
IP172.67.193.52:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerGoogle Trust Services LLC Subjecttzegilo.com Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1 ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT
File typeJavaScript source, ASCII text, with very long lines (18486) Hash70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2313
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2FpqtTt1%2F%2FEPEW8v69dzwOH2N3UuVU4%2FFeF9J%2FLjON9l8AMEYKvC3Z1rfJQibKjcsyTt9w6Jqg3grFNGtNy0%2BHEd1g2Qcu0VOc7tkUjwF4sKzYkXd6dYydHXCF%2FXVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba57b7eaf5685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| inklinkor.com/tag.min.js | 172.67.211.29 | 200 OK | 31 kB |
IP172.67.211.29:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerGoogle Trust Services LLC Subjectinklinkor.com Fingerprint28:84:D7:8F:63:D7:99:15:D5:E8:2C:F5:74:62:0D:94:C1:0A:EF:95 ValidityWed, 17 Apr 2024 17:58:45 GMT - Tue, 16 Jul 2024 17:58:44 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashe745bff74062e85880a1f13291036bd2 c857d3f4b0325b982813490f7bf4a74708e5312b c70b66edaaf364f5992e3c511df042a24ac1dac35c0b626f22cf28b79af33bf3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:20 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 1782066cdd8d6658a327f6aca81dd1f4
cache-control: max-age=86400
last-modified: Wed, 08 May 2024 14:09:05 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 May 2024 17:59:06 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 3194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zcRtT%2FB5T%2Boagul9tTLi43ppY2b7aLXzzaqV65CUaSsj6aWzekgRJ%2B8oOtKwv4%2Fn8iJyof6N%2F9Xopz7h71kD6bLYnvruaOylGz4ewdSfetdkGqOF6sou0Ha3oqgOfjtK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba576df150afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 394
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6d87260a3649062ab99a8997be57745f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/universal.min.js?v=3.1.504 | 139.45.197.250 | 200 OK | 34 kB |
URL GET HTTP/2moonoafy.net/pfe/current/universal.min.js?v=3.1.504 IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-15efa"
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashe3bb290e6f4b1c86a382bd734486f739 2146eb6b13064a6192258cb36291cf3d971ac08e 873808afaf5c4f123d541e1695b514a767cf628db170d2b0f5a94f2a20901526
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 530
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008056c9e6564ebcf5448f49e9205d10 | 139.45.197.242 | 204 No Content | 2.8 kB |
URL OPTIONS HTTP/2cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008056c9e6564ebcf5448f49e9205d10 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typegzip compressed data, max speed, from Unix Hash0184b4a6c3d3bd235ee232280e41b03a 0ad01f78c9bece0860ea799dc8c04069ae71b8fc 76d7228cde7491dbfc8738150fbe52b2d060621a93099e9c6a228fcf6711c03b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008056c9e6564ebcf5448f49e9205d10 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 363
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=040056e66d4e4ac3fbfd3309dc9dd209; oaidts=1715194341
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: a51554c1c44c9e48716ac6522491e301
access-control-expose-headers: X-Sc
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cameesse.net/11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=83 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2cameesse.net/11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=83 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=83 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=008056c9e6564ebcf5448f49e9205d10; oaidts=1715194341
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: bdf67f9d21ab7bfbe635e031c718044f
access-control-expose-headers: X-Sc
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?pub=0&userId=a8d78c719124439e9e16495f859cd1d8&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?pub=0&userId=a8d78c719124439e9e16495f859cd1d8&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher IP139.45.195.8:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash5776368d00e50babc07248b2fa6e60eb 11263e87a1637cf64819a760a898d2d41479e290 5b69ce9e217f33cf1a01dd9f976a1f6996cdb34fbaad2e4131f84e90c90a5012
GET /gid.js?pub=0&userId=a8d78c719124439e9e16495f859cd1d8&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: ID=008056c9e6564ebcf5448f49e9205d10
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| cameesse.net/121?rnd=1501376515&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D812146539087536128&cln={CELL_NUMBER}&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&bag=ydU9kaAfa6I=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128 | 139.45.197.242 | 302 Found | 0 B |
URL GET HTTP/2cameesse.net/121?rnd=1501376515&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D812146539087536128&cln={CELL_NUMBER}&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&bag=ydU9kaAfa6I=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /121?rnd=1501376515&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D812146539087536128&cln={CELL_NUMBER}&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&bag=ydU9kaAfa6I=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=008056c9e6564ebcf5448f49e9205d10; oaidts=1715194341
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-length: 0
location: https://securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=812146539087536128
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: fd0e53d2faa20c0aadd9999b6510a5a7
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 | 139.45.197.242 | 200 OK | 0 B |
URL OPTIONS HTTP/2gishejuy.com/500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0fac30d0-df0e-45ff-b213-4108f53a0a09 | 139.45.195.254 | 200 OK | 12 B |
URL POST HTTP/1.1fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0fac30d0-df0e-45ff-b213-4108f53a0a09 IP139.45.195.254:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerSectigo Limited Subjectfleraprt.com Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0fac30d0-df0e-45ff-b213-4108f53a0a09 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1414
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 08 May 2024 18:52:22 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.dosya.tc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd30d93f9762af7e21efe96dccd18cf47 4e715b2d2352096ffb754bc56af7285702dbe58a 6324b80a9fc93ed64e5fbccc66a1c520c738a8412d0311d1f25f3393441712b4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 530
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 | 139.45.197.242 | 200 OK | 1.4 kB |
URL OPTIONS HTTP/2gishejuy.com/500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hash014dd646e03465029520a66cb05f81ff f2c799190d95f537cb7b8793b1c7bee86a37e6ba b5cf5a7cec74b79fbf3d789fa204125f0637ce7162e9ae281f5e60d762567a8b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /500/5968115?excludes=&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=030056ca9350441bfd661256566de3cc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: application/javascript
x-trace-id: c93d64e66d417a10fffef78a96f0e967
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://www.dosya.tc
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 391
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ddf1a26d2bc49124ef7dc5ef23b0a77b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 104.22.32.172 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP104.22.32.172:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:22 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Wed, 08 May 2024 20:07:30 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81892
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba57eecb3abc8-CPH
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash322671639ff549882d5b5708a96d54fb 2a32f94ff25a76cb7ee8d1aa4bdeb6991bc0f744 2d8bac2c8b526b7d870ac7ce522136f6f74d104c53fc42ec8ab2ae9c9e20e5fc
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 18:52:22 GMT
Last-Modified: Wed, 08 May 2024 18:12:24 GMT
Server: ECAcc (ska/F757)
X-Cache: Miss from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WKDJ2UKJHocS6FqvlKPzp8MMKh7yiVI4PsYgrng-pe--SGj5H1QLPA==
Age: 2398
|
|
| securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=812146539087536128 | 104.21.64.36 | 302 Found | 0 B |
URL GET HTTP/2securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=812146539087536128 IP104.21.64.36:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerGoogle Trust Services LLC Subjectsecuredpeacomm.com FingerprintE2:58:9B:FC:54:26:CA:CC:89:05:0D:28:D6:2E:28:9E:39:7E:5F:D6 ValidityMon, 15 Apr 2024 19:27:34 GMT - Sun, 14 Jul 2024 19:27:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=812146539087536128 HTTP/1.1
Host: securedpeacomm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 08 May 2024 18:52:22 GMT
content-type: text/html; charset=UTF-8
location: https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=812146539087536128&ctrl_fetch_dest=iframe&ctrl_id=663bc9e621ab8247404458&ctrl_ts=1715194342.1379&ctrl_ab=burp
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CXepjzQAqbF5tOeL0xL3D9ZnStXUAwAPEsLqYiDOW9ffZMeu%2BuNCe2LbQMHt9cjLsbKLmzYgjC%2B3r%2FfvDJFe4AIjFzipA9FYFu4d6VmBWaIFvhYOWOAxNprWhi6mxd%2FqQNL37pM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ba57dcc931c02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/ijPJdjgpT9VZWiU7ccVtuOD5bZLG6ziagcnmlpH-RU3nf27nicXc0K-YczbG6V1upP5gcvdQrVL75NextR5SOz9eqkbuGADLpIdzZfc7Z35Yk56BJFf8LLZhqp-b-REwlmnJBC93tAFsO02NuvxXK7HVffUR1yXxYGFLAT0xjgqJ2omH5fJfcgfUMrfLInpOl2JGTaHQfaMe6UlNRC6lE_24DxGokoToPF7pUI0zPIGgmJI2Bisi7YpyYPfOlF5Fb1J6lAkQ2RoOzlLiPnLC_4PQ_j5V-ENrvRUVRA2Pxxz8LwZS9UoetkdwL5_XNxGscuQXdu8z15ZYWDR_bREpgxwCuK_bWNxLGyjGfcYbaKluYmF8lZzwGMTXiVS_5F1fluRA7kmvLvSceXwJeHp2ErwJ2ZUsj7iohpNuOSH-ITuQWSwefugVj9uJAhiXHGWvwgPjehmCLpxrdVDFlblnPoThzx_3gxl4NsTYoZ-SPhKNFcbQnZPfEbi6L0Hgz6BcY9kmlfuxjMLVXEtQxDG7YtoZ-_Dq7o_2lsWvbrHcJN7U_jUGcBaGG1OC6yWVzzNW8lfdAJGfOGk6LFgfj30MwQrwVIp9pDLeFBP6mS_8pFavGKO3GOOejPxdybvIP4bj8pmlmdw-Renc4eAxUwE0sx0ggpYbDHBXg9sc_SobIO_-eNoG0xckZ_eVdt4ry8jzduzsjKzqrBFbjo5jw4OfQR458qr08XhZOKl5xnfe7mjFxFmlt03lZ3_m70DXAn5BXEgWjo13zj9v93c21h-11ENV8cWQyZWE133PXwRaxwImMKuryWycmTOrQ3U=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/ijPJdjgpT9VZWiU7ccVtuOD5bZLG6ziagcnmlpH-RU3nf27nicXc0K-YczbG6V1upP5gcvdQrVL75NextR5SOz9eqkbuGADLpIdzZfc7Z35Yk56BJFf8LLZhqp-b-REwlmnJBC93tAFsO02NuvxXK7HVffUR1yXxYGFLAT0xjgqJ2omH5fJfcgfUMrfLInpOl2JGTaHQfaMe6UlNRC6lE_24DxGokoToPF7pUI0zPIGgmJI2Bisi7YpyYPfOlF5Fb1J6lAkQ2RoOzlLiPnLC_4PQ_j5V-ENrvRUVRA2Pxxz8LwZS9UoetkdwL5_XNxGscuQXdu8z15ZYWDR_bREpgxwCuK_bWNxLGyjGfcYbaKluYmF8lZzwGMTXiVS_5F1fluRA7kmvLvSceXwJeHp2ErwJ2ZUsj7iohpNuOSH-ITuQWSwefugVj9uJAhiXHGWvwgPjehmCLpxrdVDFlblnPoThzx_3gxl4NsTYoZ-SPhKNFcbQnZPfEbi6L0Hgz6BcY9kmlfuxjMLVXEtQxDG7YtoZ-_Dq7o_2lsWvbrHcJN7U_jUGcBaGG1OC6yWVzzNW8lfdAJGfOGk6LFgfj30MwQrwVIp9pDLeFBP6mS_8pFavGKO3GOOejPxdybvIP4bj8pmlmdw-Renc4eAxUwE0sx0ggpYbDHBXg9sc_SobIO_-eNoG0xckZ_eVdt4ry8jzduzsjKzqrBFbjo5jw4OfQR458qr08XhZOKl5xnfe7mjFxFmlt03lZ3_m70DXAn5BXEgWjo13zj9v93c21h-11ENV8cWQyZWE133PXwRaxwImMKuryWycmTOrQ3U=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impression/ijPJdjgpT9VZWiU7ccVtuOD5bZLG6ziagcnmlpH-RU3nf27nicXc0K-YczbG6V1upP5gcvdQrVL75NextR5SOz9eqkbuGADLpIdzZfc7Z35Yk56BJFf8LLZhqp-b-REwlmnJBC93tAFsO02NuvxXK7HVffUR1yXxYGFLAT0xjgqJ2omH5fJfcgfUMrfLInpOl2JGTaHQfaMe6UlNRC6lE_24DxGokoToPF7pUI0zPIGgmJI2Bisi7YpyYPfOlF5Fb1J6lAkQ2RoOzlLiPnLC_4PQ_j5V-ENrvRUVRA2Pxxz8LwZS9UoetkdwL5_XNxGscuQXdu8z15ZYWDR_bREpgxwCuK_bWNxLGyjGfcYbaKluYmF8lZzwGMTXiVS_5F1fluRA7kmvLvSceXwJeHp2ErwJ2ZUsj7iohpNuOSH-ITuQWSwefugVj9uJAhiXHGWvwgPjehmCLpxrdVDFlblnPoThzx_3gxl4NsTYoZ-SPhKNFcbQnZPfEbi6L0Hgz6BcY9kmlfuxjMLVXEtQxDG7YtoZ-_Dq7o_2lsWvbrHcJN7U_jUGcBaGG1OC6yWVzzNW8lfdAJGfOGk6LFgfj30MwQrwVIp9pDLeFBP6mS_8pFavGKO3GOOejPxdybvIP4bj8pmlmdw-Renc4eAxUwE0sx0ggpYbDHBXg9sc_SobIO_-eNoG0xckZ_eVdt4ry8jzduzsjKzqrBFbjo5jw4OfQR458qr08XhZOKl5xnfe7mjFxFmlt03lZ3_m70DXAn5BXEgWjo13zj9v93c21h-11ENV8cWQyZWE133PXwRaxwImMKuryWycmTOrQ3U=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=008056c9e6564ebcf5448f49e9205d10
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:26 GMT
content-type: image/gif
content-length: 43
x-trace-id: 49800ea35d2fa0c7c16dce2a595dc95f
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=19845928&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 | 139.45.197.242 | 200 OK | 0 B |
URL OPTIONS HTTP/2gishejuy.com/500/5968115?excludes=19845928&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /500/5968115?excludes=19845928&oaid=008056c9e6564ebcf5448f49e9205d10&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:26 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg | 104.22.32.172 | 200 OK | 22 kB |
URL GET HTTP/2offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg IP104.22.32.172:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash338d4afc932e0e88547350014503e81f cad58c0262942799b278e63707d3ae00eca58a9d 73a161b3d4ac180c2cf041f98043306bc9441c87bf33893d6aa4c6b030253607
GET /www/images/338d4afc932e0e88547350014503e81f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:27 GMT
content-type: image/jpeg
content-length: 21899
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65fcad07-558b"
expires: Wed, 08 May 2024 20:07:16 GMT
last-modified: Thu, 21 Mar 2024 21:56:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81911
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba59cdfe8abc8-CPH
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 104.22.32.172 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP104.22.32.172:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:27 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Wed, 08 May 2024 20:07:30 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81897
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba59db957abc8-CPH
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/F3WX5MyJVXNIRJIVFx7nas-JYl4yjojIkhDHarOWKET6mQSV_Cm4cqZvop-3GGXR3Kp4qPNACeuzWeAuvRpkuG_Ybp1MzNEVQyzQ5js61LzZJmWSOaeujQ3ZejIaz7co4sHYQwdzEpnRU8i-AWvjQwYyK1rnSqqfIpZ9vEG7q0PWUPVuzhgkXmomezs7j4bu_YNepVk4hoA0-fd0YJOcPMsKppL4Bv7_BIPsMTnjEsUTxNnkB2m93hzSB-Ah3qI0HSuoVWfB-jbys_WutZ1VDv17BXEIezcRCOVvLXykUYWelTvK9Ld-8Xc5cuGHdNnJK847PR5YsoS8Jj66Yr0iMtixd2l8SmxDscF3RfFTJODqSG56G-LtYhDYq8DlAUrV8ZDYosyVSO-0RjqNSD7pRfmSnAGh2Ro7ZDRgA-e7mhamzRjb_dJv1MpKUlSbRy1HNU0kNgp8Gw-shDsi6cXurVQA6pAIht8oer9INqwzcrt2w_IpoJ80rIgMZ5u_UPbCl_RrIA3R4_kvqwmgdPEFd3bmZVRHO6_-867ICaliOnSelIpeaZfrNJgKVRm67pd-7867i0Mp4xwMrP5aimJPyxNwMUSQ_5x1pl9IcLGC_McSKcC1g1ZnSgXIwcq_iwQigOsr286eiVRSOgQw_0oIHjbJE-Wwg2gHLNOBzGQtAD2SL_84bWUiQF6766OeWJTqHWPrRamYklD3xTK6RRCF3s4r2VtVnsdJa-2E4TwTqazUvglZU85FE6tG-ghdMdb64mkxDUUUP2qVll8oECAoyjr0YRQj7JiMDV5AkVYuWJ4-6lbvJMv5cJYrQtw=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/F3WX5MyJVXNIRJIVFx7nas-JYl4yjojIkhDHarOWKET6mQSV_Cm4cqZvop-3GGXR3Kp4qPNACeuzWeAuvRpkuG_Ybp1MzNEVQyzQ5js61LzZJmWSOaeujQ3ZejIaz7co4sHYQwdzEpnRU8i-AWvjQwYyK1rnSqqfIpZ9vEG7q0PWUPVuzhgkXmomezs7j4bu_YNepVk4hoA0-fd0YJOcPMsKppL4Bv7_BIPsMTnjEsUTxNnkB2m93hzSB-Ah3qI0HSuoVWfB-jbys_WutZ1VDv17BXEIezcRCOVvLXykUYWelTvK9Ld-8Xc5cuGHdNnJK847PR5YsoS8Jj66Yr0iMtixd2l8SmxDscF3RfFTJODqSG56G-LtYhDYq8DlAUrV8ZDYosyVSO-0RjqNSD7pRfmSnAGh2Ro7ZDRgA-e7mhamzRjb_dJv1MpKUlSbRy1HNU0kNgp8Gw-shDsi6cXurVQA6pAIht8oer9INqwzcrt2w_IpoJ80rIgMZ5u_UPbCl_RrIA3R4_kvqwmgdPEFd3bmZVRHO6_-867ICaliOnSelIpeaZfrNJgKVRm67pd-7867i0Mp4xwMrP5aimJPyxNwMUSQ_5x1pl9IcLGC_McSKcC1g1ZnSgXIwcq_iwQigOsr286eiVRSOgQw_0oIHjbJE-Wwg2gHLNOBzGQtAD2SL_84bWUiQF6766OeWJTqHWPrRamYklD3xTK6RRCF3s4r2VtVnsdJa-2E4TwTqazUvglZU85FE6tG-ghdMdb64mkxDUUUP2qVll8oECAoyjr0YRQj7JiMDV5AkVYuWJ4-6lbvJMv5cJYrQtw=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impression/F3WX5MyJVXNIRJIVFx7nas-JYl4yjojIkhDHarOWKET6mQSV_Cm4cqZvop-3GGXR3Kp4qPNACeuzWeAuvRpkuG_Ybp1MzNEVQyzQ5js61LzZJmWSOaeujQ3ZejIaz7co4sHYQwdzEpnRU8i-AWvjQwYyK1rnSqqfIpZ9vEG7q0PWUPVuzhgkXmomezs7j4bu_YNepVk4hoA0-fd0YJOcPMsKppL4Bv7_BIPsMTnjEsUTxNnkB2m93hzSB-Ah3qI0HSuoVWfB-jbys_WutZ1VDv17BXEIezcRCOVvLXykUYWelTvK9Ld-8Xc5cuGHdNnJK847PR5YsoS8Jj66Yr0iMtixd2l8SmxDscF3RfFTJODqSG56G-LtYhDYq8DlAUrV8ZDYosyVSO-0RjqNSD7pRfmSnAGh2Ro7ZDRgA-e7mhamzRjb_dJv1MpKUlSbRy1HNU0kNgp8Gw-shDsi6cXurVQA6pAIht8oer9INqwzcrt2w_IpoJ80rIgMZ5u_UPbCl_RrIA3R4_kvqwmgdPEFd3bmZVRHO6_-867ICaliOnSelIpeaZfrNJgKVRm67pd-7867i0Mp4xwMrP5aimJPyxNwMUSQ_5x1pl9IcLGC_McSKcC1g1ZnSgXIwcq_iwQigOsr286eiVRSOgQw_0oIHjbJE-Wwg2gHLNOBzGQtAD2SL_84bWUiQF6766OeWJTqHWPrRamYklD3xTK6RRCF3s4r2VtVnsdJa-2E4TwTqazUvglZU85FE6tG-ghdMdb64mkxDUUUP2qVll8oECAoyjr0YRQj7JiMDV5AkVYuWJ4-6lbvJMv5cJYrQtw=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.338.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=008056c9e6564ebcf5448f49e9205d10
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:29 GMT
content-type: image/gif
content-length: 43
x-trace-id: 9ab569277e0cfda0738b9912d29a7ec5
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg | 104.22.32.172 | 200 OK | 22 kB |
URL GET HTTP/2offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg IP104.22.32.172:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash338d4afc932e0e88547350014503e81f cad58c0262942799b278e63707d3ae00eca58a9d 73a161b3d4ac180c2cf041f98043306bc9441c87bf33893d6aa4c6b030253607
GET /www/images/338d4afc932e0e88547350014503e81f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:30 GMT
content-type: image/jpeg
content-length: 21899
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65fcad07-558b"
expires: Wed, 08 May 2024 20:07:16 GMT
last-modified: Thu, 21 Mar 2024 21:56:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81914
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ba5b07a1eabc8-CPH
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=3QPNRgPr8gqJmwejjjm-0HjXs87Di5_Rdm5Y2iVFCQW_3hswVY5uj9OBbivnKROJdZsd932DxFi_oVqnInSMdwEwpWwfhPveUdAq_11wo9uplSjVXHqDWcgagV-jp6zd
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Wed, 08 May 2024 18:50:32 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 126
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| cameesse.net/11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 | 139.45.197.242 | | 0 B |
URL GET cameesse.net/11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 IP139.45.197.242:0
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=3085154487&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=vgriozjgfiSdd-wF1_TY4p3bDEeJEwn4gOQswcRT75YDUrGiixvrY_AyspCSyIwaGuVmYBNpBhCrc68nBl0p0vkT93d_35c06bxZX1pHhmNUCEqAlRX_uIEc6HBCTJMvPfeT_Q_FBBJHgKPDctDxESuzNqiGrQLmDCJMF9fhA8OzCmK5jAkfISXw318tLet2m8UlENyUDsMyIE8dxwaHHGJZj1pYOShIsnfKn6FZsZNwc5Z5qONCQ3OlDV29yEupSwsSCbvUw_curupkCFn68U2TL5oK-jLWbKSbyaBtlqOhOz5NxRBFmsOy6_1YvBtavugsNYMEwn2gFNB6HdL9FKRm_s60vnK272ze4jNCfyHKIJmPgD9EtQjm_WGk212prz_PEP-Z9JMUn-T1KOE8qI3bLFgcIM6KYcA_J2TCW6uwN44FfiV4ud4rJoHSogbJ47zy1CGdJVTVj3tkaZxPWeEcTBQWcpEW_AmkRxMC5gSbZk9g5_bfL5h03ebnOJqPTZtduTPugqF-Wk3k2wkMS_F6bn8pd5h9UFuX0OwYzl9zTb0Qt_uzJmjRuStvbdstzLVtcxK7zY_W8MMNH0lkYS2tTNY70FOLUZx51PTFur7Ytm_Ggs3fNmjIwMhIq54yWJUYw_0Ei0Y=&ruid=b3bddf19-0bed-44b6-8c42-5ecd61738427&subid=812146539087536128&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=008056c9e6564ebcf5448f49e9205d10; oaidts=1715194341
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:41 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 0bfef31760f2a6a563645ef085dcf5e5
access-control-expose-headers: X-Sc
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:41 GMT; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:41 GMT; secure; SameSite=None
oaidvc=1; expires=Thu, 08 May 2025 18:52:41 GMT; secure; SameSite=None
CNT=1_v1_rtk9AQEAAACLTQAA; expires=Wed, 08 May 2024 19:52:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| glakaits.net/?rb=zRXnbuAUR5tH2dl_uI-4WSEBYLTKU2TZuu8yIcNADlqOvC19GILkbSC6p_yH0QE_7SGIFn7gdjHzR6LWOaoJ2pQKvWz3H-PFJfGSk07DTZsZQY7596hSFy6kSs945AMms6swJIYnAan3Da_RLDeCc1-X0lcJITc1MMDtqgxSmNADnojJZDLBcFxB0abDvMcbGlgCA-QSGMWMjeBwlM9F8-GFTNUKZflvpslEzLX8tX-y9Tr8J5CIEevW22X8Wc02BamWgO7Ggyw%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.791.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.791.0&navlng=en-US&pnt=0&pnrc=0&bs=69cf5d93-581d-4372-8553-ddf918be3b39&wasm=1&userId=008056c9e6564ebcf5448f49e9205d10&m=link | 139.45.197.242 | 200 OK | 2.8 kB |
URL GET HTTP/2glakaits.net/?rb=zRXnbuAUR5tH2dl_uI-4WSEBYLTKU2TZuu8yIcNADlqOvC19GILkbSC6p_yH0QE_7SGIFn7gdjHzR6LWOaoJ2pQKvWz3H-PFJfGSk07DTZsZQY7596hSFy6kSs945AMms6swJIYnAan3Da_RLDeCc1-X0lcJITc1MMDtqgxSmNADnojJZDLBcFxB0abDvMcbGlgCA-QSGMWMjeBwlM9F8-GFTNUKZflvpslEzLX8tX-y9Tr8J5CIEevW22X8Wc02BamWgO7Ggyw%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.791.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.791.0&navlng=en-US&pnt=0&pnrc=0&bs=69cf5d93-581d-4372-8553-ddf918be3b39&wasm=1&userId=008056c9e6564ebcf5448f49e9205d10&m=link IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectglakaits.net Fingerprint1F:46:3E:C8:C5:6A:64:F5:29:66:0F:5C:6E:CD:48:77:10:EA:26:02 ValidityTue, 07 May 2024 18:52:12 GMT - Mon, 05 Aug 2024 18:52:11 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2808), with no line terminators Hashbbd3b8c4444670f72c00e37ead9cec4a 93b224912ed6c6802487c6154665195ef39b08a7 cde06cc3e88d8b44870726873bc43f7baad9749fb3175e4e6b2e76711f0adabd
GET /?rb=zRXnbuAUR5tH2dl_uI-4WSEBYLTKU2TZuu8yIcNADlqOvC19GILkbSC6p_yH0QE_7SGIFn7gdjHzR6LWOaoJ2pQKvWz3H-PFJfGSk07DTZsZQY7596hSFy6kSs945AMms6swJIYnAan3Da_RLDeCc1-X0lcJITc1MMDtqgxSmNADnojJZDLBcFxB0abDvMcbGlgCA-QSGMWMjeBwlM9F8-GFTNUKZflvpslEzLX8tX-y9Tr8J5CIEevW22X8Wc02BamWgO7Ggyw%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.791.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver14%2Flyelia%2FFiveMYol.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.791.0&navlng=en-US&pnt=0&pnrc=0&bs=69cf5d93-581d-4372-8553-ddf918be3b39&wasm=1&userId=008056c9e6564ebcf5448f49e9205d10&m=link HTTP/1.1
Host: glakaits.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: OAID=008056c9e6564ebcf5448f49e9205d10; oaidts=1715194341
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/json
x-trace-id: 0662ea3a56c3bed0efb41d63e7abed42
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008056c9e6564ebcf5448f49e9205d10; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 15 May 2024 18:52:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| externalde.com/out/xyhkxckud/?ctrl_id=663bc9e621ab8247404458&ctrl_ab=burp&ctrl_ts=1715194342.1379&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wkut2uh5m620na513f0cftck | 188.114.96.1 | 302 Found | 1.1 kB |
URL GET HTTP/2externalde.com/out/xyhkxckud/?ctrl_id=663bc9e621ab8247404458&ctrl_ab=burp&ctrl_ts=1715194342.1379&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wkut2uh5m620na513f0cftck IP188.114.96.1:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerGoogle Trust Services LLC Subjectexternalde.com Fingerprint0D:2A:5D:DC:29:15:BD:05:1C:8E:F1:C5:82:D4:C0:5C:D6:A5:AB:58 ValiditySat, 27 Apr 2024 14:00:09 GMT - Fri, 26 Jul 2024 14:00:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /out/xyhkxckud/?ctrl_id=663bc9e621ab8247404458&ctrl_ab=burp&ctrl_ts=1715194342.1379&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wkut2uh5m620na513f0cftck HTTP/1.1
Host: externalde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 08 May 2024 18:52:22 GMT
content-type: text/html; charset=UTF-8
location: https://lkbx.me/4KqY7?uid=wkut2uh5m620na513f0cftck
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CBQoX1CXsfSizEiaLZJojnSGrCgiV%2Fnk95IzaTLytnaW7K%2BHn%2FOwK4BZvCqNZM6uOJF9vnym7N0L2Y4Dm%2FY94YRCmHc8DkH33X%2BTxMa%2B4SakrvHNJXMs%2FPz9%2FimZesby%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ba5807b0e0b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a | 139.45.197.242 | 200 OK | 413 kB |
URL GET HTTP/2cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typeJavaScript source, ASCII text, with very long lines (65523) Size413 kB (413423 bytes) Hash297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=040056e66d4e4ac3fbfd3309dc9dd209; oaidts=1715194341
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 66043195163c0edf9f1851c89723e6a3
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=812146539087536128&ctrl_fetch_dest=iframe&ctrl_id=663bc9e621ab8247404458&ctrl_ts=1715194342.1379&ctrl_ab=burp | 143.204.55.73 | 302 Found | 1.1 kB |
URL GET HTTP/2track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=812146539087536128&ctrl_fetch_dest=iframe&ctrl_id=663bc9e621ab8247404458&ctrl_ts=1715194342.1379&ctrl_ab=burp IP143.204.55.73:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerAmazon Subjecttrack.jefytrack.com FingerprintD9:FC:91:D1:FD:F0:F4:2D:48:E9:47:EE:31:A0:1C:23:D3:9A:29:D8 ValiditySun, 21 Apr 2024 00:00:00 GMT - Tue, 20 May 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=812146539087536128&ctrl_fetch_dest=iframe&ctrl_id=663bc9e621ab8247404458&ctrl_ts=1715194342.1379&ctrl_ab=burp HTTP/1.1
Host: track.jefytrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-length: 0
location: https://externalde.com/out/xyhkxckud/?ctrl_id=663bc9e621ab8247404458&ctrl_ab=burp&ctrl_ts=1715194342.1379&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wkut2uh5m620na513f0cftck
date: Wed, 08 May 2024 18:52:22 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 145f6684-c379-407a-a2eb-922622a713e1-v4=LNyQXP0X1Teb-UFkGeZp7GQ5FWfgqlXQzKU-ihV79Rw; Max-Age=86400; Expires=Thu, 09-May-2024 18:52:22 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22wkut2uh5m620na513f0cftck%22%2C%22caid%22%3A%22145f6684-c379-407a-a2eb-922622a713e1%22%7D; Max-Age=31536000; Expires=Thu, 08-May-2025 18:52:22 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ISZ_3DmMkrcRicsn46JEBHUpqGc5ve8rJ2_qjGk5ATQoRCx4ABk_Eg==
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/tag.min.js?z=5968117 | 139.45.197.250 | 200 OK | 15 kB |
URL GET HTTP/2moonoafy.net/pfe/current/tag.min.js?z=5968117 IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (14612), with no line terminators Hashffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/tag.min.js?z=5968117 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cameesse.net/1?z=5968116 | 139.45.197.242 | 200 OK | 43 kB |
IP139.45.197.242:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typeJavaScript source, ASCII text, with very long lines (42427) Hash6a38272a05c7402ba0328b65c98ac2eb 907e12858733aba02730f7f8d78d191b37b111bd ad75b4bea627b55ba8e223dc095339597a515e05af40ef4c0c8f132e99159b83
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1?z=5968116 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:21 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 7476a90dbc87964bea22f18508e5e21b
access-control-expose-headers: X-Sc
x-sc: lfg0WDpgUXzOjX4T83-oxYBnAVjaq_vn_pUfeEJDknYMfsn0fEuKHw4wnn7-rtmn4d9Z2nz2iC3-0c0IbkDslI-ia0g=
set-cookie: scm=1; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
OAID=040056e66d4e4ac3fbfd3309dc9dd209; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
oaidts=1715194341; expires=Thu, 08 May 2025 18:52:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| lkbx.me/4KqY7?uid=wkut2uh5m620na513f0cftck | 47.89.248.255 | 200 OK | 1.1 kB |
URL GET HTTP/2lkbx.me/4KqY7?uid=wkut2uh5m620na513f0cftck IP47.89.248.255:443 ASN#45102 Alibaba US Technology Co., Ltd.
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerDigiCert Inc Subjectlkbx.me Fingerprint85:1C:F3:96:31:0D:EC:E9:85:9D:6E:27:5F:AE:1D:6C:F2:9B:F5:BD ValidityMon, 27 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1129), with no line terminators Hash0228825ea9613e2da35a34b42a5208fb a988f0625f5ddf64956061279e2606a528b592ed d58099a490a4394c1a316a95d2c5f3a26a06e4b3042755589607e883606f5349
GET /4KqY7?uid=wkut2uh5m620na513f0cftck HTTP/1.1
Host: lkbx.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:52:23 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: discuz_2132_saltkey=2AXIgjir; expires=Fri, 07-Jun-2024 18:52:23 GMT; Max-Age=2592000; path=/; secure; httponly
discuz_2132_lang=en; path=/; secure
discuz_2132_lang=en; path=/; secure
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/defaultSkin.min.js | 139.45.197.250 | 200 OK | 57 kB |
URL GET HTTP/2moonoafy.net/pfe/current/defaultSkin.min.js IP139.45.197.250:443
Requested byhttps://www.dosya.tc/server14/lyelia/FiveMYol.zip.html CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:52:22 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-df63"
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|