Report - s2.dosya.tc/server29/bfo0r8/assistenza_130

Report Overview

Submitted URL
s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
IP
168.119.136.27
ASN
#24940 Hetzner Online GmbH
Submitted
2024-04-26 13:16:51
Access
public
Website Title
404. dosyasını indir - download
Final URL
s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
eephoawaum.com	unknown	unknown	No data	No data	450 B	9.8 kB	139.45.197.243
cameesse.net	unknown	2023-10-18	2023-10-18	2024-04-18	7.3 kB	465 kB	139.45.197.242
moonoafy.net	unknown	2024-01-09	2024-01-09	2024-04-18	5.3 kB	136 kB	139.45.197.250
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-04-25	338 B	863 B	143.204.53.97
inklinkor.com	unknown	2022-04-01	2022-04-01	2024-04-18	396 B	90 kB	104.21.91.63
www.dosya.tc	unknown	2008-08-26	2012-05-20	2024-03-09	422 B	7.5 kB	88.99.254.43
tzegilo.com	unknown	2022-01-14	2022-01-14	2024-04-20	394 B	20 kB	104.21.11.245
externalde.com	unknown	2024-02-28	2024-02-28	2024-04-25	655 B	1.7 kB	104.21.9.15
fleraprt.com	unknown	2022-01-14	2022-01-14	2024-04-20	563 B	481 B	139.45.195.254
lkbx.me	117868	2020-11-24	2020-12-14	2024-04-25	496 B	1.4 kB	47.89.248.255
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-25	1.0 kB	1.5 kB	139.45.195.8
gishejuy.com	unknown	2023-10-25	2023-10-25	2024-03-30	5.2 kB	70 kB	139.45.197.242
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-25	2.0 kB	2.2 kB	139.45.197.250
offerimage.com	304078	2019-06-10	2019-06-10	2024-04-24	1.8 kB	55 kB	172.67.22.216
securedpeacomm.com	unknown	2023-02-27	2023-02-27	2024-04-23	673 B	888 B	172.67.175.232
track.jefytrack.com	unknown	2023-07-04	2023-09-05	2024-04-24	744 B	2.2 kB	143.204.55.21
s2.dosya.tc	unknown	2008-08-26	2012-05-21	2020-01-16	6.9 kB	172 kB	168.119.136.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	cameesse.net	Sinkholed
2024-04-26	medium	cameesse.net	Sinkholed
2024-04-26	medium	cameesse.net	Sinkholed
2024-04-26	medium	cameesse.net	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	cameesse.net	Sinkholed
2024-04-26	medium	inklinkor.com	Sinkholed
2024-04-26	medium	fleraprt.com	Sinkholed
2024-04-26	medium	cameesse.net	Sinkholed
2024-04-26	medium	tzegilo.com	Sinkholed
2024-04-26	medium	cameesse.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	gishejuy.com/400/5968115	84 kB	2024-04-26	2024-04-26
Pretty URL gishejuy.com/400/5968115 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:17:00 Last Seen2024-04-26 15:17:00 Times Seen1 Hash 0851068c4f4bc9be520134a07da531cd fe7603d0054c4f2b4923984841f8fc2e0a684356 d3d1c18f3bebeed39765e9eac4491335195308e2f07a1af3a05fa263639882f4 Loading...

	tzegilo.com/stattag.js	19 kB	2024-02-10	2024-05-06
Pretty URL tzegilo.com/stattag.js IP 104.21.11.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 03:00:18 Last Seen2024-05-06 04:46:01 Times Seen1578 Hash 70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f Loading...

	cameesse.net/1?z=5968116	43 kB	2024-04-26	2024-04-26
Pretty URL cameesse.net/1?z=5968116 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:17:00 Last Seen2024-04-26 15:17:01 Times Seen2 Hash 14f2d95d4d48bb9c9bf51cc90028f13f 7e240afc890e2031a4ca80b9ab8ff2f3b44cc088 05b1e56b4aec334a6f74666702b94aa0976f13cbb8ac2f926f2795f43c6299c1 Loading...

	s2.dosya.tc/server29/bfo0r8/sandbox%20eval%20code	147 B	2023-04-11	2024-05-06
Pretty URL s2.dosya.tc/server29/bfo0r8/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-06 20:41:40 Times Seen345176 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-06
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-06 20:41:41 Times Seen344669 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	inklinkor.com/tag.min.js	89 kB	2024-04-26	2024-04-26
Pretty URL inklinkor.com/tag.min.js IP 104.21.91.63 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:17:00 Last Seen2024-04-26 15:17:01 Times Seen2 Hash 3c003e0dc17f0065474b8326c712d09d b1208344832018ef2b6a051d16dc187b75b50074 34b76d99818bde68dfdd933fa7d72d679966295d887a5562eb0244d47970e90e Loading...

	moonoafy.net/pfe/current/tag.min.js?z=5968117	15 kB	2024-04-25	2024-05-06
Pretty URL moonoafy.net/pfe/current/tag.min.js?z=5968117 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-06 04:46:01 Times Seen138 Hash ffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c Loading...

	s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar	0 B	2023-03-07	2024-05-06
Pretty URL s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar IP 168.119.136.27 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 20:47:25 Times Seen37383864 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a	413 kB	2024-04-11	2024-05-06
Pretty URL cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 13:26:00 Last Seen2024-05-06 04:46:01 Times Seen184 Hash 297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7 Loading...

	unknown	90 kB	2024-04-25	2024-05-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-06 04:46:01 Times Seen186 Hash 4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00 Loading...

	unknown	26 kB	2023-03-07	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:51 Last Seen2024-05-05 11:58:37 Times Seen2091 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar	193 B	2023-05-23	2024-05-03
Pretty URL s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar IP 168.119.136.27 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-23 06:11:34 Last Seen2024-05-03 23:09:41 Times Seen183 Hash 419c962e4b8f01eb7a6db59d9a65c48d ad669179732f2927db555591451336a38761182b 06c42bac1c163ea85720571f261d3e13b367e30ff3fdc4dc426062cb387bd4a9 Loading...

	lkbx.me/4KqY7?uid=w11j7og1n35ii5s03a235dgg	0 B	2023-03-07	2024-05-06
Pretty URL lkbx.me/4KqY7?uid=w11j7og1n35ii5s03a235dgg IP 47.89.248.255 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 20:47:25 Times Seen37383864 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Write - c812639e3ac8014c79ccdeef0fa8a49f	51 kB	2023-05-26	2024-04-26
Pretty Observations First Seen2023-05-26 15:40:47 Last Seen2024-04-26 15:17:00 Times Seen45 Hash c812639e3ac8014c79ccdeef0fa8a49f 0da01b31a6786dc75791842db0328313ece36078 5a68c13ebc5d8b7ebbc2f39d25b7539bc70fa98fa509d81b1b0b859b70a05ae2 Loading...

HTTP Transactions (58)

URL IP Response Size

s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar

168.119.136.27

302 Found

3.6 kB

URL User Request GET HTTP/1.1
s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
IP
168.119.136.27:80
ASN
#24940 Hetzner Online GmbH

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3602 bytes)
Hash
604cf80edc29c24be895b956a9c45ade
69add9e649a8557a7e93631637e372297758f191
f184f30e4587dd54f16898430a1913746db7c00d0b370b42c108b3a3a7add559

HTTP Headers

GET /server29/bfo0r8/assistenza_130_boost2.rar HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 13:16:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar

168.119.136.27

302 Found

245 B

URL User Request GET HTTP/1.1
s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
IP
168.119.136.27:80
ASN
#24940 Hetzner Online GmbH

File type
HTML document, ASCII text
Size
245 B (245 bytes)
Hash
172a2376c4f015c7f7a3f29c2373c13c
8edc9c29ce44dee0326aa28f3e48323160a760d6
328c00859233d47caacd73a6435c42590a49e34d5185335c51f0ddd26955e817

HTTP Headers

GET /server29/bfo0r8/assistenza_130_boost2.rar HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 26 Apr 2024 13:16:24 GMT
Server: Apache
Location: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Content-Length: 245
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar

168.119.136.27

302 Found

3.6 kB

URL User Request GET HTTP/1.1
s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
IP
168.119.136.27:80
ASN
#24940 Hetzner Online GmbH

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3602 bytes)
Hash
604cf80edc29c24be895b956a9c45ade
69add9e649a8557a7e93631637e372297758f191
f184f30e4587dd54f16898430a1913746db7c00d0b370b42c108b3a3a7add559

HTTP Headers

GET /server29/bfo0r8/assistenza_130_boost2.rar HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 13:16:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

s2.dosya.tc/style/style.css

168.119.136.27

200 OK

2.0 kB

URL GET HTTP/1.1
s2.dosya.tc/style/style.css
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
assembler source, ASCII text
Size
2.0 kB (2005 bytes)
Hash
e36585a9f4a781f9445425224c85e695
4a34bb8474bd8d15a5313a157ca72bf8552910cc
2b8c3599f9d693fc1422d4ad7c8fe6b9fbb2ade6b19a89c55e0d94f02252410a

HTTP Headers

GET /style/style.css HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:24 GMT
Server: Apache
Last-Modified: Wed, 09 Mar 2022 23:11:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2005
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

s2.dosya.tc/style/bootstrap.css

168.119.136.27

200 OK

21 kB

URL GET HTTP/1.1
s2.dosya.tc/style/bootstrap.css
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
ASCII text, with very long lines (386)
Size
21 kB (21275 bytes)
Hash
2dbb985a5bb6dd8ef0a7b21d290ea9ae
f8676e1f4a902a63088f45982f3f9b6a6c401b47
d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a

HTTP Headers

GET /style/bootstrap.css HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2022 20:22:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21275
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

s2.dosya.tc/images/footer-icon1.png

168.119.136.27

200 OK

582 B

URL GET HTTP/1.1
s2.dosya.tc/images/footer-icon1.png
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
582 B (582 bytes)
Hash
e62d200d08f565563cc9b713729bbaa6
3a130f79117f2aaa91154eb56a22b47de8c06a50
101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3

HTTP Headers

GET /images/footer-icon1.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:37 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

s2.dosya.tc/images/footer-icon3.png

168.119.136.27

200 OK

1.7 kB

URL GET HTTP/1.1
s2.dosya.tc/images/footer-icon3.png
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
1.7 kB (1702 bytes)
Hash
3a61d85a6bb0a45429b1e4b7d945aa95
6fcdf44c20d1ed269303583e16a98e245fa7b69b
c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732

HTTP Headers

GET /images/footer-icon3.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:38 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

s2.dosya.tc/images/uye-girisi.png

168.119.136.27

200 OK

3.0 kB

URL GET HTTP/1.1
s2.dosya.tc/images/uye-girisi.png
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 140 x 51, 8-bit/color RGB, non-interlaced
Size
3.0 kB (2979 bytes)
Hash
6925e8f5c208aae4dd55cadd1340f180
a03365e7fb59c9588b3b7963e18c0b3e5d4cb369
6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d

HTTP Headers

GET /images/uye-girisi.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:41 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/download.gif

88.99.254.43

200 OK

7.2 kB

URL GET HTTP/1.1
www.dosya.tc/images/download.gif
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
GIF image data, version 89a, 300 x 86
Size
7.2 kB (7229 bytes)
Hash
a9a5324512e43e463fe0a00118ad0c37
5375ae6855a34619ce428da5f835fc9d9ce06124
7964b17bc443c3bcf422211a690ac4bc62ad981d77d5c0b6bdddc982b8615a25

HTTP Headers

GET /images/download.gif HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:05 GMT
Accept-Ranges: bytes
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

s2.dosya.tc/images/footer-icon2.png

168.119.136.27

200 OK

850 B

URL GET HTTP/1.1
s2.dosya.tc/images/footer-icon2.png
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
850 B (850 bytes)
Hash
51a472b4a51ea9245ee6f4386f07818f
a19e86c411dc6da3592d1f90e89ddf68df1fee3c
eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750

HTTP Headers

GET /images/footer-icon2.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:38 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

s2.dosya.tc/images/logo.png

168.119.136.27

200 OK

7.2 kB

URL GET HTTP/1.1
s2.dosya.tc/images/logo.png
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 191 x 53, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7157 bytes)
Hash
2a193802d40b18cd55b0d159571bf63c
1a4e4bdf88317471241d9e5ee29d9572be3f37e3
77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:40 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

s2.dosya.tc/images/menu-ayrac.png

168.119.136.27

200 OK

125 B

URL GET HTTP/1.1
s2.dosya.tc/images/menu-ayrac.png
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 2 x 52, 8-bit/color RGB, non-interlaced
Size
125 B (125 bytes)
Hash
35a0591c63feeb75e3e547e894ff6e2d
7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c
9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced

HTTP Headers

GET /images/menu-ayrac.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:41 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

s2.dosya.tc/images/background.webp

168.119.136.27

200 OK

113 kB

URL GET HTTP/1.1
s2.dosya.tc/images/background.webp
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1050, Scaling: [none]x[none], YUV color, decoders should clamp
Size
113 kB (112776 bytes)
Hash
2b08bddebb64127b30bc913f73cdab61
f8911fd91f0302e88e7fe6e089ba20af32269b79
0804b26a6993fc6ee8e977f77aa9ce5ddf9c4fe69773b296cc292ee7b2a5ac1b

HTTP Headers

GET /images/background.webp HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:35 GMT
Accept-Ranges: bytes
Content-Length: 112776
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/webp

s2.dosya.tc/apple-touch-icon.png

168.119.136.27

200 OK

6.6 kB

URL GET HTTP/1.1
s2.dosya.tc/apple-touch-icon.png
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
Size
6.6 kB (6556 bytes)
Hash
bfd9b50e03f63b25c253a5d6fa5c5ef4
b4c68746da8a1da96b57d37990bfbfb0f716c14b
ca0f27136956761254299ac92d78aecca2c21841760c56904d894eb13ea0237f

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:16 GMT
Accept-Ranges: bytes
Content-Length: 6556
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

s2.dosya.tc/favicon-16x16.png

168.119.136.27

200 OK

1.6 kB

URL GET HTTP/1.1
s2.dosya.tc/favicon-16x16.png
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.6 kB (1594 bytes)
Hash
05c5d89a72c5dc5e863e151cc5fa9b68
df5a0242031f54494fe0bf1b2d7290cd5e864a15
cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:20 GMT
Accept-Ranges: bytes
Content-Length: 1594
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

my.rtmark.net/gid.js?userId=00804af9deb34eeaecfa21f05a975a6d

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=00804af9deb34eeaecfa21f05a975a6d
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
5edee5106c422aaa21e094e26827c53b
66fb6bf41cfd00b219da27424d988f0aad199f25
f1d78f016549c95fd15b04692e928b0ba81a715e3f23e1b6d47488e3c57fdbf1

HTTP Headers

GET /gid.js?userId=00804af9deb34eeaecfa21f05a975a6d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

eephoawaum.com/5/5968118/?oo=1&js_build=iclick-v1.784.0

139.45.197.243

200 OK

8.5 kB

URL GET HTTP/2
eephoawaum.com/5/5968118/?oo=1&js_build=iclick-v1.784.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjecteephoawaum.com
Fingerprint6E:9A:3F:81:A2:D5:35:8F:87:9A:2D:09:48:1B:1C:E2:6B:0F:A1:2A
ValidityFri, 26 Apr 2024 02:25:13 GMT - Thu, 25 Jul 2024 02:25:12 GMT

File type
gzip compressed data, max speed, from Unix
Size
8.5 kB (8544 bytes)
Hash
9439c7f0a21ace707d26743cf777f53f
e73d199cfbeaea0d21c44a84b2819d30b60d1d91
47d2dbb96adedbc3e276af5288b0b9ab7dc2701aadc07dcbf98af36129c10751

HTTP Headers

GET /5/5968118/?oo=1&js_build=iclick-v1.784.0 HTTP/1.1
Host: eephoawaum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/json
x-trace-id: df0851c4c8f3e9d1963e82df6b945014
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:25 GMT; path=/; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:25 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d

139.45.197.242

204 No Content

0 B

URL OPTIONS HTTP/2
cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

gishejuy.com/400/5968115

139.45.197.242

200 OK

66 kB

URL GET HTTP/2
gishejuy.com/400/5968115
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
gzip compressed data, max speed, from Unix
Size
66 kB (66025 bytes)
Hash
5d7eb2929ff0db52bf878f09db84ba52
1b45f183c2909b69b54f55e837531ec6604430f9
d06f98d9753215148c060f06b6907dc6ef987223030e95a3d64b232040c24b35

HTTP Headers

GET /400/5968115 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
x-trace-id: de0de82b6bfcd09efd6efe282fd90339
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03004a68998b4988e608440f19b90638; expires=Sat, 26 Apr 2025 13:16:25 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.242

204 No Content

2.7 kB

URL OPTIONS HTTP/2
cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JSON text data
Size
2.7 kB (2741 bytes)
Hash
32b8a9fa7d1adb408dd714f873324bf7
830cf6420f22657ba11ffb46ca2ac3cb89cc1822
eaa391e508843a317112460412af19b374daea334b77fd166f27049cbd14de4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 339
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: scm=1; OAID=04004af543374735ec24c849c5ff316d; oaidts=1714137385
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 332c7ccf51b85e021d24e7c6e941603a
access-control-expose-headers: X-Sc
set-cookie: OAID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

cameesse.net/11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=90

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=90
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=90 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: scm=1; OAID=00804af9deb34eeaecfa21f05a975a6d; oaidts=1714137385
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: be961cd22d4b39eaf9a7259f38d79614
access-control-expose-headers: X-Sc
set-cookie: OAID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

cameesse.net/121?rnd=2189068270&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D807713345097441280&cln={CELL_NUMBER}&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&bag=ydU9kaAfa6I=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280

139.45.197.242

302 Found

0 B

URL GET HTTP/2
cameesse.net/121?rnd=2189068270&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D807713345097441280&cln={CELL_NUMBER}&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&bag=ydU9kaAfa6I=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /121?rnd=2189068270&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D807713345097441280&cln={CELL_NUMBER}&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&bag=ydU9kaAfa6I=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=00804af9deb34eeaecfa21f05a975a6d; oaidts=1714137385
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-length: 0
location: https://securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=807713345097441280
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: ddbc4db8240f59405589ed06460fcc5f
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 400
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ac2bd7323b5dbf0aba746e04d1b42d0b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 778
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2020a1a86fc814a5c43f25dd5b28cd3a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s2.dosya.tc/sw.js

168.119.136.27

404 Not Found

3.6 kB

URL GET HTTP/1.1
s2.dosya.tc/sw.js
IP
168.119.136.27:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3602 bytes)
Hash
604cf80edc29c24be895b956a9c45ade
69add9e649a8557a7e93631637e372297758f191
f184f30e4587dd54f16898430a1913746db7c00d0b370b42c108b3a3a7add559

HTTP Headers

GET /sw.js HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 13:16:26 GMT
Server: Apache
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

gishejuy.com/500/5968115?excludes=&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/5968115?excludes=&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5968115?excludes=&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

moonoafy.net/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
moonoafy.net/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
moonoafy.net/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
e1dd80c44b4a671eafb212352659866f
215f878dfe66af3061eadf563a9bd608325775bf
3d1445278b95be652b5a14310a7a9c147caa8b426caf52169dabee9fd958d8c7

HTTP Headers

POST /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 1775
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
11e6c55cf2abfa7de93dc4cac37718b0
1b8d3db7def6cdc45848db5729229eae2ad6e98c
7e184adb9fa7694968d59db676425842c283e13a90e873ef5f46bbc2c4a646de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 537
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=d96018540232446ea1d4b8dcccc45b69&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=d96018540232446ea1d4b8dcccc45b69&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
5edee5106c422aaa21e094e26827c53b
66fb6bf41cfd00b219da27424d988f0aad199f25
f1d78f016549c95fd15b04692e928b0ba81a715e3f23e1b6d47488e3c57fdbf1

HTTP Headers

GET /gid.js?pub=0&userId=d96018540232446ea1d4b8dcccc45b69&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: ID=00804af9deb34eeaecfa21f05a975a6d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
0c37ea1667595fc877a8347d7311032a
55e2beb014a7ebd62e7704cec74f6ee5aa301746
79eb9b496bd3936eb5822a14581b60d9c76ad2d7046189d9b0b69a5fdb80a1cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 537
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

25 kB

URL GET HTTP/2
moonoafy.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
gzip compressed data, max speed, from Unix
Size
25 kB (25256 bytes)
Hash
cd789bc69836e36f9aca730d13e76738
f50bceb5baedd3195f86224fefa8b591e46c94e5
044259899815901821307373336198ef64ce1414ca6416d00c383294495510f4

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-df63"
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 397
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1343cf42839e4ac357e62c3b3d6397fb
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

172.67.22.216

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 26 Apr 2024 18:59:43 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 65803
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d8e98fac1bfa-OSL
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
1ff2aebf0e00c94bf92289d47dd400d3
2277f0a7c8b4a502c1a2ac157c1dfcbf71e794e3
4f5ab27cbbc582ac806e2c61c8637e7bd6a0b8be6cff02fd2fa122d8810c098a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Fri, 26 Apr 2024 13:16:26 GMT
Server: ECAcc (amb/6B60)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XY8dt5BKRzofStHBLELB_IGn7tyk-o5OVhfsetN9mn4SoIGTdeJlqQ==

securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=807713345097441280

172.67.175.232

302 Found

0 B

URL GET HTTP/2
securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=807713345097441280
IP
172.67.175.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectsecuredpeacomm.com
FingerprintE2:58:9B:FC:54:26:CA:CC:89:05:0D:28:D6:2E:28:9E:39:7E:5F:D6
ValidityMon, 15 Apr 2024 19:27:34 GMT - Sun, 14 Jul 2024 19:27:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=807713345097441280 HTTP/1.1
Host: securedpeacomm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/html; charset=UTF-8
location: https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=807713345097441280&ctrl_fetch_dest=iframe&ctrl_id=662ba92a6d19a391700824&ctrl_ts=1714137386.4469&ctrl_ab=burp
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qsNi9%2FxSfHfbasEm62qe5V8fpyVdc6RDyZxOqDqw1glbNpC4heDzgkMjXlgFLkZqbRnWDVPHt%2FJWRjZG0BqH7TimfaKHdyrHmdsZy6XT8Yo77WgwEsEoYLfG2ve0a018MJeZEgo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a6d8e7cf09568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gishejuy.com/impression/iw2z68SnXEHVix9nAUzz99nSc1K2rqLJrX2O-CiXjpIM7KldUWtGG7Hoar7bvXZVOaCMVAcNTRxGabltxW0CXoXX41CvcgwU8sNCI4KxxieB1faFi1lzhHxi_QfTd4VApQdknsbAG8dXsFIQ_6gPz1JhMJAymdCniP2Q5Kt198sQoerg77N_BM2dTbNG3oXyOSaImtNaSsi-2RmSMW23G2cPkGTLCnIxkg40RbVQ2lei_mHy8B3Zv7zAFe5AO4N0blUSwnOuNY4ULU9xGm6IRbNdCdy0jUV4GsVWInx5a-vSjyaFLi-wyKtF8N_BBZrnjvw01pGU77pugz0J68DXbu_hg-4hXQceb_HMV0i7Pu9PfQxOz424kX-j8yPu-si9BGXhkLrqMpwqdPpnH1ytJ_r8EPFglQahki5QSWqv6YmLU0P6k4_VpRerPlDIX5KSpIjwcgajdRGMJFOx5W7PkeArGFsg0JwvS-4Oez4jqKR89amruYFozIWk8e3e5l6ImbqkUECCy3Q7bDULxHJsnQMAxRi1W0PDlcY9FNMNs-wnGLD7h2m4i5BvuuxKROZ2uYUZL9d9ErgbJpWo89PcGgURH0W9uxyCOzW7_NoPR5hMKRBzLwBDJENYchxAz346G1DwG4s7wyrsRsVwG9BzhHpH9u7p-LeY4qYQiOFs7Neuuui1ldTl6fVtES3RmfFdb2Y5EtceT7IQgsSeEfUw_h5wH1sbfc7bguuPj2UTUWhW6dZklWJm4l-jLT3ZG3Cup7fEn_G-MedneWaZgXCKDjSbILUi5Dk8-qjAT3bvlkXswQSKZvtW8txlf0Y=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/iw2z68SnXEHVix9nAUzz99nSc1K2rqLJrX2O-CiXjpIM7KldUWtGG7Hoar7bvXZVOaCMVAcNTRxGabltxW0CXoXX41CvcgwU8sNCI4KxxieB1faFi1lzhHxi_QfTd4VApQdknsbAG8dXsFIQ_6gPz1JhMJAymdCniP2Q5Kt198sQoerg77N_BM2dTbNG3oXyOSaImtNaSsi-2RmSMW23G2cPkGTLCnIxkg40RbVQ2lei_mHy8B3Zv7zAFe5AO4N0blUSwnOuNY4ULU9xGm6IRbNdCdy0jUV4GsVWInx5a-vSjyaFLi-wyKtF8N_BBZrnjvw01pGU77pugz0J68DXbu_hg-4hXQceb_HMV0i7Pu9PfQxOz424kX-j8yPu-si9BGXhkLrqMpwqdPpnH1ytJ_r8EPFglQahki5QSWqv6YmLU0P6k4_VpRerPlDIX5KSpIjwcgajdRGMJFOx5W7PkeArGFsg0JwvS-4Oez4jqKR89amruYFozIWk8e3e5l6ImbqkUECCy3Q7bDULxHJsnQMAxRi1W0PDlcY9FNMNs-wnGLD7h2m4i5BvuuxKROZ2uYUZL9d9ErgbJpWo89PcGgURH0W9uxyCOzW7_NoPR5hMKRBzLwBDJENYchxAz346G1DwG4s7wyrsRsVwG9BzhHpH9u7p-LeY4qYQiOFs7Neuuui1ldTl6fVtES3RmfFdb2Y5EtceT7IQgsSeEfUw_h5wH1sbfc7bguuPj2UTUWhW6dZklWJm4l-jLT3ZG3Cup7fEn_G-MedneWaZgXCKDjSbILUi5Dk8-qjAT3bvlkXswQSKZvtW8txlf0Y=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/iw2z68SnXEHVix9nAUzz99nSc1K2rqLJrX2O-CiXjpIM7KldUWtGG7Hoar7bvXZVOaCMVAcNTRxGabltxW0CXoXX41CvcgwU8sNCI4KxxieB1faFi1lzhHxi_QfTd4VApQdknsbAG8dXsFIQ_6gPz1JhMJAymdCniP2Q5Kt198sQoerg77N_BM2dTbNG3oXyOSaImtNaSsi-2RmSMW23G2cPkGTLCnIxkg40RbVQ2lei_mHy8B3Zv7zAFe5AO4N0blUSwnOuNY4ULU9xGm6IRbNdCdy0jUV4GsVWInx5a-vSjyaFLi-wyKtF8N_BBZrnjvw01pGU77pugz0J68DXbu_hg-4hXQceb_HMV0i7Pu9PfQxOz424kX-j8yPu-si9BGXhkLrqMpwqdPpnH1ytJ_r8EPFglQahki5QSWqv6YmLU0P6k4_VpRerPlDIX5KSpIjwcgajdRGMJFOx5W7PkeArGFsg0JwvS-4Oez4jqKR89amruYFozIWk8e3e5l6ImbqkUECCy3Q7bDULxHJsnQMAxRi1W0PDlcY9FNMNs-wnGLD7h2m4i5BvuuxKROZ2uYUZL9d9ErgbJpWo89PcGgURH0W9uxyCOzW7_NoPR5hMKRBzLwBDJENYchxAz346G1DwG4s7wyrsRsVwG9BzhHpH9u7p-LeY4qYQiOFs7Neuuui1ldTl6fVtES3RmfFdb2Y5EtceT7IQgsSeEfUw_h5wH1sbfc7bguuPj2UTUWhW6dZklWJm4l-jLT3ZG3Cup7fEn_G-MedneWaZgXCKDjSbILUi5Dk8-qjAT3bvlkXswQSKZvtW8txlf0Y=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: OAID=00804af9deb34eeaecfa21f05a975a6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:30 GMT
content-type: image/gif
content-length: 43
x-trace-id: 50e4fa2c18e70de61c2764d68346081d
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

gishejuy.com/500/5968115?excludes=19845928&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/5968115?excludes=19845928&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5968115?excludes=19845928&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:31 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/8fb9de081da99ce3c8b8631cff72b564.jpg

172.67.22.216

200 OK

9.4 kB

URL GET HTTP/2
offerimage.com/www/images/8fb9de081da99ce3c8b8631cff72b564.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
9.4 kB (9375 bytes)
Hash
8fb9de081da99ce3c8b8631cff72b564
f6cb7aaa1ae6a6bf4349374eabfdfb8ff42f25ab
632c04a4c8ac3b4f17006c40ce31a705ce9c89a2f3e96e0a91fe6f7b1b9c5acf

HTTP Headers

GET /www/images/8fb9de081da99ce3c8b8631cff72b564.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:31 GMT
content-type: image/jpeg
content-length: 9375
cache-control: max-age=86400
cf-bgj: h2pri
etag: "66033f8d-249f"
expires: Sat, 27 Apr 2024 00:36:24 GMT
last-modified: Tue, 26 Mar 2024 21:35:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 45607
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d906add91bfa-OSL
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

172.67.22.216

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:31 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 26 Apr 2024 18:59:43 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 65808
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d907e84e1bfa-OSL
X-Firefox-Spdy: h2

gishejuy.com/impression/j7m9Girpy4Oi9FGObenDS_KDQrqrCnLdtYGrF-94_ivVnyS9vCiesRCNvqA0MV2WuX_FEu3lhJkjYqYIkHq2Pfa5pJp5lp7qQdbaEJfgyZjLRaGqwBF_Wyk7rYqIHFLFWpk8_YJFHtU8r-XDC1GpMFmWYtV3FoBPl_oOiMSjpSY10ZspEaSKlVHqQop3ZHWoJ0CC9VXIdPzp36Mql-vArgsspfUfRl8gSkuLYHJpAFEg5x0CS5ZaBX4E72zXu-4mI7A2zRq7OBA-nBUFdjfbp8gJ4-k2GVSqzxVE6NDj0y0zXisY0AmZLDq8bNxD_Sap2xjKgUUQUTMYBWRll09xu1_eO0pw8VkWa_t_6ir_G64ASOoc57m6hZWK9jTYS9vZ-M1y1CF3hWyfhmRKj2Lc1HqrDKCjnj1FqNV9KRrbBs-vzjl7z-wjH0-avtCpVYQWCNIkeQA8sKgqDodnAx4fOeBfarG13vflgp-oQE0kCdvLz_m51-WJ1sxsp_4ukfpjLwVcZ4tdeLw9kdv5XTjiOtZ3kkrFK5Ni-IM8LWZtbmXWg9Za9HnKEIImBMd0-2TskxPumZny4m3lV0Fk3RvynK5FuweLkySYBWrJesenVssam0bUBCwwjzyB0w1o0sfgoFbdBb2lXcuVbqICBENknw1V3DfLc88_zqFYMt1XWAibTyAEMWVa5bBinFQKJGpZlJn_AIn8T8vD8LYAJUsVLRnnqFvHyFp5E-QO6WKjR3Oj5ZYQbgZ5H4FTU-4DMVCNCKFUrmFCv5469b8iZEsV3VIumonrBqO16YWmwhxX996nthKYKg2xpGaPT_k=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/j7m9Girpy4Oi9FGObenDS_KDQrqrCnLdtYGrF-94_ivVnyS9vCiesRCNvqA0MV2WuX_FEu3lhJkjYqYIkHq2Pfa5pJp5lp7qQdbaEJfgyZjLRaGqwBF_Wyk7rYqIHFLFWpk8_YJFHtU8r-XDC1GpMFmWYtV3FoBPl_oOiMSjpSY10ZspEaSKlVHqQop3ZHWoJ0CC9VXIdPzp36Mql-vArgsspfUfRl8gSkuLYHJpAFEg5x0CS5ZaBX4E72zXu-4mI7A2zRq7OBA-nBUFdjfbp8gJ4-k2GVSqzxVE6NDj0y0zXisY0AmZLDq8bNxD_Sap2xjKgUUQUTMYBWRll09xu1_eO0pw8VkWa_t_6ir_G64ASOoc57m6hZWK9jTYS9vZ-M1y1CF3hWyfhmRKj2Lc1HqrDKCjnj1FqNV9KRrbBs-vzjl7z-wjH0-avtCpVYQWCNIkeQA8sKgqDodnAx4fOeBfarG13vflgp-oQE0kCdvLz_m51-WJ1sxsp_4ukfpjLwVcZ4tdeLw9kdv5XTjiOtZ3kkrFK5Ni-IM8LWZtbmXWg9Za9HnKEIImBMd0-2TskxPumZny4m3lV0Fk3RvynK5FuweLkySYBWrJesenVssam0bUBCwwjzyB0w1o0sfgoFbdBb2lXcuVbqICBENknw1V3DfLc88_zqFYMt1XWAibTyAEMWVa5bBinFQKJGpZlJn_AIn8T8vD8LYAJUsVLRnnqFvHyFp5E-QO6WKjR3Oj5ZYQbgZ5H4FTU-4DMVCNCKFUrmFCv5469b8iZEsV3VIumonrBqO16YWmwhxX996nthKYKg2xpGaPT_k=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/j7m9Girpy4Oi9FGObenDS_KDQrqrCnLdtYGrF-94_ivVnyS9vCiesRCNvqA0MV2WuX_FEu3lhJkjYqYIkHq2Pfa5pJp5lp7qQdbaEJfgyZjLRaGqwBF_Wyk7rYqIHFLFWpk8_YJFHtU8r-XDC1GpMFmWYtV3FoBPl_oOiMSjpSY10ZspEaSKlVHqQop3ZHWoJ0CC9VXIdPzp36Mql-vArgsspfUfRl8gSkuLYHJpAFEg5x0CS5ZaBX4E72zXu-4mI7A2zRq7OBA-nBUFdjfbp8gJ4-k2GVSqzxVE6NDj0y0zXisY0AmZLDq8bNxD_Sap2xjKgUUQUTMYBWRll09xu1_eO0pw8VkWa_t_6ir_G64ASOoc57m6hZWK9jTYS9vZ-M1y1CF3hWyfhmRKj2Lc1HqrDKCjnj1FqNV9KRrbBs-vzjl7z-wjH0-avtCpVYQWCNIkeQA8sKgqDodnAx4fOeBfarG13vflgp-oQE0kCdvLz_m51-WJ1sxsp_4ukfpjLwVcZ4tdeLw9kdv5XTjiOtZ3kkrFK5Ni-IM8LWZtbmXWg9Za9HnKEIImBMd0-2TskxPumZny4m3lV0Fk3RvynK5FuweLkySYBWrJesenVssam0bUBCwwjzyB0w1o0sfgoFbdBb2lXcuVbqICBENknw1V3DfLc88_zqFYMt1XWAibTyAEMWVa5bBinFQKJGpZlJn_AIn8T8vD8LYAJUsVLRnnqFvHyFp5E-QO6WKjR3Oj5ZYQbgZ5H4FTU-4DMVCNCKFUrmFCv5469b8iZEsV3VIumonrBqO16YWmwhxX996nthKYKg2xpGaPT_k=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: OAID=00804af9deb34eeaecfa21f05a975a6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:34 GMT
content-type: image/gif
content-length: 43
x-trace-id: 063ba14055e098b3d07958839ebfb074
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/8fb9de081da99ce3c8b8631cff72b564.jpg

172.67.22.216

200 OK

9.4 kB

URL GET HTTP/2
offerimage.com/www/images/8fb9de081da99ce3c8b8631cff72b564.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
9.4 kB (9375 bytes)
Hash
8fb9de081da99ce3c8b8631cff72b564
f6cb7aaa1ae6a6bf4349374eabfdfb8ff42f25ab
632c04a4c8ac3b4f17006c40ce31a705ce9c89a2f3e96e0a91fe6f7b1b9c5acf

HTTP Headers

GET /www/images/8fb9de081da99ce3c8b8631cff72b564.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:34 GMT
content-type: image/jpeg
content-length: 9375
cache-control: max-age=86400
cf-bgj: h2pri
etag: "66033f8d-249f"
expires: Sat, 27 Apr 2024 00:36:24 GMT
last-modified: Tue, 26 Mar 2024 21:35:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 45610
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d91a9f321bfa-OSL
X-Firefox-Spdy: h2

cameesse.net/11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: scm=1; OAID=00804af9deb34eeaecfa21f05a975a6d; oaidts=1714137385
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:46 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: b45875b58cad19eee9ba3d1ec554304d
access-control-expose-headers: X-Sc
set-cookie: OAID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:46 GMT; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:46 GMT; secure; SameSite=None
oaidvc=1; expires=Sat, 26 Apr 2025 13:16:46 GMT; secure; SameSite=None
CNT=1_v1_rtk9AQEAAAB_TQAA; expires=Fri, 26 Apr 2024 14:16:46 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

104.21.91.63

200 OK

89 kB

URL GET HTTP/2
inklinkor.com/tag.min.js
IP
104.21.91.63:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectinklinkor.com
Fingerprint28:84:D7:8F:63:D7:99:15:D5:E8:2C:F5:74:62:0D:94:C1:0A:EF:95
ValidityWed, 17 Apr 2024 17:58:45 GMT - Tue, 16 Jul 2024 17:58:44 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (89117 bytes)
Hash
3c003e0dc17f0065474b8326c712d09d
b1208344832018ef2b6a051d16dc187b75b50074
34b76d99818bde68dfdd933fa7d72d679966295d887a5562eb0244d47970e90e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 8b37fd3af2e8203b6893bdab71661673
cache-control: max-age=86400
last-modified: Fri, 26 Apr 2024 10:18:35 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 27 Apr 2024 13:04:48 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 697
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uz26qoua2FfBizHMFtWvJAfnuIcXcPf%2Fq7FrqsHG9pG5nulXgf5nwbRWk5AtMhbr5Aei5N4RU3g866uAT2pvpU2kwoIOX%2FvDfb5MUoWVRBkbir5uCJFwGZ9rqyc9JYl%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d8e16ffdb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/universal.min.js?v=3.1.504

139.45.197.250

200 OK

90 kB

URL GET HTTP/2
moonoafy.net/pfe/current/universal.min.js?v=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89850 bytes)
Hash
4caad44ecc6a13eba45b63ed7cf9e387
e67dfe90bebd5447495d8fe962d03e55f6d13071
66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-15efa"
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=807713345097441280&ctrl_fetch_dest=iframe&ctrl_id=662ba92a6d19a391700824&ctrl_ts=1714137386.4469&ctrl_ab=burp

143.204.55.21

302 Found

1.1 kB

URL GET HTTP/2
track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=807713345097441280&ctrl_fetch_dest=iframe&ctrl_id=662ba92a6d19a391700824&ctrl_ts=1714137386.4469&ctrl_ab=burp
IP
143.204.55.21:443
ASN
#16509 AMAZON-02

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerAmazon
Subjecttrack.jefytrack.com
FingerprintD9:FC:91:D1:FD:F0:F4:2D:48:E9:47:EE:31:A0:1C:23:D3:9A:29:D8
ValiditySun, 21 Apr 2024 00:00:00 GMT - Tue, 20 May 2025 23:59:59 GMT

File type

Size
1.1 kB (1073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=807713345097441280&ctrl_fetch_dest=iframe&ctrl_id=662ba92a6d19a391700824&ctrl_ts=1714137386.4469&ctrl_ab=burp HTTP/1.1
Host: track.jefytrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://externalde.com/out/xyhkxckud/?ctrl_id=662ba92a6d19a391700824&ctrl_ab=burp&ctrl_ts=1714137386.4469&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w11j7og1n35ii5s03a235dgg
date: Fri, 26 Apr 2024 13:16:26 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 145f6684-c379-407a-a2eb-922622a713e1-v4=sI74Q8v9TII9ngYmubQ3P12R1QMl57jqcpZw6gZhjdg; Max-Age=86400; Expires=Sat, 27-Apr-2024 13:16:26 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22w11j7og1n35ii5s03a235dgg%22%2C%22caid%22%3A%22145f6684-c379-407a-a2eb-922622a713e1%22%7D; Max-Age=31536000; Expires=Sat, 26-Apr-2025 13:16:26 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aAgXQypabC8FOT5iT-WA3CwiQAI9s3tE6lh9LZ6hv3mxdofe6dmqpA==
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/tag.min.js?z=5968117

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
moonoafy.net/pfe/current/tag.min.js?z=5968117
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (14612), with no line terminators
Size
15 kB (14612 bytes)
Hash
ffdd38e0a5a1a47cb341a116a3318e0e
2fd730feff506cf56e14c531e9d89cdea2cca424
7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c

HTTP Headers

GET /pfe/current/tag.min.js?z=5968117 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=dc2ea7fa-7735-4798-9f01-76dccf3a4da9

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=dc2ea7fa-7735-4798-9f01-76dccf3a4da9
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
6949f52318584a4b51c719a9b84a7287
9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905
72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=dc2ea7fa-7735-4798-9f01-76dccf3a4da9 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1421
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 26 Apr 2024 13:16:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://s2.dosya.tc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

cameesse.net/1?z=5968116

139.45.197.242

200 OK

43 kB

URL GET HTTP/2
cameesse.net/1?z=5968116
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (42427)
Size
43 kB (43417 bytes)
Hash
14f2d95d4d48bb9c9bf51cc90028f13f
7e240afc890e2031a4ca80b9ab8ff2f3b44cc088
05b1e56b4aec334a6f74666702b94aa0976f13cbb8ac2f926f2795f43c6299c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=5968116 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: a8d1b4f05556a41f2e67ad552a0031b5
access-control-expose-headers: X-Sc
x-sc: iWzETAN0Ul8_hr2hFmASAKIM2bJHJmW2hKiClrpljUE5TAimERyY61ak_SBD7qkyfYSWRDuj5ywuB4rCEaHCXB2bQuc=
set-cookie: scm=1; expires=Sat, 26 Apr 2025 13:16:25 GMT; secure; SameSite=None
OAID=04004af543374735ec24c849c5ff316d; expires=Sat, 26 Apr 2025 13:16:25 GMT; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:25 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.11.245

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
104.21.11.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18486)
Size
19 kB (19136 bytes)
Hash
70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3990
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PB6Tw132GcCXE7636ZaD1rZpynrWgPPJhUvV%2FBYy8f97fXmz0vLixIvtdNAz%2BwQMnbud0dQSF2paQxz1YRl%2Fco%2BHIQczGUcGhCNEuPrI6X5v1Tu%2BvnkALY4qJqkiNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d8e56e2d56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lkbx.me/4KqY7?uid=w11j7og1n35ii5s03a235dgg

47.89.248.255

200 OK

1.1 kB

URL GET HTTP/2
lkbx.me/4KqY7?uid=w11j7og1n35ii5s03a235dgg
IP
47.89.248.255:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerDigiCert Inc
Subjectlkbx.me
Fingerprint85:1C:F3:96:31:0D:EC:E9:85:9D:6E:27:5F:AE:1D:6C:F2:9B:F5:BD
ValidityMon, 27 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1129), with no line terminators
Size
1.1 kB (1073 bytes)
Hash
f12c3d87a36c7e07ce75e962dbe95e15
b201e0a2e71e856a7662cb28da21333fc9eebbbe
061c3343c97d54813db8695559c6d89a46374f5dbd4cb809e45cebe579b2f94c

HTTP Headers

GET /4KqY7?uid=w11j7og1n35ii5s03a235dgg HTTP/1.1
Host: lkbx.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:27 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: discuz_2132_saltkey=8hQLtnnE; expires=Sun, 26-May-2024 13:16:27 GMT; Max-Age=2592000; path=/; secure; httponly
discuz_2132_lang=en; path=/; secure
discuz_2132_lang=en; path=/; secure
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=s2.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.250

200 OK

880 B

URL GET HTTP/2
moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=s2.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (977), with no line terminators
Size
880 B (880 bytes)
Hash
67afc83cfbfb20dc94c7c510eaf57599
e7af356ace3104bb7dbed4baf41dae74ad325128
d96a2da7b223ec9f5ec7189a6298b52d9d9dda7613a4515bcf5bf9fa7a0b0416

HTTP Headers

GET /zone?pub=0&zone_id=5968117&is_mobile=false&domain=s2.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: f13acc160523b8ae4461f4898ade828f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

413 kB

URL GET HTTP/2
cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65523)
Size
413 kB (413423 bytes)
Hash
297cc248309ba835cf13a1f82fd3f938
1e6f51ce257a0ee53e25280dd44092ed33339847
b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: scm=1; OAID=04004af543374735ec24c849c5ff316d; oaidts=1714137385
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: bf35dfcbab3e52c9a31e9cac9598a7d9
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

externalde.com/out/xyhkxckud/?ctrl_id=662ba92a6d19a391700824&ctrl_ab=burp&ctrl_ts=1714137386.4469&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w11j7og1n35ii5s03a235dgg

104.21.9.15

302 Found

1.1 kB

URL GET HTTP/2
externalde.com/out/xyhkxckud/?ctrl_id=662ba92a6d19a391700824&ctrl_ab=burp&ctrl_ts=1714137386.4469&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w11j7og1n35ii5s03a235dgg
IP
104.21.9.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectexternalde.com
Fingerprint79:24:9D:C1:87:2E:2E:74:56:2B:08:78:0D:03:42:70:D2:45:87:61
ValidityWed, 28 Feb 2024 13:09:48 GMT - Tue, 28 May 2024 13:09:47 GMT

File type

Size
1.1 kB (1073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /out/xyhkxckud/?ctrl_id=662ba92a6d19a391700824&ctrl_ab=burp&ctrl_ts=1714137386.4469&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w11j7og1n35ii5s03a235dgg HTTP/1.1
Host: externalde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/html; charset=UTF-8
location: https://lkbx.me/4KqY7?uid=w11j7og1n35ii5s03a235dgg
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i1kHQ0VZZ9uMAsSf%2FgvNXGN4W7rejO%2FjnFtDwubVfDxMZ1t%2Bo5p7ECVGvwmQfnifHHf9A2wT%2F7bVwF1P%2BIuHkDq45H%2B%2Fom%2FKA5ED9vmHyPoxdmqrgNlTf%2BZptB1NWOnRXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a6d8ebbdc656cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML