| s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe | 157.90.180.51 | 302 Found | 3.6 kB |
URL User Request GET HTTP/1.1s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe IP157.90.180.51:80 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, ISO-8859 text Hashddc6bd519467a693a2825f551ab2d6db 6d5f202f527bed2867fc0d27866f8b58b81f7d5d 647d6f93c1985318be79a6acfbbc8df0689a0dd128826c605ac69cb14c736dee
GET /server19/4kgcpb/dusk.exe.html','dusk.exe HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 17:13:15 GMT
Server: Apache
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe | 157.90.180.51 | 302 Found | 244 B |
URL User Request GET HTTP/1.1s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe IP157.90.180.51:80 ASN#24940 Hetzner Online GmbH
File typeHTML document, ASCII text Hasha08137a8ae98840dc444c43eb684bab8 10aacc82d6f04c120e079e6da118a3bb0dd5640c d1bb190d7e49264c6adfaa723b0c772ad33bc5df1a924259998ac676bd7aec2c
GET /server19/4kgcpb/dusk.exe.html','dusk.exe HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Location: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Content-Length: 244
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe | 157.90.180.51 | 302 Found | 3.6 kB |
URL User Request GET HTTP/1.1s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe IP157.90.180.51:80 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, ISO-8859 text Hashddc6bd519467a693a2825f551ab2d6db 6d5f202f527bed2867fc0d27866f8b58b81f7d5d 647d6f93c1985318be79a6acfbbc8df0689a0dd128826c605ac69cb14c736dee
GET /server19/4kgcpb/dusk.exe.html','dusk.exe HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Keep-Alive: timeout=5, max=149
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| s6.dosya.tc/style/style.css | 157.90.180.51 | 200 OK | 15 kB |
URL GET HTTP/1.1s6.dosya.tc/style/style.css IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeassembler source, ASCII text Hashe36585a9f4a781f9445425224c85e695 4a34bb8474bd8d15a5313a157ca72bf8552910cc 2b8c3599f9d693fc1422d4ad7c8fe6b9fbb2ade6b19a89c55e0d94f02252410a
GET /style/style.css HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:49 GMT
Accept-Ranges: bytes
Content-Length: 14629
Keep-Alive: timeout=5, max=148
Connection: Keep-Alive
Content-Type: text/css
|
|
| s6.dosya.tc/style/bootstrap.css | 157.90.180.51 | 200 OK | 142 kB |
URL GET HTTP/1.1s6.dosya.tc/style/bootstrap.css IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (540) Size142 kB (141622 bytes) Hash2183d05f5a0a9a3b2e8cb0509ca363e3 f2183455571b19311a235bd5aa204e694ade8e94 c942686010e285633d77a24341c43850ccd6162fcc7e8281ae8a70c2921a9af5
GET /style/bootstrap.css HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:48 GMT
Accept-Ranges: bytes
Content-Length: 141622
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/css
|
|
| s6.dosya.tc/images/footer-icon1.png | 157.90.180.51 | 200 OK | 582 B |
URL GET HTTP/1.1s6.dosya.tc/images/footer-icon1.png IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hashe62d200d08f565563cc9b713729bbaa6 3a130f79117f2aaa91154eb56a22b47de8c06a50 101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3
GET /images/footer-icon1.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:37 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: image/png
|
|
| s6.dosya.tc/images/uye-girisi.png | 157.90.180.51 | 200 OK | 3.0 kB |
URL GET HTTP/1.1s6.dosya.tc/images/uye-girisi.png IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 140 x 51, 8-bit/color RGB, non-interlaced Hash6925e8f5c208aae4dd55cadd1340f180 a03365e7fb59c9588b3b7963e18c0b3e5d4cb369 6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d
GET /images/uye-girisi.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:41 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: image/png
|
|
| s6.dosya.tc/images/footer-icon2.png | 157.90.180.51 | 200 OK | 850 B |
URL GET HTTP/1.1s6.dosya.tc/images/footer-icon2.png IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash51a472b4a51ea9245ee6f4386f07818f a19e86c411dc6da3592d1f90e89ddf68df1fee3c eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750
GET /images/footer-icon2.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:37 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=147
Connection: Keep-Alive
Content-Type: image/png
|
|
| s6.dosya.tc/images/logo.png | 157.90.180.51 | 200 OK | 7.2 kB |
URL GET HTTP/1.1s6.dosya.tc/images/logo.png IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 191 x 53, 8-bit/color RGB, non-interlaced Hash2a193802d40b18cd55b0d159571bf63c 1a4e4bdf88317471241d9e5ee29d9572be3f37e3 77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a
GET /images/logo.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:40 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: image/png
|
|
| s6.dosya.tc/images/footer-icon3.png | 157.90.180.51 | 200 OK | 1.7 kB |
URL GET HTTP/1.1s6.dosya.tc/images/footer-icon3.png IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash3a61d85a6bb0a45429b1e4b7d945aa95 6fcdf44c20d1ed269303583e16a98e245fa7b69b c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732
GET /images/footer-icon3.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:38 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: image/png
|
|
| s6.dosya.tc/images/background.webp | 157.90.180.51 | 200 OK | 113 kB |
URL GET HTTP/1.1s6.dosya.tc/images/background.webp IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1050, Scaling: [none]x[none], YUV color, decoders should clamp Size113 kB (112776 bytes) Hash2b08bddebb64127b30bc913f73cdab61 f8911fd91f0302e88e7fe6e089ba20af32269b79 0804b26a6993fc6ee8e977f77aa9ce5ddf9c4fe69773b296cc292ee7b2a5ac1b
GET /images/background.webp HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:35 GMT
Accept-Ranges: bytes
Content-Length: 112776
Keep-Alive: timeout=5, max=149
Connection: Keep-Alive
Content-Type: image/webp
|
|
| s6.dosya.tc/images/menu-ayrac.png | 157.90.180.51 | 200 OK | 125 B |
URL GET HTTP/1.1s6.dosya.tc/images/menu-ayrac.png IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 2 x 52, 8-bit/color RGB, non-interlaced Hash35a0591c63feeb75e3e547e894ff6e2d 7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c 9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced
GET /images/menu-ayrac.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:40 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=146
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/download.gif | 88.99.254.43 | 200 OK | 7.2 kB |
URL GET HTTP/1.1www.dosya.tc/images/download.gif IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeGIF image data, version 89a, 300 x 86 Hasha9a5324512e43e463fe0a00118ad0c37 5375ae6855a34619ce428da5f835fc9d9ce06124 7964b17bc443c3bcf422211a690ac4bc62ad981d77d5c0b6bdddc982b8615a25
GET /images/download.gif HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:05 GMT
Accept-Ranges: bytes
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif
|
|
| s6.dosya.tc/apple-touch-icon.png | 157.90.180.51 | 200 OK | 6.6 kB |
URL GET HTTP/1.1s6.dosya.tc/apple-touch-icon.png IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced Hashbfd9b50e03f63b25c253a5d6fa5c5ef4 b4c68746da8a1da96b57d37990bfbfb0f716c14b ca0f27136956761254299ac92d78aecca2c21841760c56904d894eb13ea0237f
GET /apple-touch-icon.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:13 GMT
Accept-Ranges: bytes
Content-Length: 6556
Keep-Alive: timeout=5, max=148
Connection: Keep-Alive
Content-Type: image/png
|
|
| s6.dosya.tc/favicon-16x16.png | 157.90.180.51 | 200 OK | 1.6 kB |
URL GET HTTP/1.1s6.dosya.tc/favicon-16x16.png IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash05c5d89a72c5dc5e863e151cc5fa9b68 df5a0242031f54494fe0bf1b2d7290cd5e864a15 cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46
GET /favicon-16x16.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:18 GMT
Accept-Ranges: bytes
Content-Length: 1594
Keep-Alive: timeout=5, max=145
Connection: Keep-Alive
Content-Type: image/png
|
|
| my.rtmark.net/gid.js?userId=0080557697c74763e0116994ce9252f8 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=0080557697c74763e0116994ce9252f8 IP139.45.195.8:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash1ef7c98dd0494a8834542729216d7d91 fae5957d9b86d0c32ca8c56d197da297590175bc fbab396953596a5e435e48e8bbe05abbeaaa70d65b93715e477f41476e7ea446
GET /gid.js?userId=0080557697c74763e0116994ce9252f8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=s6.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 | 139.45.197.250 | 200 OK | 880 B |
URL GET HTTP/2moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=s6.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash643900499a3362d34db22f9725b991b6 d8a390b412d75fb3c2beaea48f9bee4058718284 1a51cbcaf3fcc1a8f4d47d7af4f28f697e029099167745a1a9d9ee5796275b1c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /zone?pub=0&zone_id=5968117&is_mobile=false&domain=s6.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 419107d6ae12efe43554b5aa52671234
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| wigrooglie.net/?rb=NPJAJNCv7TeQZYTzdthF6Hi3LmhTespI9IfRqrl0imRVY96TujJIRU_JMztn90CzW639RzEvz9LksjV0ExtIDUjzR9S0kfU1OXLFq9CHgW4QUP6cyIDtTS_PwszJ-KRXFWC4g_E0_2mbHb4LeLFtcEfQAdAEKmg_eeShF3LYlLf7C8_qWh5pk5alCGUptwF8GcAi8hfwT8kkxcUjZmHsEkKNgXPd8uvTjOdKzRNvXxc5jI8PMad1tSoWYhDLqK4I-_yNxA%3D%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=0f1ff657-06c3-4b97-a76a-5fcb05d57d12&wasm=1&userId=0080557697c74763e0116994ce9252f8&m=link | 139.45.197.242 | 200 OK | 2.2 kB |
URL GET HTTP/2wigrooglie.net/?rb=NPJAJNCv7TeQZYTzdthF6Hi3LmhTespI9IfRqrl0imRVY96TujJIRU_JMztn90CzW639RzEvz9LksjV0ExtIDUjzR9S0kfU1OXLFq9CHgW4QUP6cyIDtTS_PwszJ-KRXFWC4g_E0_2mbHb4LeLFtcEfQAdAEKmg_eeShF3LYlLf7C8_qWh5pk5alCGUptwF8GcAi8hfwT8kkxcUjZmHsEkKNgXPd8uvTjOdKzRNvXxc5jI8PMad1tSoWYhDLqK4I-_yNxA%3D%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=0f1ff657-06c3-4b97-a76a-5fcb05d57d12&wasm=1&userId=0080557697c74763e0116994ce9252f8&m=link IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectwigrooglie.net FingerprintEF:4A:44:83:A9:78:0C:8F:85:B1:B3:3B:F0:A8:79:7A:1C:FE:39:3F ValidityTue, 07 May 2024 00:49:13 GMT - Mon, 05 Aug 2024 00:49:12 GMT
Hash9e8c1f57a0cf4c32700ed71895beaf05 f41a17a9ba597a05880f4a4147db7c05985132f1 4641f361e475eaa59f64fcb0217baf7cb6418ca3550c7e511d16cad3e4abda53
GET /?rb=NPJAJNCv7TeQZYTzdthF6Hi3LmhTespI9IfRqrl0imRVY96TujJIRU_JMztn90CzW639RzEvz9LksjV0ExtIDUjzR9S0kfU1OXLFq9CHgW4QUP6cyIDtTS_PwszJ-KRXFWC4g_E0_2mbHb4LeLFtcEfQAdAEKmg_eeShF3LYlLf7C8_qWh5pk5alCGUptwF8GcAi8hfwT8kkxcUjZmHsEkKNgXPd8uvTjOdKzRNvXxc5jI8PMad1tSoWYhDLqK4I-_yNxA%3D%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=0f1ff657-06c3-4b97-a76a-5fcb05d57d12&wasm=1&userId=0080557697c74763e0116994ce9252f8&m=link HTTP/1.1
Host: wigrooglie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: OAID=0080557697c74763e0116994ce9252f8; oaidts=1715101996
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json
x-trace-id: 079033fa9075d8bdcb566f3ad04fad71
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; path=/; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:17 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 14 May 2024 17:13:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 399
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b0161040495d7813966d717e7d8ea56e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 777
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2b8f74b63cfdf37ea684e9d0d04daca9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| tzegilo.com/stattag.js | 172.67.193.52 | 200 OK | 11 kB |
IP172.67.193.52:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerGoogle Trust Services LLC Subjecttzegilo.com Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1 ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT
File typeJavaScript source, ASCII text, with very long lines (18486) Hash70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hf8klz9V%2BoKoB9hr%2F3fBdfwptgiZbtWCBaCoKuRILlaMo8h34geEM5Fu9Z2ssiL5iveLety%2FfoZoZt8%2FW0sfg4KQTdFg%2FkZI3LmK7HZ0smXn2XAunEtZ4skiiXNBFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d6fa9f4756af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash0aabdc4dedd57234ece2ed2770a21f11 3d6500ac52832bdb66f9ae5b108ec5036fc0884c 5146db9d76a8fb0ef60cab8253381cd96bb9aa0ab4fb721cd03b9af8793e0132
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 536
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=7cb444a2-64d5-4401-913a-55f520a67207 | 139.45.195.254 | 200 OK | 12 B |
URL POST HTTP/1.1fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=7cb444a2-64d5-4401-913a-55f520a67207 IP139.45.195.254:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subjectfleraprt.com Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=7cb444a2-64d5-4401-913a-55f520a67207 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1419
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 07 May 2024 17:13:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://s6.dosya.tc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| gishejuy.com/500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 0 B |
URL OPTIONS HTTP/2gishejuy.com/500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8 | 139.45.197.242 | 204 No Content | 0 B |
URL OPTIONS HTTP/2cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash138382da0ba78d28e8591105a4f79dca 3418f760f2e979b0fc86bef874781ebb37ed7304 cca918c817d3ee95e925883251867b30e9894ce87559bee1f8343b48d8f766f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 1769
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8 | 139.45.197.242 | 204 No Content | 2.6 kB |
URL OPTIONS HTTP/2cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typegzip compressed data, max speed, from Unix Hash8f153f11e0ed5eff9a0fe75c42a70e69 6a13701184dead4d3f89400ebff18dd31109839c 5bc5c65d0054e26b71838ef35c172b472ab2fe4420370f34c09e25db2e52fe31
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 339
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: scm=1; OAID=0400553d16b04f60fabf67e2460e820f; oaidts=1715101997
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: a4c3cb794ca57d00c58ea3d859a22fce
access-control-expose-headers: X-Sc
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cameesse.net/11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=123 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2cameesse.net/11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=123 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=123 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: scm=1; OAID=0080557697c74763e0116994ce9252f8; oaidts=1715101997
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 25b692163bcf8b7490fb5b88c185431f
access-control-expose-headers: X-Sc
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| cameesse.net/121?rnd=3434946356&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D811759219138105345&cln={CELL_NUMBER}&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&bag=BpkLYNc2x3bCskOrltfaldZAzkyhetQ6&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345 | 139.45.197.242 | 302 Found | 0 B |
URL GET HTTP/2cameesse.net/121?rnd=3434946356&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D811759219138105345&cln={CELL_NUMBER}&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&bag=BpkLYNc2x3bCskOrltfaldZAzkyhetQ6&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /121?rnd=3434946356&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D811759219138105345&cln={CELL_NUMBER}&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&bag=BpkLYNc2x3bCskOrltfaldZAzkyhetQ6&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=0080557697c74763e0116994ce9252f8; oaidts=1715101997
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-length: 0
location: https://www.nbfcs.org/#signUp=811759219138105345
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: d64143b2cd16f166c348bf9dc384f6e0
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashb34cda6b583b818e5911cdc34df44c79 1622a1075d75ad62a27ac7ca4c27c89307e39d40 cebb65778cfd41a0ca8695e1b20c14f88674b6fa7a7e9e18425a832119c2e19c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 536
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 104.22.33.172 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP104.22.33.172:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:17 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Tue, 07 May 2024 20:07:29 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 75948
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d6fddda18f60-CPH
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 1.3 kB |
URL OPTIONS HTTP/2gishejuy.com/500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hash83f64e3fe40ddf9f4c90a85987a653be 7626c251d678755dd7a4bf284c65e0e6ded0cfed 2ab78704d3378784e5d5311e1b1a38b9b9e1d8ac80cb34d972394733260239bd
GET /500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: OAID=03005520da284117e2a5ca059bab4e55
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
x-trace-id: 678f2177e935506ebc89c9340e9a574c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://s6.dosya.tc
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 396
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0e8bdada9234ef8578746e9ce9d1077e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| www.nbfcs.org/ | 95.211.219.66 | | 475 B |
IP95.211.219.66:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeHTML document, ASCII text, with very long lines (475), with no line terminators Hash77b08b7a926a16d41a3a026ecb79acfb eaf89b19258309eb248a2846bb5fd0bcbedc93fd 99719c4c55b1af6b579f4df72b16621824cdb9b17cf62de8f6fb2bd59d873da6
GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 475
content-type: text/html; charset=utf-8
date: Tue, 07 May 2024 17:13:16 GMT
server: Cowboy
set-cookie: sid=18e02615-0c95-11ef-906f-b2d3a883050c; path=/; domain=.nbfcs.org; expires=Sun, 25 May 2092 20:27:24 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
|
|
| www.nbfcs.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNTEwOTE5NywiaWF0IjoxNzE1MTAxOTk3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjZrOGJncDRldHB0dmNqNm8wNm5tb2YiLCJuYmYiOjE3MTUxMDE5OTcsInRzIjoxNzE1MTAxOTk3ODc4OTMxfQ.hUVI9JUunEmwjO4UoprSburdsheCqxe4zF6-kWHf4xs&sid=18e02615-0c95-11ef-906f-b2d3a883050c | 95.211.219.66 | 302 Found | 11 B |
URL GET HTTP/2www.nbfcs.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNTEwOTE5NywiaWF0IjoxNzE1MTAxOTk3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjZrOGJncDRldHB0dmNqNm8wNm5tb2YiLCJuYmYiOjE3MTUxMDE5OTcsInRzIjoxNzE1MTAxOTk3ODc4OTMxfQ.hUVI9JUunEmwjO4UoprSburdsheCqxe4zF6-kWHf4xs&sid=18e02615-0c95-11ef-906f-b2d3a883050c IP95.211.219.66:443 ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectnbfcs.org FingerprintE3:83:6F:69:48:41:C8:15:8B:C9:60:80:00:84:9A:A7:01:18:85:36 ValidityFri, 05 Apr 2024 04:35:50 GMT - Thu, 04 Jul 2024 04:35:49 GMT
File typeASCII text, with no line terminators Hash32682312d17c7cbf18e73594f5570319 60e22121bdd0bc71cdb2bae2a3aa577006b2eae9 e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNTEwOTE5NywiaWF0IjoxNzE1MTAxOTk3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjZrOGJncDRldHB0dmNqNm8wNm5tb2YiLCJuYmYiOjE3MTUxMDE5OTcsInRzIjoxNzE1MTAxOTk3ODc4OTMxfQ.hUVI9JUunEmwjO4UoprSburdsheCqxe4zF6-kWHf4xs&sid=18e02615-0c95-11ef-906f-b2d3a883050c HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.nbfcs.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Tue, 07 May 2024 17:13:17 GMT
location: http://ww1.nbfcs.org/?subid1=18e02615-0c95-11ef-906f-b2d3a883050c
server: Cowboy
set-cookie: sid=18e02615-0c95-11ef-906f-b2d3a883050c; path=/; domain=.nbfcs.org; expires=Sun, 25 May 2092 20:27:25 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/8oBt6Y6kVNX5p35SzQoJWtZW8BU2dRNYryCgNoiwrDBVjGlSh2iOCdP7JpXLYuwv8-bjY_D8p5yP_lqJJjz1DQT6yqKjIz3KQliwSEjHj2W7NytZZ87vNg_bh7QvblaBN7KkljicbEVCy-7LXI-RqBLgt8pT9_AqQrcf7Wl44MwPwzz5urgRHZ47aM6MXzM1RBygpFC3PLkyfdWG_A6csaN8nzXNIFFlp9pVn_yyvy7aYeKbDei0vTGrx5lcFX8GyS-0Yjf_IwuebXrWLRNIrJsCbDjqCl0820iCEGbk8DOk8v1OUs6IjO-izL0k_fjknnQsK7ZfALQ-Y7D7Jl2YFEst83s_4tREDuU3h8ca3OdH9FX1QrA5yFr5T-drOkZIYaGHK3cE7hGJbli-PlDudk62uaA6Lli6_mZC4CO5Gjj77hjDAll0w1UuBWkKIJQA6QIWJ5VBx8ejI1Bd5QsuyV7DXYuLu6kgk3dv9LhbURkw9fYrapyk7IcFBCtMHuf9PtTEkXSTcyM9d722m-BMXyZybssUNWjmI-2GKy9Ru-JMPZgLCJjZeU_LMqI9brQivreBEh6Dhuqn1hpcJphaHMebmSB69HmK1XXq2g8KkoOrhGpAPxAKXf0lca0Fb4Dc25_jRyykVITShu-wHtvEC1xRSU8bMRgMYkh5Xa6LPvxjLMn9hjeAeZ8KqYuT7shRzeEBYjwm_k0=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/8oBt6Y6kVNX5p35SzQoJWtZW8BU2dRNYryCgNoiwrDBVjGlSh2iOCdP7JpXLYuwv8-bjY_D8p5yP_lqJJjz1DQT6yqKjIz3KQliwSEjHj2W7NytZZ87vNg_bh7QvblaBN7KkljicbEVCy-7LXI-RqBLgt8pT9_AqQrcf7Wl44MwPwzz5urgRHZ47aM6MXzM1RBygpFC3PLkyfdWG_A6csaN8nzXNIFFlp9pVn_yyvy7aYeKbDei0vTGrx5lcFX8GyS-0Yjf_IwuebXrWLRNIrJsCbDjqCl0820iCEGbk8DOk8v1OUs6IjO-izL0k_fjknnQsK7ZfALQ-Y7D7Jl2YFEst83s_4tREDuU3h8ca3OdH9FX1QrA5yFr5T-drOkZIYaGHK3cE7hGJbli-PlDudk62uaA6Lli6_mZC4CO5Gjj77hjDAll0w1UuBWkKIJQA6QIWJ5VBx8ejI1Bd5QsuyV7DXYuLu6kgk3dv9LhbURkw9fYrapyk7IcFBCtMHuf9PtTEkXSTcyM9d722m-BMXyZybssUNWjmI-2GKy9Ru-JMPZgLCJjZeU_LMqI9brQivreBEh6Dhuqn1hpcJphaHMebmSB69HmK1XXq2g8KkoOrhGpAPxAKXf0lca0Fb4Dc25_jRyykVITShu-wHtvEC1xRSU8bMRgMYkh5Xa6LPvxjLMn9hjeAeZ8KqYuT7shRzeEBYjwm_k0=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/8oBt6Y6kVNX5p35SzQoJWtZW8BU2dRNYryCgNoiwrDBVjGlSh2iOCdP7JpXLYuwv8-bjY_D8p5yP_lqJJjz1DQT6yqKjIz3KQliwSEjHj2W7NytZZ87vNg_bh7QvblaBN7KkljicbEVCy-7LXI-RqBLgt8pT9_AqQrcf7Wl44MwPwzz5urgRHZ47aM6MXzM1RBygpFC3PLkyfdWG_A6csaN8nzXNIFFlp9pVn_yyvy7aYeKbDei0vTGrx5lcFX8GyS-0Yjf_IwuebXrWLRNIrJsCbDjqCl0820iCEGbk8DOk8v1OUs6IjO-izL0k_fjknnQsK7ZfALQ-Y7D7Jl2YFEst83s_4tREDuU3h8ca3OdH9FX1QrA5yFr5T-drOkZIYaGHK3cE7hGJbli-PlDudk62uaA6Lli6_mZC4CO5Gjj77hjDAll0w1UuBWkKIJQA6QIWJ5VBx8ejI1Bd5QsuyV7DXYuLu6kgk3dv9LhbURkw9fYrapyk7IcFBCtMHuf9PtTEkXSTcyM9d722m-BMXyZybssUNWjmI-2GKy9Ru-JMPZgLCJjZeU_LMqI9brQivreBEh6Dhuqn1hpcJphaHMebmSB69HmK1XXq2g8KkoOrhGpAPxAKXf0lca0Fb4Dc25_jRyykVITShu-wHtvEC1xRSU8bMRgMYkh5Xa6LPvxjLMn9hjeAeZ8KqYuT7shRzeEBYjwm_k0=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: OAID=0080557697c74763e0116994ce9252f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:22 GMT
content-type: image/gif
content-length: 43
x-trace-id: dbec01a2d0c9b275a84ad4f3c1b69a68
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 0 B |
URL OPTIONS HTTP/2gishejuy.com/500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:22 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg | 104.22.33.172 | 200 OK | 22 kB |
URL GET HTTP/2offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg IP104.22.33.172:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash338d4afc932e0e88547350014503e81f cad58c0262942799b278e63707d3ae00eca58a9d 73a161b3d4ac180c2cf041f98043306bc9441c87bf33893d6aa4c6b030253607
GET /www/images/338d4afc932e0e88547350014503e81f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:22 GMT
content-type: image/jpeg
content-length: 21899
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65fcad07-558b"
expires: Tue, 07 May 2024 20:07:05 GMT
last-modified: Thu, 21 Mar 2024 21:56:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 75977
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d71c1b538f60-CPH
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 104.22.33.172 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP104.22.33.172:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:22 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Tue, 07 May 2024 20:07:29 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 75953
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d71d0cf08f60-CPH
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 7.0 kB |
URL OPTIONS HTTP/2gishejuy.com/500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typegzip compressed data, max speed, from Unix Hashc0c898457560cb720a0794b8250b5154 94ddd2a509153ad077ac03c61402825442771819 5e8efba9e4aa09e7e5a0bc4ba0e2a2d980085bea0b2b2efcae662bb915d8c977
GET /500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: OAID=0080557697c74763e0116994ce9252f8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:22 GMT
content-type: application/javascript
x-trace-id: 0804440d82537c52c5922ecbb68b1902
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://s6.dosya.tc
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/S0Xb-tlDZ5MNuf_ksoZClQZ-c1P9g1Uei8cP0kbJX1TFX-CiCnp7U_CXRwOimDmO0QFqf_yVEukBfEjv5J3Uj_tDAvne7kvjr-9vUp_Lsu-xI0fBCEEaRcEGe7q2S4GTvXJflUrV6oZRhOGrHZN7rrkljlIE-CFQiwnUhjG4lcN1rPQQtROkfei3gv0t7UYEK-43yfduvcmVXBNMEanNI8aAc6fDyUAq4lb_iB-LZswYYe8YuPJDEMe6Jvds2_UCV4ZFjRKhYqSGuYkFTJF44R9LwX_JBZXvnuO34jd0s3apVp4E9jxI-vyTRpcN34BHbNMe-dkJKOPb34RSCCP_Jjn6x_mXnRuFMeuHdeonBD4bcqaknYTrNNva8XsNHkhhjiPBinG2Degsd5fYFMWpMEBa-7sO3x1DRHo0Vts4s_kIWTKhQqXEEY0zKUiSIg3EZ-X3IMfAJ5dNctQlpWlwHf9gCTticEZBQOQoO-rMaFHt00FEPXa7Ygy6SNyjI9Hozwo1I6o7UebEV4FKTEmEJqKjhT0I8z4PZRWZ7LiDXcRBLIGYrCeVGXQKYjl7NwN87TaD-9nBc3Ibv5nG93kNSxTsEYXdP_AMhvV27KN7H7IwmeyfTILrcuxITyVZme-dV3F9LV77wGP9VY6beEUlMA==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/S0Xb-tlDZ5MNuf_ksoZClQZ-c1P9g1Uei8cP0kbJX1TFX-CiCnp7U_CXRwOimDmO0QFqf_yVEukBfEjv5J3Uj_tDAvne7kvjr-9vUp_Lsu-xI0fBCEEaRcEGe7q2S4GTvXJflUrV6oZRhOGrHZN7rrkljlIE-CFQiwnUhjG4lcN1rPQQtROkfei3gv0t7UYEK-43yfduvcmVXBNMEanNI8aAc6fDyUAq4lb_iB-LZswYYe8YuPJDEMe6Jvds2_UCV4ZFjRKhYqSGuYkFTJF44R9LwX_JBZXvnuO34jd0s3apVp4E9jxI-vyTRpcN34BHbNMe-dkJKOPb34RSCCP_Jjn6x_mXnRuFMeuHdeonBD4bcqaknYTrNNva8XsNHkhhjiPBinG2Degsd5fYFMWpMEBa-7sO3x1DRHo0Vts4s_kIWTKhQqXEEY0zKUiSIg3EZ-X3IMfAJ5dNctQlpWlwHf9gCTticEZBQOQoO-rMaFHt00FEPXa7Ygy6SNyjI9Hozwo1I6o7UebEV4FKTEmEJqKjhT0I8z4PZRWZ7LiDXcRBLIGYrCeVGXQKYjl7NwN87TaD-9nBc3Ibv5nG93kNSxTsEYXdP_AMhvV27KN7H7IwmeyfTILrcuxITyVZme-dV3F9LV77wGP9VY6beEUlMA==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/S0Xb-tlDZ5MNuf_ksoZClQZ-c1P9g1Uei8cP0kbJX1TFX-CiCnp7U_CXRwOimDmO0QFqf_yVEukBfEjv5J3Uj_tDAvne7kvjr-9vUp_Lsu-xI0fBCEEaRcEGe7q2S4GTvXJflUrV6oZRhOGrHZN7rrkljlIE-CFQiwnUhjG4lcN1rPQQtROkfei3gv0t7UYEK-43yfduvcmVXBNMEanNI8aAc6fDyUAq4lb_iB-LZswYYe8YuPJDEMe6Jvds2_UCV4ZFjRKhYqSGuYkFTJF44R9LwX_JBZXvnuO34jd0s3apVp4E9jxI-vyTRpcN34BHbNMe-dkJKOPb34RSCCP_Jjn6x_mXnRuFMeuHdeonBD4bcqaknYTrNNva8XsNHkhhjiPBinG2Degsd5fYFMWpMEBa-7sO3x1DRHo0Vts4s_kIWTKhQqXEEY0zKUiSIg3EZ-X3IMfAJ5dNctQlpWlwHf9gCTticEZBQOQoO-rMaFHt00FEPXa7Ygy6SNyjI9Hozwo1I6o7UebEV4FKTEmEJqKjhT0I8z4PZRWZ7LiDXcRBLIGYrCeVGXQKYjl7NwN87TaD-9nBc3Ibv5nG93kNSxTsEYXdP_AMhvV27KN7H7IwmeyfTILrcuxITyVZme-dV3F9LV77wGP9VY6beEUlMA==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: OAID=0080557697c74763e0116994ce9252f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:25 GMT
content-type: image/gif
content-length: 43
x-trace-id: 8e33325be7d6f51a490958abd50f1efc
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg | 104.22.33.172 | 200 OK | 22 kB |
URL GET HTTP/2offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg IP104.22.33.172:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash338d4afc932e0e88547350014503e81f cad58c0262942799b278e63707d3ae00eca58a9d 73a161b3d4ac180c2cf041f98043306bc9441c87bf33893d6aa4c6b030253607
GET /www/images/338d4afc932e0e88547350014503e81f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:25 GMT
content-type: image/jpeg
content-length: 21899
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65fcad07-558b"
expires: Tue, 07 May 2024 20:07:05 GMT
last-modified: Thu, 21 Mar 2024 21:56:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 75980
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d72fcced8f60-CPH
X-Firefox-Spdy: h2
|
|
| cameesse.net/11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2cameesse.net/11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: scm=1; OAID=0080557697c74763e0116994ce9252f8; oaidts=1715101997
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:37 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 08bd0c61b3c10a0e8333c0e88ffb4697
access-control-expose-headers: X-Sc
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:37 GMT; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:37 GMT; secure; SameSite=None
oaidvc=1; expires=Wed, 07 May 2025 17:13:37 GMT; secure; SameSite=None
CNT=1_v1_o4fwAAEAAACKTQAA; expires=Tue, 07 May 2024 18:13:37 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/tag.min.js?z=5968117 | 139.45.197.250 | 200 OK | 15 kB |
URL GET HTTP/2moonoafy.net/pfe/current/tag.min.js?z=5968117 IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (14612), with no line terminators Hashffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/tag.min.js?z=5968117 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a | 139.45.197.242 | 200 OK | 413 kB |
URL GET HTTP/2cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typeJavaScript source, ASCII text, with very long lines (65523) Size413 kB (413423 bytes) Hash297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: scm=1; OAID=0400553d16b04f60fabf67e2460e820f; oaidts=1715101997
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 675b6052a34b06869c47f6ba157f45fd
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.nbfcs.org/ | 95.211.219.66 | 200 OK | 475 B |
IP95.211.219.66:443 ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectnbfcs.org FingerprintE3:83:6F:69:48:41:C8:15:8B:C9:60:80:00:84:9A:A7:01:18:85:36 ValidityFri, 05 Apr 2024 04:35:50 GMT - Thu, 04 Jul 2024 04:35:49 GMT
File typeHTML document, ASCII text, with very long lines (475), with no line terminators Hash77b08b7a926a16d41a3a026ecb79acfb eaf89b19258309eb248a2846bb5fd0bcbedc93fd 99719c4c55b1af6b579f4df72b16621824cdb9b17cf62de8f6fb2bd59d873da6
GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 475
content-type: text/html; charset=utf-8
date: Tue, 07 May 2024 17:13:16 GMT
server: Cowboy
set-cookie: sid=18e02615-0c95-11ef-906f-b2d3a883050c; path=/; domain=.nbfcs.org; expires=Sun, 25 May 2092 20:27:24 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/universal.min.js?v=3.1.504 | 139.45.197.250 | 200 OK | 90 kB |
URL GET HTTP/2moonoafy.net/pfe/current/universal.min.js?v=3.1.504 IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-15efa"
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| s6.dosya.tc/sw.js | 157.90.180.51 | 404 Not Found | 3.6 kB |
IP157.90.180.51:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (3863), with no line terminators Hash43af7efee1858d11c3f35cf505320aca 19616e842f70ed336210005b8ce03360141930ff 76aec251829567ddde047ee676220ec016bbfec8b1c74f93bc70608f83d63ab4
GET /sw.js HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
DNT: 1
Connection: keep-alive
Cookie: prefetchAd_5968118=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 17:13:17 GMT
Server: Apache
Keep-Alive: timeout=5, max=147
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| moonoafy.net/pfe/current/defaultSkin.min.js | 139.45.197.250 | 200 OK | 57 kB |
URL GET HTTP/2moonoafy.net/pfe/current/defaultSkin.min.js IP139.45.197.250:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-df63"
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| gishejuy.com/400/5968115 | 139.45.197.242 | 200 OK | 84 kB |
IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash636075d41d928696e8bdbcab2569f7c1 442ee02ff7d7a1ceb3a7845165f9b0f14f643137 9ce9dd564d544d9e6fab0e9dbb570da87c753c9cac36f19bb947b6a8938e3309
GET /400/5968115 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
x-trace-id: 6e04cbbf0c008ae2fb3845e638ff0a8a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03005520da284117e2a5ca059bab4e55; expires=Wed, 07 May 2025 17:13:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| inklinkor.com/tag.min.js | 172.67.211.29 | 200 OK | 90 kB |
IP172.67.211.29:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerGoogle Trust Services LLC Subjectinklinkor.com Fingerprint28:84:D7:8F:63:D7:99:15:D5:E8:2C:F5:74:62:0D:94:C1:0A:EF:95 ValidityWed, 17 Apr 2024 17:58:45 GMT - Tue, 16 Jul 2024 17:58:44 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashadb1154d25ea3c93d9fd4f621fc6683e 8c4aedc566b2d788823febd93692d84d511cc538 fbac7039a741589bf52c73a346760ee23c8a3c72f474a29a1dfd1496aa9effe3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:16 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 9fc06f17ff0657c7c7a9c897a7ca2cca
cache-control: max-age=86400
last-modified: Tue, 07 May 2024 03:12:07 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 08 May 2024 17:11:42 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 94
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gKZ2RJgSudXo4GFJ65E6ytFDm23rqxOiQT%2FdEMTF8d6POHuXNzZkDIMydlS1lrat0Wyf72%2FIz6ESHxmkcfT9Y8nyGapqFL8S%2BmK3zxxquAE5G%2BWghJ%2B03WwtzM%2F5QNBs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d6f6bdc256b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cameesse.net/1?z=5968116 | 139.45.197.242 | 200 OK | 43 kB |
IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typeJavaScript source, ASCII text, with very long lines (42427) Hashd2bbf4145ad93d8826843ce1b09a7bf5 d24b15e3df2c2efe78e3162b74ea6d76f631c066 b4556636760bbeaec2b119912f5d9880e57e77e9731710df0a015b3794e3aad8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1?z=5968116 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 182d51f24a2f61f5118567620995bb09
access-control-expose-headers: X-Sc
x-sc: f91VC9gOYncFTcrG1nAT56dR5QEyVJaUq4tx9A5-JN28MVFBZwzJ5MYvOsCGggdyVCEOwDoDJ0ieJ4G6qOWXosYAqAw=
set-cookie: scm=1; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
OAID=0400553d16b04f60fabf67e2460e820f; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| wigrooglie.net/5/5968118/?oo=1&js_build=iclick-v1.788.10-auto | 139.45.197.242 | 200 OK | 3.0 kB |
URL GET HTTP/2wigrooglie.net/5/5968118/?oo=1&js_build=iclick-v1.788.10-auto IP139.45.197.242:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectwigrooglie.net FingerprintEF:4A:44:83:A9:78:0C:8F:85:B1:B3:3B:F0:A8:79:7A:1C:FE:39:3F ValidityTue, 07 May 2024 00:49:13 GMT - Mon, 05 Aug 2024 00:49:12 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3213), with no line terminators Hash3dbe6fa8a49cd3bb056efb593b01cdf8 d343394bc0e3fc790dfc01d4a170903b41b7be5f b34f137253bc61e43d8f9949c6133fc02f9d8c1ecb57205e2128e198a040c951
GET /5/5968118/?oo=1&js_build=iclick-v1.788.10-auto HTTP/1.1
Host: wigrooglie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:16 GMT
content-type: application/json
x-trace-id: 06476ab66f4fb8b998a920b41f968661
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:16 GMT; path=/; secure; SameSite=None
oaidts=1715101996; expires=Wed, 07 May 2025 17:13:16 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?pub=0&userId=24fdf96d519440d2bfc6c5a93f55eca7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?pub=0&userId=24fdf96d519440d2bfc6c5a93f55eca7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher IP139.45.195.8:443
Requested byhttps://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash2bf94f64a665a9e93bb53303d776cf6a 93450ef6dc9ac058d1dc06db09452face3acfdfe 34b7307f75fd489901e74d5f136b7387b931384585b6a19a9ddcfc4000e2063b
GET /gid.js?pub=0&userId=24fdf96d519440d2bfc6c5a93f55eca7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: ID=0080557697c74763e0116994ce9252f8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|