Report - s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe

Report Overview

Submitted URL
s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
IP
157.90.180.51
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-07 17:13:44
Access
public
Website Title
404. dosyasını indir - download
Final URL
s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
44

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-06	1.0 kB	1.5 kB	139.45.195.8
gishejuy.com	unknown	2023-10-25	2023-10-25	2024-05-04	6.6 kB	98 kB	139.45.197.242
cameesse.net	unknown	2023-10-18	2023-10-18	2024-05-02	7.0 kB	465 kB	139.45.197.242
offerimage.com	304078	2019-06-10	2019-06-10	2024-05-02	1.8 kB	80 kB	104.22.33.172
wigrooglie.net	unknown	unknown	No data	No data	1.7 kB	7.6 kB	139.45.197.242
tzegilo.com	unknown	2022-01-14	2022-01-14	2024-05-02	392 B	12 kB	172.67.193.52
moonoafy.net	unknown	2024-01-09	2024-01-09	2024-04-30	4.8 kB	168 kB	139.45.197.250
fleraprt.com	unknown	2022-01-14	2022-01-14	2024-05-06	561 B	479 B	139.45.195.254
www.nbfcs.org	unknown	2022-11-16	2022-11-17	2024-04-27	1.8 kB	2.3 kB	95.211.219.66
s6.dosya.tc	unknown	2008-08-26	2015-07-17	2019-12-03	6.9 kB	305 kB	157.90.180.51
www.dosya.tc	unknown	2008-08-26	2012-05-20	2024-03-09	422 B	7.5 kB	88.99.254.43
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-06	2.0 kB	2.2 kB	139.45.197.250
inklinkor.com	unknown	2022-04-01	2022-04-01	2024-05-02	396 B	91 kB	172.67.211.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	amunfezanttor.com	Sinkholed
2024-05-07	medium	amunfezanttor.com	Sinkholed
2024-05-07	medium	cameesse.net	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	cameesse.net	Sinkholed
2024-05-07	medium	cameesse.net	Sinkholed
2024-05-07	medium	cameesse.net	Sinkholed
2024-05-07	medium	amunfezanttor.com	Sinkholed
2024-05-07	medium	amunfezanttor.com	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	cameesse.net	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	cameesse.net	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	moonoafy.net	Sinkholed
2024-05-07	medium	inklinkor.com	Sinkholed
2024-05-07	medium	cameesse.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe	0 B	2023-03-07	2024-05-29
Pretty URL s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe IP 157.90.180.51 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-29 06:10:41 Times Seen38456604 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-29
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-29 06:08:59 Times Seen356918 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	moonoafy.net/pfe/current/tag.min.js?z=5968117	15 kB	2024-04-25	2024-05-14
Pretty URL moonoafy.net/pfe/current/tag.min.js?z=5968117 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen215 Hash ffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c Loading...

	unknown	26 kB	2023-03-07	2024-05-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:51 Last Seen2024-05-28 18:28:40 Times Seen2180 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	s6.dosya.tc/server19/4kgcpb/sandbox%20eval%20code	147 B	2023-04-11	2024-05-29
Pretty URL s6.dosya.tc/server19/4kgcpb/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-29 06:09:45 Times Seen357455 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	gishejuy.com/400/5968115	84 kB	2024-05-07	2024-05-07
Pretty URL gishejuy.com/400/5968115 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 19:13:52 Last Seen2024-05-07 19:13:53 Times Seen2 Hash 636075d41d928696e8bdbcab2569f7c1 442ee02ff7d7a1ceb3a7845165f9b0f14f643137 9ce9dd564d544d9e6fab0e9dbb570da87c753c9cac36f19bb947b6a8938e3309 Loading...

	unknown	90 kB	2024-04-25	2024-05-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen281 Hash 4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00 Loading...

	s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe	193 B	2023-05-23	2024-05-27
Pretty URL s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe IP 157.90.180.51 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-23 06:11:34 Last Seen2024-05-27 23:36:04 Times Seen200 Hash 419c962e4b8f01eb7a6db59d9a65c48d ad669179732f2927db555591451336a38761182b 06c42bac1c163ea85720571f261d3e13b367e30ff3fdc4dc426062cb387bd4a9 Loading...

	inklinkor.com/tag.min.js	90 kB	2024-05-07	2024-05-08
Pretty URL inklinkor.com/tag.min.js IP 172.67.211.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:18:20 Last Seen2024-05-08 13:13:48 Times Seen53 Hash adb1154d25ea3c93d9fd4f621fc6683e 8c4aedc566b2d788823febd93692d84d511cc538 fbac7039a741589bf52c73a346760ee23c8a3c72f474a29a1dfd1496aa9effe3 Loading...

	cameesse.net/1?z=5968116	43 kB	2024-05-07	2024-05-07
Pretty URL cameesse.net/1?z=5968116 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 19:13:52 Last Seen2024-05-07 19:13:53 Times Seen2 Hash d2bbf4145ad93d8826843ce1b09a7bf5 d24b15e3df2c2efe78e3162b74ea6d76f631c066 b4556636760bbeaec2b119912f5d9880e57e77e9731710df0a015b3794e3aad8 Loading...

	tzegilo.com/stattag.js	19 kB	2024-02-10	2024-05-29
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 03:00:18 Last Seen2024-05-29 04:39:36 Times Seen2188 Hash 70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f Loading...

	cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a	413 kB	2024-04-11	2024-05-29
Pretty URL cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 13:26:00 Last Seen2024-05-29 04:28:11 Times Seen416 Hash 297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7 Loading...

		Size	First Seen	Last Seen
	#1 Write - fec7003374f916ae492169fac2f15591	51 kB	2023-03-14	2024-05-07
Pretty Observations First Seen2023-03-14 10:40:29 Last Seen2024-05-07 19:13:52 Times Seen58 Hash fec7003374f916ae492169fac2f15591 073fed4fff53b9cf7d90608e1c2e18ed6b647503 d564ed039d207188ea5936853a839f47202aa9c372b93d707074bea818b47544 Loading...

HTTP Transactions (58)

URL IP Response Size

s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe

157.90.180.51

302 Found

3.6 kB

URL User Request GET HTTP/1.1
s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
IP
157.90.180.51:80
ASN
#24940 Hetzner Online GmbH

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3600 bytes)
Hash
ddc6bd519467a693a2825f551ab2d6db
6d5f202f527bed2867fc0d27866f8b58b81f7d5d
647d6f93c1985318be79a6acfbbc8df0689a0dd128826c605ac69cb14c736dee

HTTP Headers

GET /server19/4kgcpb/dusk.exe.html','dusk.exe HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 17:13:15 GMT
Server: Apache
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe

157.90.180.51

302 Found

244 B

URL User Request GET HTTP/1.1
s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
IP
157.90.180.51:80
ASN
#24940 Hetzner Online GmbH

File type
HTML document, ASCII text
Size
244 B (244 bytes)
Hash
a08137a8ae98840dc444c43eb684bab8
10aacc82d6f04c120e079e6da118a3bb0dd5640c
d1bb190d7e49264c6adfaa723b0c772ad33bc5df1a924259998ac676bd7aec2c

HTTP Headers

GET /server19/4kgcpb/dusk.exe.html','dusk.exe HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Location: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Content-Length: 244
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe

157.90.180.51

302 Found

3.6 kB

URL User Request GET HTTP/1.1
s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
IP
157.90.180.51:80
ASN
#24940 Hetzner Online GmbH

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3600 bytes)
Hash
ddc6bd519467a693a2825f551ab2d6db
6d5f202f527bed2867fc0d27866f8b58b81f7d5d
647d6f93c1985318be79a6acfbbc8df0689a0dd128826c605ac69cb14c736dee

HTTP Headers

GET /server19/4kgcpb/dusk.exe.html','dusk.exe HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Keep-Alive: timeout=5, max=149
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

s6.dosya.tc/style/style.css

157.90.180.51

200 OK

15 kB

URL GET HTTP/1.1
s6.dosya.tc/style/style.css
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
assembler source, ASCII text
Size
15 kB (14629 bytes)
Hash
e36585a9f4a781f9445425224c85e695
4a34bb8474bd8d15a5313a157ca72bf8552910cc
2b8c3599f9d693fc1422d4ad7c8fe6b9fbb2ade6b19a89c55e0d94f02252410a

HTTP Headers

GET /style/style.css HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:49 GMT
Accept-Ranges: bytes
Content-Length: 14629
Keep-Alive: timeout=5, max=148
Connection: Keep-Alive
Content-Type: text/css

s6.dosya.tc/style/bootstrap.css

157.90.180.51

200 OK

142 kB

URL GET HTTP/1.1
s6.dosya.tc/style/bootstrap.css
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
ASCII text, with very long lines (540)
Size
142 kB (141622 bytes)
Hash
2183d05f5a0a9a3b2e8cb0509ca363e3
f2183455571b19311a235bd5aa204e694ade8e94
c942686010e285633d77a24341c43850ccd6162fcc7e8281ae8a70c2921a9af5

HTTP Headers

GET /style/bootstrap.css HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:48 GMT
Accept-Ranges: bytes
Content-Length: 141622
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/css

s6.dosya.tc/images/footer-icon1.png

157.90.180.51

200 OK

582 B

URL GET HTTP/1.1
s6.dosya.tc/images/footer-icon1.png
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
582 B (582 bytes)
Hash
e62d200d08f565563cc9b713729bbaa6
3a130f79117f2aaa91154eb56a22b47de8c06a50
101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3

HTTP Headers

GET /images/footer-icon1.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:37 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: image/png

s6.dosya.tc/images/uye-girisi.png

157.90.180.51

200 OK

3.0 kB

URL GET HTTP/1.1
s6.dosya.tc/images/uye-girisi.png
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 140 x 51, 8-bit/color RGB, non-interlaced
Size
3.0 kB (2979 bytes)
Hash
6925e8f5c208aae4dd55cadd1340f180
a03365e7fb59c9588b3b7963e18c0b3e5d4cb369
6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d

HTTP Headers

GET /images/uye-girisi.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:41 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: image/png

s6.dosya.tc/images/footer-icon2.png

157.90.180.51

200 OK

850 B

URL GET HTTP/1.1
s6.dosya.tc/images/footer-icon2.png
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
850 B (850 bytes)
Hash
51a472b4a51ea9245ee6f4386f07818f
a19e86c411dc6da3592d1f90e89ddf68df1fee3c
eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750

HTTP Headers

GET /images/footer-icon2.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:37 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=147
Connection: Keep-Alive
Content-Type: image/png

s6.dosya.tc/images/logo.png

157.90.180.51

200 OK

7.2 kB

URL GET HTTP/1.1
s6.dosya.tc/images/logo.png
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 191 x 53, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7157 bytes)
Hash
2a193802d40b18cd55b0d159571bf63c
1a4e4bdf88317471241d9e5ee29d9572be3f37e3
77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:40 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: image/png

s6.dosya.tc/images/footer-icon3.png

157.90.180.51

200 OK

1.7 kB

URL GET HTTP/1.1
s6.dosya.tc/images/footer-icon3.png
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
1.7 kB (1702 bytes)
Hash
3a61d85a6bb0a45429b1e4b7d945aa95
6fcdf44c20d1ed269303583e16a98e245fa7b69b
c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732

HTTP Headers

GET /images/footer-icon3.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:38 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: image/png

s6.dosya.tc/images/background.webp

157.90.180.51

200 OK

113 kB

URL GET HTTP/1.1
s6.dosya.tc/images/background.webp
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1050, Scaling: [none]x[none], YUV color, decoders should clamp
Size
113 kB (112776 bytes)
Hash
2b08bddebb64127b30bc913f73cdab61
f8911fd91f0302e88e7fe6e089ba20af32269b79
0804b26a6993fc6ee8e977f77aa9ce5ddf9c4fe69773b296cc292ee7b2a5ac1b

HTTP Headers

GET /images/background.webp HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:35 GMT
Accept-Ranges: bytes
Content-Length: 112776
Keep-Alive: timeout=5, max=149
Connection: Keep-Alive
Content-Type: image/webp

s6.dosya.tc/images/menu-ayrac.png

157.90.180.51

200 OK

125 B

URL GET HTTP/1.1
s6.dosya.tc/images/menu-ayrac.png
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 2 x 52, 8-bit/color RGB, non-interlaced
Size
125 B (125 bytes)
Hash
35a0591c63feeb75e3e547e894ff6e2d
7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c
9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced

HTTP Headers

GET /images/menu-ayrac.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:40 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=146
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/download.gif

88.99.254.43

200 OK

7.2 kB

URL GET HTTP/1.1
www.dosya.tc/images/download.gif
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
GIF image data, version 89a, 300 x 86
Size
7.2 kB (7229 bytes)
Hash
a9a5324512e43e463fe0a00118ad0c37
5375ae6855a34619ce428da5f835fc9d9ce06124
7964b17bc443c3bcf422211a690ac4bc62ad981d77d5c0b6bdddc982b8615a25

HTTP Headers

GET /images/download.gif HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:05 GMT
Accept-Ranges: bytes
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

s6.dosya.tc/apple-touch-icon.png

157.90.180.51

200 OK

6.6 kB

URL GET HTTP/1.1
s6.dosya.tc/apple-touch-icon.png
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
Size
6.6 kB (6556 bytes)
Hash
bfd9b50e03f63b25c253a5d6fa5c5ef4
b4c68746da8a1da96b57d37990bfbfb0f716c14b
ca0f27136956761254299ac92d78aecca2c21841760c56904d894eb13ea0237f

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:13 GMT
Accept-Ranges: bytes
Content-Length: 6556
Keep-Alive: timeout=5, max=148
Connection: Keep-Alive
Content-Type: image/png

s6.dosya.tc/favicon-16x16.png

157.90.180.51

200 OK

1.6 kB

URL GET HTTP/1.1
s6.dosya.tc/favicon-16x16.png
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.6 kB (1594 bytes)
Hash
05c5d89a72c5dc5e863e151cc5fa9b68
df5a0242031f54494fe0bf1b2d7290cd5e864a15
cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 17:13:16 GMT
Server: Apache
Last-Modified: Thu, 25 Mar 2021 15:06:18 GMT
Accept-Ranges: bytes
Content-Length: 1594
Keep-Alive: timeout=5, max=145
Connection: Keep-Alive
Content-Type: image/png

my.rtmark.net/gid.js?userId=0080557697c74763e0116994ce9252f8

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080557697c74763e0116994ce9252f8
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
1ef7c98dd0494a8834542729216d7d91
fae5957d9b86d0c32ca8c56d197da297590175bc
fbab396953596a5e435e48e8bbe05abbeaaa70d65b93715e477f41476e7ea446

HTTP Headers

GET /gid.js?userId=0080557697c74763e0116994ce9252f8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=s6.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.250

200 OK

880 B

URL GET HTTP/2
moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=s6.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
880 B (880 bytes)
Hash
643900499a3362d34db22f9725b991b6
d8a390b412d75fb3c2beaea48f9bee4058718284
1a51cbcaf3fcc1a8f4d47d7af4f28f697e029099167745a1a9d9ee5796275b1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zone?pub=0&zone_id=5968117&is_mobile=false&domain=s6.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 419107d6ae12efe43554b5aa52671234
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

wigrooglie.net/?rb=NPJAJNCv7TeQZYTzdthF6Hi3LmhTespI9IfRqrl0imRVY96TujJIRU_JMztn90CzW639RzEvz9LksjV0ExtIDUjzR9S0kfU1OXLFq9CHgW4QUP6cyIDtTS_PwszJ-KRXFWC4g_E0_2mbHb4LeLFtcEfQAdAEKmg_eeShF3LYlLf7C8_qWh5pk5alCGUptwF8GcAi8hfwT8kkxcUjZmHsEkKNgXPd8uvTjOdKzRNvXxc5jI8PMad1tSoWYhDLqK4I-_yNxA%3D%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=0f1ff657-06c3-4b97-a76a-5fcb05d57d12&wasm=1&userId=0080557697c74763e0116994ce9252f8&m=link

139.45.197.242

200 OK

2.2 kB

URL GET HTTP/2
wigrooglie.net/?rb=NPJAJNCv7TeQZYTzdthF6Hi3LmhTespI9IfRqrl0imRVY96TujJIRU_JMztn90CzW639RzEvz9LksjV0ExtIDUjzR9S0kfU1OXLFq9CHgW4QUP6cyIDtTS_PwszJ-KRXFWC4g_E0_2mbHb4LeLFtcEfQAdAEKmg_eeShF3LYlLf7C8_qWh5pk5alCGUptwF8GcAi8hfwT8kkxcUjZmHsEkKNgXPd8uvTjOdKzRNvXxc5jI8PMad1tSoWYhDLqK4I-_yNxA%3D%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=0f1ff657-06c3-4b97-a76a-5fcb05d57d12&wasm=1&userId=0080557697c74763e0116994ce9252f8&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectwigrooglie.net
FingerprintEF:4A:44:83:A9:78:0C:8F:85:B1:B3:3B:F0:A8:79:7A:1C:FE:39:3F
ValidityTue, 07 May 2024 00:49:13 GMT - Mon, 05 Aug 2024 00:49:12 GMT

File type
JSON text data
Size
2.2 kB (2170 bytes)
Hash
9e8c1f57a0cf4c32700ed71895beaf05
f41a17a9ba597a05880f4a4147db7c05985132f1
4641f361e475eaa59f64fcb0217baf7cb6418ca3550c7e511d16cad3e4abda53

HTTP Headers

GET /?rb=NPJAJNCv7TeQZYTzdthF6Hi3LmhTespI9IfRqrl0imRVY96TujJIRU_JMztn90CzW639RzEvz9LksjV0ExtIDUjzR9S0kfU1OXLFq9CHgW4QUP6cyIDtTS_PwszJ-KRXFWC4g_E0_2mbHb4LeLFtcEfQAdAEKmg_eeShF3LYlLf7C8_qWh5pk5alCGUptwF8GcAi8hfwT8kkxcUjZmHsEkKNgXPd8uvTjOdKzRNvXxc5jI8PMad1tSoWYhDLqK4I-_yNxA%3D%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.788.10-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.10-auto&navlng=en-US&pnt=0&pnrc=0&bs=0f1ff657-06c3-4b97-a76a-5fcb05d57d12&wasm=1&userId=0080557697c74763e0116994ce9252f8&m=link HTTP/1.1
Host: wigrooglie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: OAID=0080557697c74763e0116994ce9252f8; oaidts=1715101996
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json
x-trace-id: 079033fa9075d8bdcb566f3ad04fad71
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; path=/; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:17 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 14 May 2024 17:13:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 399
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b0161040495d7813966d717e7d8ea56e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 777
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2b8f74b63cfdf37ea684e9d0d04daca9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.67.193.52

200 OK

11 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18486)
Size
11 kB (11039 bytes)
Hash
70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hf8klz9V%2BoKoB9hr%2F3fBdfwptgiZbtWCBaCoKuRILlaMo8h34geEM5Fu9Z2ssiL5iveLety%2FfoZoZt8%2FW0sfg4KQTdFg%2FkZI3LmK7HZ0smXn2XAunEtZ4skiiXNBFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d6fa9f4756af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
0aabdc4dedd57234ece2ed2770a21f11
3d6500ac52832bdb66f9ae5b108ec5036fc0884c
5146db9d76a8fb0ef60cab8253381cd96bb9aa0ab4fb721cd03b9af8793e0132

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 536
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=7cb444a2-64d5-4401-913a-55f520a67207

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=7cb444a2-64d5-4401-913a-55f520a67207
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=7cb444a2-64d5-4401-913a-55f520a67207 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1419
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 07 May 2024 17:13:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://s6.dosya.tc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

gishejuy.com/500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8

139.45.197.242

204 No Content

0 B

URL OPTIONS HTTP/2
cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

moonoafy.net/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
moonoafy.net/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
moonoafy.net/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
138382da0ba78d28e8591105a4f79dca
3418f760f2e979b0fc86bef874781ebb37ed7304
cca918c817d3ee95e925883251867b30e9894ce87559bee1f8343b48d8f766f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 1769
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

139.45.197.242

204 No Content

2.6 kB

URL OPTIONS HTTP/2
cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
gzip compressed data, max speed, from Unix
Size
2.6 kB (2649 bytes)
Hash
8f153f11e0ed5eff9a0fe75c42a70e69
6a13701184dead4d3f89400ebff18dd31109839c
5bc5c65d0054e26b71838ef35c172b472ab2fe4420370f34c09e25db2e52fe31

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080557697c74763e0116994ce9252f8 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 339
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: scm=1; OAID=0400553d16b04f60fabf67e2460e820f; oaidts=1715101997
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: a4c3cb794ca57d00c58ea3d859a22fce
access-control-expose-headers: X-Sc
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=123

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=123
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=123 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: scm=1; OAID=0080557697c74763e0116994ce9252f8; oaidts=1715101997
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 25b692163bcf8b7490fb5b88c185431f
access-control-expose-headers: X-Sc
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

cameesse.net/121?rnd=3434946356&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D811759219138105345&cln={CELL_NUMBER}&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&bag=BpkLYNc2x3bCskOrltfaldZAzkyhetQ6&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345

139.45.197.242

302 Found

0 B

URL GET HTTP/2
cameesse.net/121?rnd=3434946356&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D811759219138105345&cln={CELL_NUMBER}&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&bag=BpkLYNc2x3bCskOrltfaldZAzkyhetQ6&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /121?rnd=3434946356&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D811759219138105345&cln={CELL_NUMBER}&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&bag=BpkLYNc2x3bCskOrltfaldZAzkyhetQ6&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=0080557697c74763e0116994ce9252f8; oaidts=1715101997
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-length: 0
location: https://www.nbfcs.org/#signUp=811759219138105345
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: d64143b2cd16f166c348bf9dc384f6e0
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
b34cda6b583b818e5911cdc34df44c79
1622a1075d75ad62a27ac7ca4c27c89307e39d40
cebb65778cfd41a0ca8695e1b20c14f88674b6fa7a7e9e18425a832119c2e19c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 536
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.33.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:17 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Tue, 07 May 2024 20:07:29 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 75948
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d6fddda18f60-CPH
X-Firefox-Spdy: h2

139.45.197.242

200 OK

1.3 kB

URL OPTIONS HTTP/2
gishejuy.com/500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
JSON text data
Size
1.3 kB (1304 bytes)
Hash
83f64e3fe40ddf9f4c90a85987a653be
7626c251d678755dd7a4bf284c65e0e6ded0cfed
2ab78704d3378784e5d5311e1b1a38b9b9e1d8ac80cb34d972394733260239bd

HTTP Headers

GET /500/5968115?excludes=&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: OAID=03005520da284117e2a5ca059bab4e55
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
x-trace-id: 678f2177e935506ebc89c9340e9a574c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://s6.dosya.tc
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Content-Type: application/json
Content-Length: 396
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0e8bdada9234ef8578746e9ce9d1077e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.nbfcs.org/

95.211.219.66

475 B

URL
www.nbfcs.org/
IP
95.211.219.66:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text, with very long lines (475), with no line terminators
Size
475 B (475 bytes)
Hash
77b08b7a926a16d41a3a026ecb79acfb
eaf89b19258309eb248a2846bb5fd0bcbedc93fd
99719c4c55b1af6b579f4df72b16621824cdb9b17cf62de8f6fb2bd59d873da6

HTTP Headers

GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 475
content-type: text/html; charset=utf-8
date: Tue, 07 May 2024 17:13:16 GMT
server: Cowboy
set-cookie: sid=18e02615-0c95-11ef-906f-b2d3a883050c; path=/; domain=.nbfcs.org; expires=Sun, 25 May 2092 20:27:24 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

www.nbfcs.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNTEwOTE5NywiaWF0IjoxNzE1MTAxOTk3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjZrOGJncDRldHB0dmNqNm8wNm5tb2YiLCJuYmYiOjE3MTUxMDE5OTcsInRzIjoxNzE1MTAxOTk3ODc4OTMxfQ.hUVI9JUunEmwjO4UoprSburdsheCqxe4zF6-kWHf4xs&sid=18e02615-0c95-11ef-906f-b2d3a883050c

95.211.219.66

302 Found

11 B

URL GET HTTP/2
www.nbfcs.org/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNTEwOTE5NywiaWF0IjoxNzE1MTAxOTk3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjZrOGJncDRldHB0dmNqNm8wNm5tb2YiLCJuYmYiOjE3MTUxMDE5OTcsInRzIjoxNzE1MTAxOTk3ODc4OTMxfQ.hUVI9JUunEmwjO4UoprSburdsheCqxe4zF6-kWHf4xs&sid=18e02615-0c95-11ef-906f-b2d3a883050c
IP
95.211.219.66:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectnbfcs.org
FingerprintE3:83:6F:69:48:41:C8:15:8B:C9:60:80:00:84:9A:A7:01:18:85:36
ValidityFri, 05 Apr 2024 04:35:50 GMT - Thu, 04 Jul 2024 04:35:49 GMT

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNTEwOTE5NywiaWF0IjoxNzE1MTAxOTk3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjZrOGJncDRldHB0dmNqNm8wNm5tb2YiLCJuYmYiOjE3MTUxMDE5OTcsInRzIjoxNzE1MTAxOTk3ODc4OTMxfQ.hUVI9JUunEmwjO4UoprSburdsheCqxe4zF6-kWHf4xs&sid=18e02615-0c95-11ef-906f-b2d3a883050c HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.nbfcs.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Tue, 07 May 2024 17:13:17 GMT
location: http://ww1.nbfcs.org/?subid1=18e02615-0c95-11ef-906f-b2d3a883050c
server: Cowboy
set-cookie: sid=18e02615-0c95-11ef-906f-b2d3a883050c; path=/; domain=.nbfcs.org; expires=Sun, 25 May 2092 20:27:25 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

gishejuy.com/impression/8oBt6Y6kVNX5p35SzQoJWtZW8BU2dRNYryCgNoiwrDBVjGlSh2iOCdP7JpXLYuwv8-bjY_D8p5yP_lqJJjz1DQT6yqKjIz3KQliwSEjHj2W7NytZZ87vNg_bh7QvblaBN7KkljicbEVCy-7LXI-RqBLgt8pT9_AqQrcf7Wl44MwPwzz5urgRHZ47aM6MXzM1RBygpFC3PLkyfdWG_A6csaN8nzXNIFFlp9pVn_yyvy7aYeKbDei0vTGrx5lcFX8GyS-0Yjf_IwuebXrWLRNIrJsCbDjqCl0820iCEGbk8DOk8v1OUs6IjO-izL0k_fjknnQsK7ZfALQ-Y7D7Jl2YFEst83s_4tREDuU3h8ca3OdH9FX1QrA5yFr5T-drOkZIYaGHK3cE7hGJbli-PlDudk62uaA6Lli6_mZC4CO5Gjj77hjDAll0w1UuBWkKIJQA6QIWJ5VBx8ejI1Bd5QsuyV7DXYuLu6kgk3dv9LhbURkw9fYrapyk7IcFBCtMHuf9PtTEkXSTcyM9d722m-BMXyZybssUNWjmI-2GKy9Ru-JMPZgLCJjZeU_LMqI9brQivreBEh6Dhuqn1hpcJphaHMebmSB69HmK1XXq2g8KkoOrhGpAPxAKXf0lca0Fb4Dc25_jRyykVITShu-wHtvEC1xRSU8bMRgMYkh5Xa6LPvxjLMn9hjeAeZ8KqYuT7shRzeEBYjwm_k0=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/8oBt6Y6kVNX5p35SzQoJWtZW8BU2dRNYryCgNoiwrDBVjGlSh2iOCdP7JpXLYuwv8-bjY_D8p5yP_lqJJjz1DQT6yqKjIz3KQliwSEjHj2W7NytZZ87vNg_bh7QvblaBN7KkljicbEVCy-7LXI-RqBLgt8pT9_AqQrcf7Wl44MwPwzz5urgRHZ47aM6MXzM1RBygpFC3PLkyfdWG_A6csaN8nzXNIFFlp9pVn_yyvy7aYeKbDei0vTGrx5lcFX8GyS-0Yjf_IwuebXrWLRNIrJsCbDjqCl0820iCEGbk8DOk8v1OUs6IjO-izL0k_fjknnQsK7ZfALQ-Y7D7Jl2YFEst83s_4tREDuU3h8ca3OdH9FX1QrA5yFr5T-drOkZIYaGHK3cE7hGJbli-PlDudk62uaA6Lli6_mZC4CO5Gjj77hjDAll0w1UuBWkKIJQA6QIWJ5VBx8ejI1Bd5QsuyV7DXYuLu6kgk3dv9LhbURkw9fYrapyk7IcFBCtMHuf9PtTEkXSTcyM9d722m-BMXyZybssUNWjmI-2GKy9Ru-JMPZgLCJjZeU_LMqI9brQivreBEh6Dhuqn1hpcJphaHMebmSB69HmK1XXq2g8KkoOrhGpAPxAKXf0lca0Fb4Dc25_jRyykVITShu-wHtvEC1xRSU8bMRgMYkh5Xa6LPvxjLMn9hjeAeZ8KqYuT7shRzeEBYjwm_k0=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/8oBt6Y6kVNX5p35SzQoJWtZW8BU2dRNYryCgNoiwrDBVjGlSh2iOCdP7JpXLYuwv8-bjY_D8p5yP_lqJJjz1DQT6yqKjIz3KQliwSEjHj2W7NytZZ87vNg_bh7QvblaBN7KkljicbEVCy-7LXI-RqBLgt8pT9_AqQrcf7Wl44MwPwzz5urgRHZ47aM6MXzM1RBygpFC3PLkyfdWG_A6csaN8nzXNIFFlp9pVn_yyvy7aYeKbDei0vTGrx5lcFX8GyS-0Yjf_IwuebXrWLRNIrJsCbDjqCl0820iCEGbk8DOk8v1OUs6IjO-izL0k_fjknnQsK7ZfALQ-Y7D7Jl2YFEst83s_4tREDuU3h8ca3OdH9FX1QrA5yFr5T-drOkZIYaGHK3cE7hGJbli-PlDudk62uaA6Lli6_mZC4CO5Gjj77hjDAll0w1UuBWkKIJQA6QIWJ5VBx8ejI1Bd5QsuyV7DXYuLu6kgk3dv9LhbURkw9fYrapyk7IcFBCtMHuf9PtTEkXSTcyM9d722m-BMXyZybssUNWjmI-2GKy9Ru-JMPZgLCJjZeU_LMqI9brQivreBEh6Dhuqn1hpcJphaHMebmSB69HmK1XXq2g8KkoOrhGpAPxAKXf0lca0Fb4Dc25_jRyykVITShu-wHtvEC1xRSU8bMRgMYkh5Xa6LPvxjLMn9hjeAeZ8KqYuT7shRzeEBYjwm_k0=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: OAID=0080557697c74763e0116994ce9252f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:22 GMT
content-type: image/gif
content-length: 43
x-trace-id: dbec01a2d0c9b275a84ad4f3c1b69a68
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

gishejuy.com/500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:22 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg

104.22.33.172

200 OK

22 kB

URL GET HTTP/2
offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
22 kB (21899 bytes)
Hash
338d4afc932e0e88547350014503e81f
cad58c0262942799b278e63707d3ae00eca58a9d
73a161b3d4ac180c2cf041f98043306bc9441c87bf33893d6aa4c6b030253607

HTTP Headers

GET /www/images/338d4afc932e0e88547350014503e81f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:22 GMT
content-type: image/jpeg
content-length: 21899
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65fcad07-558b"
expires: Tue, 07 May 2024 20:07:05 GMT
last-modified: Thu, 21 Mar 2024 21:56:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 75977
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d71c1b538f60-CPH
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.33.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:22 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Tue, 07 May 2024 20:07:29 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 75953
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d71d0cf08f60-CPH
X-Firefox-Spdy: h2

139.45.197.242

200 OK

7.0 kB

URL OPTIONS HTTP/2
gishejuy.com/500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.0 kB (7000 bytes)
Hash
c0c898457560cb720a0794b8250b5154
94ddd2a509153ad077ac03c61402825442771819
5e8efba9e4aa09e7e5a0bc4ba0e2a2d980085bea0b2b2efcae662bb915d8c977

HTTP Headers

GET /500/5968115?excludes=19845928&oaid=0080557697c74763e0116994ce9252f8&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: OAID=0080557697c74763e0116994ce9252f8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:22 GMT
content-type: application/javascript
x-trace-id: 0804440d82537c52c5922ecbb68b1902
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://s6.dosya.tc
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

gishejuy.com/impression/S0Xb-tlDZ5MNuf_ksoZClQZ-c1P9g1Uei8cP0kbJX1TFX-CiCnp7U_CXRwOimDmO0QFqf_yVEukBfEjv5J3Uj_tDAvne7kvjr-9vUp_Lsu-xI0fBCEEaRcEGe7q2S4GTvXJflUrV6oZRhOGrHZN7rrkljlIE-CFQiwnUhjG4lcN1rPQQtROkfei3gv0t7UYEK-43yfduvcmVXBNMEanNI8aAc6fDyUAq4lb_iB-LZswYYe8YuPJDEMe6Jvds2_UCV4ZFjRKhYqSGuYkFTJF44R9LwX_JBZXvnuO34jd0s3apVp4E9jxI-vyTRpcN34BHbNMe-dkJKOPb34RSCCP_Jjn6x_mXnRuFMeuHdeonBD4bcqaknYTrNNva8XsNHkhhjiPBinG2Degsd5fYFMWpMEBa-7sO3x1DRHo0Vts4s_kIWTKhQqXEEY0zKUiSIg3EZ-X3IMfAJ5dNctQlpWlwHf9gCTticEZBQOQoO-rMaFHt00FEPXa7Ygy6SNyjI9Hozwo1I6o7UebEV4FKTEmEJqKjhT0I8z4PZRWZ7LiDXcRBLIGYrCeVGXQKYjl7NwN87TaD-9nBc3Ibv5nG93kNSxTsEYXdP_AMhvV27KN7H7IwmeyfTILrcuxITyVZme-dV3F9LV77wGP9VY6beEUlMA==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/S0Xb-tlDZ5MNuf_ksoZClQZ-c1P9g1Uei8cP0kbJX1TFX-CiCnp7U_CXRwOimDmO0QFqf_yVEukBfEjv5J3Uj_tDAvne7kvjr-9vUp_Lsu-xI0fBCEEaRcEGe7q2S4GTvXJflUrV6oZRhOGrHZN7rrkljlIE-CFQiwnUhjG4lcN1rPQQtROkfei3gv0t7UYEK-43yfduvcmVXBNMEanNI8aAc6fDyUAq4lb_iB-LZswYYe8YuPJDEMe6Jvds2_UCV4ZFjRKhYqSGuYkFTJF44R9LwX_JBZXvnuO34jd0s3apVp4E9jxI-vyTRpcN34BHbNMe-dkJKOPb34RSCCP_Jjn6x_mXnRuFMeuHdeonBD4bcqaknYTrNNva8XsNHkhhjiPBinG2Degsd5fYFMWpMEBa-7sO3x1DRHo0Vts4s_kIWTKhQqXEEY0zKUiSIg3EZ-X3IMfAJ5dNctQlpWlwHf9gCTticEZBQOQoO-rMaFHt00FEPXa7Ygy6SNyjI9Hozwo1I6o7UebEV4FKTEmEJqKjhT0I8z4PZRWZ7LiDXcRBLIGYrCeVGXQKYjl7NwN87TaD-9nBc3Ibv5nG93kNSxTsEYXdP_AMhvV27KN7H7IwmeyfTILrcuxITyVZme-dV3F9LV77wGP9VY6beEUlMA==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/S0Xb-tlDZ5MNuf_ksoZClQZ-c1P9g1Uei8cP0kbJX1TFX-CiCnp7U_CXRwOimDmO0QFqf_yVEukBfEjv5J3Uj_tDAvne7kvjr-9vUp_Lsu-xI0fBCEEaRcEGe7q2S4GTvXJflUrV6oZRhOGrHZN7rrkljlIE-CFQiwnUhjG4lcN1rPQQtROkfei3gv0t7UYEK-43yfduvcmVXBNMEanNI8aAc6fDyUAq4lb_iB-LZswYYe8YuPJDEMe6Jvds2_UCV4ZFjRKhYqSGuYkFTJF44R9LwX_JBZXvnuO34jd0s3apVp4E9jxI-vyTRpcN34BHbNMe-dkJKOPb34RSCCP_Jjn6x_mXnRuFMeuHdeonBD4bcqaknYTrNNva8XsNHkhhjiPBinG2Degsd5fYFMWpMEBa-7sO3x1DRHo0Vts4s_kIWTKhQqXEEY0zKUiSIg3EZ-X3IMfAJ5dNctQlpWlwHf9gCTticEZBQOQoO-rMaFHt00FEPXa7Ygy6SNyjI9Hozwo1I6o7UebEV4FKTEmEJqKjhT0I8z4PZRWZ7LiDXcRBLIGYrCeVGXQKYjl7NwN87TaD-9nBc3Ibv5nG93kNSxTsEYXdP_AMhvV27KN7H7IwmeyfTILrcuxITyVZme-dV3F9LV77wGP9VY6beEUlMA==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: OAID=0080557697c74763e0116994ce9252f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:25 GMT
content-type: image/gif
content-length: 43
x-trace-id: 8e33325be7d6f51a490958abd50f1efc
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg

104.22.33.172

200 OK

22 kB

URL GET HTTP/2
offerimage.com/www/images/338d4afc932e0e88547350014503e81f.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
22 kB (21899 bytes)
Hash
338d4afc932e0e88547350014503e81f
cad58c0262942799b278e63707d3ae00eca58a9d
73a161b3d4ac180c2cf041f98043306bc9441c87bf33893d6aa4c6b030253607

HTTP Headers

GET /www/images/338d4afc932e0e88547350014503e81f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:25 GMT
content-type: image/jpeg
content-length: 21899
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65fcad07-558b"
expires: Tue, 07 May 2024 20:07:05 GMT
last-modified: Thu, 21 Mar 2024 21:56:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 75980
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d72fcced8f60-CPH
X-Firefox-Spdy: h2

cameesse.net/11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=1343130628&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=AKHFflukC5O8w8_dSn-hQ9pHvs_bBwTq1pHxktzZw0vgqT4q16ncqc4xZJgarlJs1mQed65FbkqYF_mL5fgBEqXxCiOvM0xTuDCZle-lWLtjDeliFspRd0VC57xnJz7Cvm6geZd9Y3mVfINAhwAfLhLf3xGAYesjVObGs7E1rBYzWrlwgw7egTjPQ-v4KEUz5K8a8G6AGapCc64CekN1fCZTW8n03v1Ay1ZIrUeeg8OlYftZu2Oj67i4DBW6KVvk_IB6bOyAMgwz58HCGJxII1ai9XVivynvY7RjaaZJVOUUmjv7Oub1b8YcvyTJWan8OUJmOjDKWTQvbItAHcNfdrbXhPAcgCyypyoJRo3VpVPOB9SR1kmAM23fS2lR8py0EA5L2eEb9fewFAYPZknV5QxcZj73IPCArevBwqUN4gazYgQqPcvaTDE3EJnyOn03a6EUca2FR4k4xWCuHTA14Cr38Q5A6ykP52PZlmY1Cz_YQa9DZXAit7OcUnOMFB9f78OEXFa_hx8wGWOV4AfBnc8GyApf23MKtftAOrLFIpphcmha8Z3CX90Hti6m0mHfWdU2B8Ek8TKF6te-JoIhABU3qHQvA0rOnkWo9RtXkaHHWij_CmXvUtD-z2I=&ruid=4c2d724b-a26e-4c14-a794-af06574b5f28&subid=811759219138105345&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs6.dosya.tc%2Fserver19%2F4kgcpb%2Fdusk.exe.html%27%2C%27dusk.exe&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: scm=1; OAID=0080557697c74763e0116994ce9252f8; oaidts=1715101997
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:37 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 08bd0c61b3c10a0e8333c0e88ffb4697
access-control-expose-headers: X-Sc
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:37 GMT; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:37 GMT; secure; SameSite=None
oaidvc=1; expires=Wed, 07 May 2025 17:13:37 GMT; secure; SameSite=None
CNT=1_v1_o4fwAAEAAACKTQAA; expires=Tue, 07 May 2024 18:13:37 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/tag.min.js?z=5968117

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
moonoafy.net/pfe/current/tag.min.js?z=5968117
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (14612), with no line terminators
Size
15 kB (14612 bytes)
Hash
ffdd38e0a5a1a47cb341a116a3318e0e
2fd730feff506cf56e14c531e9d89cdea2cca424
7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/tag.min.js?z=5968117 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

413 kB

URL GET HTTP/2
cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65523)
Size
413 kB (413423 bytes)
Hash
297cc248309ba835cf13a1f82fd3f938
1e6f51ce257a0ee53e25280dd44092ed33339847
b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Cookie: scm=1; OAID=0400553d16b04f60fabf67e2460e820f; oaidts=1715101997
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 675b6052a34b06869c47f6ba157f45fd
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

www.nbfcs.org/

95.211.219.66

200 OK

475 B

URL GET HTTP/2
www.nbfcs.org/
IP
95.211.219.66:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectnbfcs.org
FingerprintE3:83:6F:69:48:41:C8:15:8B:C9:60:80:00:84:9A:A7:01:18:85:36
ValidityFri, 05 Apr 2024 04:35:50 GMT - Thu, 04 Jul 2024 04:35:49 GMT

File type
HTML document, ASCII text, with very long lines (475), with no line terminators
Size
475 B (475 bytes)
Hash
77b08b7a926a16d41a3a026ecb79acfb
eaf89b19258309eb248a2846bb5fd0bcbedc93fd
99719c4c55b1af6b579f4df72b16621824cdb9b17cf62de8f6fb2bd59d873da6

HTTP Headers

GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 475
content-type: text/html; charset=utf-8
date: Tue, 07 May 2024 17:13:16 GMT
server: Cowboy
set-cookie: sid=18e02615-0c95-11ef-906f-b2d3a883050c; path=/; domain=.nbfcs.org; expires=Sun, 25 May 2092 20:27:24 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/universal.min.js?v=3.1.504

139.45.197.250

200 OK

90 kB

URL GET HTTP/2
moonoafy.net/pfe/current/universal.min.js?v=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89850 bytes)
Hash
4caad44ecc6a13eba45b63ed7cf9e387
e67dfe90bebd5447495d8fe962d03e55f6d13071
66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-15efa"
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

s6.dosya.tc/sw.js

157.90.180.51

404 Not Found

3.6 kB

URL GET HTTP/1.1
s6.dosya.tc/sw.js
IP
157.90.180.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3863), with no line terminators
Size
3.6 kB (3600 bytes)
Hash
43af7efee1858d11c3f35cf505320aca
19616e842f70ed336210005b8ce03360141930ff
76aec251829567ddde047ee676220ec016bbfec8b1c74f93bc70608f83d63ab4

HTTP Headers

GET /sw.js HTTP/1.1
Host: s6.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
DNT: 1
Connection: keep-alive
Cookie: prefetchAd_5968118=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 17:13:17 GMT
Server: Apache
Keep-Alive: timeout=5, max=147
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

moonoafy.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
moonoafy.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-df63"
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

gishejuy.com/400/5968115

139.45.197.242

200 OK

84 kB

URL GET HTTP/2
gishejuy.com/400/5968115
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
84 kB (83824 bytes)
Hash
636075d41d928696e8bdbcab2569f7c1
442ee02ff7d7a1ceb3a7845165f9b0f14f643137
9ce9dd564d544d9e6fab0e9dbb570da87c753c9cac36f19bb947b6a8938e3309

HTTP Headers

GET /400/5968115 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/javascript
x-trace-id: 6e04cbbf0c008ae2fb3845e638ff0a8a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03005520da284117e2a5ca059bab4e55; expires=Wed, 07 May 2025 17:13:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

172.67.211.29

200 OK

90 kB

URL GET HTTP/2
inklinkor.com/tag.min.js
IP
172.67.211.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectinklinkor.com
Fingerprint28:84:D7:8F:63:D7:99:15:D5:E8:2C:F5:74:62:0D:94:C1:0A:EF:95
ValidityWed, 17 Apr 2024 17:58:45 GMT - Tue, 16 Jul 2024 17:58:44 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89877 bytes)
Hash
adb1154d25ea3c93d9fd4f621fc6683e
8c4aedc566b2d788823febd93692d84d511cc538
fbac7039a741589bf52c73a346760ee23c8a3c72f474a29a1dfd1496aa9effe3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 17:13:16 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 9fc06f17ff0657c7c7a9c897a7ca2cca
cache-control: max-age=86400
last-modified: Tue, 07 May 2024 03:12:07 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 08 May 2024 17:11:42 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 94
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gKZ2RJgSudXo4GFJ65E6ytFDm23rqxOiQT%2FdEMTF8d6POHuXNzZkDIMydlS1lrat0Wyf72%2FIz6ESHxmkcfT9Y8nyGapqFL8S%2BmK3zxxquAE5G%2BWghJ%2B03WwtzM%2F5QNBs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802d6f6bdc256b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cameesse.net/1?z=5968116

139.45.197.242

200 OK

43 kB

URL GET HTTP/2
cameesse.net/1?z=5968116
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (42427)
Size
43 kB (43417 bytes)
Hash
d2bbf4145ad93d8826843ce1b09a7bf5
d24b15e3df2c2efe78e3162b74ea6d76f631c066
b4556636760bbeaec2b119912f5d9880e57e77e9731710df0a015b3794e3aad8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=5968116 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 182d51f24a2f61f5118567620995bb09
access-control-expose-headers: X-Sc
x-sc: f91VC9gOYncFTcrG1nAT56dR5QEyVJaUq4tx9A5-JN28MVFBZwzJ5MYvOsCGggdyVCEOwDoDJ0ieJ4G6qOWXosYAqAw=
set-cookie: scm=1; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
OAID=0400553d16b04f60fabf67e2460e820f; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
oaidts=1715101997; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

wigrooglie.net/5/5968118/?oo=1&js_build=iclick-v1.788.10-auto

139.45.197.242

200 OK

3.0 kB

URL GET HTTP/2
wigrooglie.net/5/5968118/?oo=1&js_build=iclick-v1.788.10-auto
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectwigrooglie.net
FingerprintEF:4A:44:83:A9:78:0C:8F:85:B1:B3:3B:F0:A8:79:7A:1C:FE:39:3F
ValidityTue, 07 May 2024 00:49:13 GMT - Mon, 05 Aug 2024 00:49:12 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3213), with no line terminators
Size
3.0 kB (2969 bytes)
Hash
3dbe6fa8a49cd3bb056efb593b01cdf8
d343394bc0e3fc790dfc01d4a170903b41b7be5f
b34f137253bc61e43d8f9949c6133fc02f9d8c1ecb57205e2128e198a040c951

HTTP Headers

GET /5/5968118/?oo=1&js_build=iclick-v1.788.10-auto HTTP/1.1
Host: wigrooglie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s6.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:16 GMT
content-type: application/json
x-trace-id: 06476ab66f4fb8b998a920b41f968661
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:16 GMT; path=/; secure; SameSite=None
oaidts=1715101996; expires=Wed, 07 May 2025 17:13:16 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=24fdf96d519440d2bfc6c5a93f55eca7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=24fdf96d519440d2bfc6c5a93f55eca7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://s6.dosya.tc/server19/4kgcpb/dusk.exe.html','dusk.exe
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
2bf94f64a665a9e93bb53303d776cf6a
93450ef6dc9ac058d1dc06db09452face3acfdfe
34b7307f75fd489901e74d5f136b7387b931384585b6a19a9ddcfc4000e2063b

HTTP Headers

GET /gid.js?pub=0&userId=24fdf96d519440d2bfc6c5a93f55eca7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s6.dosya.tc/
Origin: https://s6.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: ID=0080557697c74763e0116994ce9252f8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 17:13:17 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://s6.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080557697c74763e0116994ce9252f8; expires=Wed, 07 May 2025 17:13:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by