Report - www.dosya.tc/server41/2z8jq4/reach.zip.html

Report Overview

Submitted URL
www.dosya.tc/server41/2z8jq4/reach.zip.html
IP
88.99.254.43
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-10 13:42:49
Access
public
Website Title
reach.zip dosyasını indir - download
Final URL
www.dosya.tc/server41/2z8jq4/reach.zip.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tzegilo.com	unknown	2022-01-14	2022-01-14	2024-05-09	395 B	20 kB	172.67.193.52
www.dosya.tc	unknown	2008-08-26	2012-05-20	2024-03-09	6.4 kB	313 kB	88.99.254.43
offerimage.com	304078	2019-06-10	2019-06-10	2024-05-09	1.8 kB	55 kB	172.67.22.216
inklinkor.com	unknown	2022-04-01	2022-04-01	2024-05-08	397 B	92 kB	172.67.211.29
moonoafy.net	unknown	2024-01-09	2024-01-09	2024-05-06	5.8 kB	140 kB	139.45.197.250
www.nbfcs.org	unknown	2022-11-16	2022-11-17	2024-04-27	934 B	809 B	95.211.117.215
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-08	1.5 kB	1.8 kB	139.45.197.250
gishejuy.com	unknown	2023-10-25	2023-10-25	2024-05-09	4.8 kB	88 kB	139.45.197.242
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-09	1.0 kB	1.5 kB	139.45.195.8
cameesse.net	unknown	2023-10-18	2023-10-18	2024-05-09	6.9 kB	156 kB	139.45.197.242
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-09	512 B	1.2 kB	35.244.181.201
deenoacepok.com	unknown	unknown	No data	No data	1.7 kB	40 kB	139.45.197.242
fleraprt.com	unknown	2022-01-14	2022-01-14	2024-05-09	563 B	480 B	139.45.195.254

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	cameesse.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	amunfezanttor.com	Sinkholed
2024-05-10	medium	gishejuy.com	Sinkholed
2024-05-10	medium	amunfezanttor.com	Sinkholed
2024-05-10	medium	cameesse.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	cameesse.net	Sinkholed
2024-05-10	medium	cameesse.net	Sinkholed
2024-05-10	medium	cameesse.net	Sinkholed
2024-05-10	medium	amunfezanttor.com	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	cameesse.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	gishejuy.com	Sinkholed
2024-05-10	medium	gishejuy.com	Sinkholed
2024-05-10	medium	gishejuy.com	Sinkholed
2024-05-10	medium	cameesse.net	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	inklinkor.com	Sinkholed
2024-05-10	medium	moonoafy.net	Sinkholed
2024-05-10	medium	gishejuy.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	www.dosya.tc/server41/2z8jq4/sandbox%20eval%20code	147 B	2023-04-11	2024-05-20
Pretty URL www.dosya.tc/server41/2z8jq4/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 22:32:30 Times Seen351462 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	tzegilo.com/stattag.js	19 kB	2024-02-10	2024-05-20
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 03:00:18 Last Seen2024-05-20 16:36:33 Times Seen1861 Hash 70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f Loading...

	unknown	90 kB	2024-04-25	2024-05-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen281 Hash 4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00 Loading...

	www.dosya.tc/server41/2z8jq4/reach.zip.html	0 B	2023-03-07	2024-05-20
Pretty URL www.dosya.tc/server41/2z8jq4/reach.zip.html IP 88.99.254.43 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 22:32:32 Times Seen37896158 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	inklinkor.com/tag.min.js	90 kB	2024-05-10	2024-05-12
Pretty URL inklinkor.com/tag.min.js IP 172.67.211.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 04:22:10 Last Seen2024-05-12 17:32:01 Times Seen79 Hash e3024b1a3cbcc47f3eef4bab101c0b7f 73f6d27a2ff5cbf11ab455917016b5f70ba63444 41e1c3be0f91a1766e024356a7c4feee73a360f9f5691b79d6ceab270fd51edc Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-20
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 22:32:30 Times Seen350947 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.dosya.tc/server41/2z8jq4/reach.zip.html	193 B	2023-05-23	2024-05-20
Pretty URL www.dosya.tc/server41/2z8jq4/reach.zip.html IP 88.99.254.43 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-23 06:11:34 Last Seen2024-05-20 11:38:24 Times Seen192 Hash 419c962e4b8f01eb7a6db59d9a65c48d ad669179732f2927db555591451336a38761182b 06c42bac1c163ea85720571f261d3e13b367e30ff3fdc4dc426062cb387bd4a9 Loading...

	moonoafy.net/pfe/current/tag.min.js?z=5968117	15 kB	2024-04-25	2024-05-14
Pretty URL moonoafy.net/pfe/current/tag.min.js?z=5968117 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen215 Hash ffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c Loading...

	gishejuy.com/400/5968115	84 kB	2024-05-10	2024-05-10
Pretty URL gishejuy.com/400/5968115 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 15:42:56 Last Seen2024-05-10 15:42:57 Times Seen2 Hash a77625f22af70d0aa562629dc324a058 24db27eecd92a25de56dd16215be62fe35eb0e00 3e40e68120f2dfb4e5a6be6fd22cb47af0e9f78d4733816209211ccbba88383c Loading...

	cameesse.net/1?z=5968116	43 kB	2024-05-10	2024-05-10
Pretty URL cameesse.net/1?z=5968116 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 15:42:57 Last Seen2024-05-10 15:42:57 Times Seen1 Hash 72fe91921e7b836cb7c24ae4ebdd299e 853719528de87f0c9ea93680578a37cfa1cda0e9 6ec52046e833f09cd4c4e13fbb8c78a22d339787465e48561d3bbda0aa8b280d Loading...

	cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a	413 kB	2024-04-11	2024-05-20
Pretty URL cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 13:26:00 Last Seen2024-05-20 12:21:12 Times Seen290 Hash 297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7 Loading...

	unknown	26 kB	2023-03-07	2024-05-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:51 Last Seen2024-05-20 11:38:23 Times Seen2126 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

		Size	First Seen	Last Seen
	#1 Write - 9b733f5f3f630ca6f9b31d6b11a513ab	51 kB	2023-03-26	2024-05-10
Pretty Observations First Seen2023-03-26 00:52:13 Last Seen2024-05-10 15:42:57 Times Seen78 Hash 9b733f5f3f630ca6f9b31d6b11a513ab c2a67476652d01d09e0546dbf1a5b5b7722cf109 21983caf7c27e11156f3f1e67a4afe1031bef8632595e655fb5e3077c7362e4d Loading...

HTTP Transactions (55)

URL IP Response Size

www.dosya.tc/server41/2z8jq4/reach.zip.html

88.99.254.43

200 OK

3.6 kB

URL User Request GET HTTP/1.1
www.dosya.tc/server41/2z8jq4/reach.zip.html
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3625 bytes)
Hash
caf57a0b27a8d77a11079053224b3ae3
cdc092afeba1e36b040d813c6943b9f711ea099c
d5763f13a596a868d1a9aafd23482341fead24c5ad4f55e236622a4bbbfed19d

HTTP Headers

GET /server41/2z8jq4/reach.zip.html HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

www.dosya.tc/style/style.css

88.99.254.43

200 OK

15 kB

URL GET HTTP/1.1
www.dosya.tc/style/style.css
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
assembler source, ASCII text
Size
15 kB (14629 bytes)
Hash
e36585a9f4a781f9445425224c85e695
4a34bb8474bd8d15a5313a157ca72bf8552910cc
2b8c3599f9d693fc1422d4ad7c8fe6b9fbb2ade6b19a89c55e0d94f02252410a

HTTP Headers

GET /style/style.css HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:15 GMT
Accept-Ranges: bytes
Content-Length: 14629
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.dosya.tc/style/bootstrap.css

88.99.254.43

200 OK

146 kB

URL GET HTTP/1.1
www.dosya.tc/style/bootstrap.css
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
ASCII text, with very long lines (386)
Size
146 kB (145933 bytes)
Hash
2dbb985a5bb6dd8ef0a7b21d290ea9ae
f8676e1f4a902a63088f45982f3f9b6a6c401b47
d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a

HTTP Headers

GET /style/bootstrap.css HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:15 GMT
Accept-Ranges: bytes
Content-Length: 145933
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.dosya.tc/images/footer-icon1.png

88.99.254.43

200 OK

582 B

URL GET HTTP/1.1
www.dosya.tc/images/footer-icon1.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
582 B (582 bytes)
Hash
e62d200d08f565563cc9b713729bbaa6
3a130f79117f2aaa91154eb56a22b47de8c06a50
101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3

HTTP Headers

GET /images/footer-icon1.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/logo.png

88.99.254.43

200 OK

7.2 kB

URL GET HTTP/1.1
www.dosya.tc/images/logo.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 191 x 53, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7157 bytes)
Hash
2a193802d40b18cd55b0d159571bf63c
1a4e4bdf88317471241d9e5ee29d9572be3f37e3
77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:10 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/footer-icon3.png

88.99.254.43

200 OK

1.7 kB

URL GET HTTP/1.1
www.dosya.tc/images/footer-icon3.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
1.7 kB (1702 bytes)
Hash
3a61d85a6bb0a45429b1e4b7d945aa95
6fcdf44c20d1ed269303583e16a98e245fa7b69b
c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732

HTTP Headers

GET /images/footer-icon3.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/uye-girisi.png

88.99.254.43

200 OK

3.0 kB

URL GET HTTP/1.1
www.dosya.tc/images/uye-girisi.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 140 x 51, 8-bit/color RGB, non-interlaced
Size
3.0 kB (2979 bytes)
Hash
6925e8f5c208aae4dd55cadd1340f180
a03365e7fb59c9588b3b7963e18c0b3e5d4cb369
6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d

HTTP Headers

GET /images/uye-girisi.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:11 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/footer-icon2.png

88.99.254.43

200 OK

850 B

URL GET HTTP/1.1
www.dosya.tc/images/footer-icon2.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
Size
850 B (850 bytes)
Hash
51a472b4a51ea9245ee6f4386f07818f
a19e86c411dc6da3592d1f90e89ddf68df1fee3c
eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750

HTTP Headers

GET /images/footer-icon2.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:06 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/images/download.gif

88.99.254.43

200 OK

7.2 kB

URL GET HTTP/1.1
www.dosya.tc/images/download.gif
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
GIF image data, version 89a, 300 x 86
Size
7.2 kB (7229 bytes)
Hash
a9a5324512e43e463fe0a00118ad0c37
5375ae6855a34619ce428da5f835fc9d9ce06124
7964b17bc443c3bcf422211a690ac4bc62ad981d77d5c0b6bdddc982b8615a25

HTTP Headers

GET /images/download.gif HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:05 GMT
Accept-Ranges: bytes
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

www.dosya.tc/images/background.webp

88.99.254.43

200 OK

113 kB

URL GET HTTP/1.1
www.dosya.tc/images/background.webp
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1050, Scaling: [none]x[none], YUV color, decoders should clamp
Size
113 kB (112776 bytes)
Hash
2b08bddebb64127b30bc913f73cdab61
f8911fd91f0302e88e7fe6e089ba20af32269b79
0804b26a6993fc6ee8e977f77aa9ce5ddf9c4fe69773b296cc292ee7b2a5ac1b

HTTP Headers

GET /images/background.webp HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:03 GMT
Accept-Ranges: bytes
Content-Length: 112776
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/webp

www.dosya.tc/images/menu-ayrac.png

88.99.254.43

200 OK

125 B

URL GET HTTP/1.1
www.dosya.tc/images/menu-ayrac.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 2 x 52, 8-bit/color RGB, non-interlaced
Size
125 B (125 bytes)
Hash
35a0591c63feeb75e3e547e894ff6e2d
7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c
9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced

HTTP Headers

GET /images/menu-ayrac.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:23 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:10 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/apple-touch-icon.png

88.99.254.43

200 OK

6.6 kB

URL GET HTTP/1.1
www.dosya.tc/apple-touch-icon.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
Size
6.6 kB (6556 bytes)
Hash
bfd9b50e03f63b25c253a5d6fa5c5ef4
b4c68746da8a1da96b57d37990bfbfb0f716c14b
ca0f27136956761254299ac92d78aecca2c21841760c56904d894eb13ea0237f

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:24 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:55:43 GMT
Accept-Ranges: bytes
Content-Length: 6556
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

www.dosya.tc/favicon-16x16.png

88.99.254.43

200 OK

1.6 kB

URL GET HTTP/1.1
www.dosya.tc/favicon-16x16.png
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.6 kB (1594 bytes)
Hash
05c5d89a72c5dc5e863e151cc5fa9b68
df5a0242031f54494fe0bf1b2d7290cd5e864a15
cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:42:24 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:55:45 GMT
Accept-Ranges: bytes
Content-Length: 1594
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

my.rtmark.net/gid.js?userId=0080588517664caeee1f0695ab8e039d

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080588517664caeee1f0695ab8e039d
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
fb12de2d9a06747cae6d8bd516b705f6
f807b099f5da956b2e233b1c54f778ec1eaaa1be
e768051c241dc8ad916c3c1d0710e204b742eb504d3031cdab9afb8dc8fc8042

HTTP Headers

GET /gid.js?userId=0080588517664caeee1f0695ab8e039d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.250

200 OK

880 B

URL GET HTTP/2
moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
880 B (880 bytes)
Hash
c443b2804666b23b6b9aa07e87a1e87a
49b957a75cdb23928f7708c30e9cee246159bda4
da3741713f86830bf25ec6bc51242e0be9fc170eb46cb11c17df0e4a02dadfd2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zone?pub=0&zone_id=5968117&is_mobile=false&domain=www.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 08b78ede435c5a9a7f76e8fe2c1089ef
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

deenoacepok.com/?rb=iO-LP5Y2h2tAvmTtJFRx59Xn_y9W6lvZUlSsUotJkpfnmAZOtshuT4pgJ5Z17KkCjaFC99ci5mpIJ8zVvxdJdM6_X4KAOkfcZ7lKQIjNxWXeUXoZVZcVjK0kWtwIGUXf5lKWHmP1mXNKfERTDtbefgvQzeb8OOYI5uaPsgBb9MWUH4_PKqNF-QoXnxWgdm4_B3PZUNEhU__9rC0YS40DS3poAid7u9xKLpLtMvYG2iDORAHmDzuUt7gSOkfxWY8wVswCb2Mi1kM%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=e77493c2-183f-4962-8c57-ab88697644dd&wasm=1&userId=0080588517664caeee1f0695ab8e039d&m=link

139.45.197.242

200 OK

35 kB

URL GET HTTP/2
deenoacepok.com/?rb=iO-LP5Y2h2tAvmTtJFRx59Xn_y9W6lvZUlSsUotJkpfnmAZOtshuT4pgJ5Z17KkCjaFC99ci5mpIJ8zVvxdJdM6_X4KAOkfcZ7lKQIjNxWXeUXoZVZcVjK0kWtwIGUXf5lKWHmP1mXNKfERTDtbefgvQzeb8OOYI5uaPsgBb9MWUH4_PKqNF-QoXnxWgdm4_B3PZUNEhU__9rC0YS40DS3poAid7u9xKLpLtMvYG2iDORAHmDzuUt7gSOkfxWY8wVswCb2Mi1kM%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=e77493c2-183f-4962-8c57-ab88697644dd&wasm=1&userId=0080588517664caeee1f0695ab8e039d&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectdeenoacepok.com
Fingerprint0D:76:17:06:1C:25:7C:C3:91:09:56:0F:C9:97:C9:9E:3E:AB:60:FB
ValidityThu, 09 May 2024 18:55:12 GMT - Wed, 07 Aug 2024 18:55:11 GMT

File type
gzip compressed data, max speed, from Unix
Size
35 kB (35104 bytes)
Hash
25318b16a4b537837bc510d4b6ebe6bd
bfeafdf62e6100a81525994238655950580cc495
b8b5c27b6f4b86d4c03fff34104fcb376dfe93d362ba6f3a06471353068d7c7b

HTTP Headers

GET /?rb=iO-LP5Y2h2tAvmTtJFRx59Xn_y9W6lvZUlSsUotJkpfnmAZOtshuT4pgJ5Z17KkCjaFC99ci5mpIJ8zVvxdJdM6_X4KAOkfcZ7lKQIjNxWXeUXoZVZcVjK0kWtwIGUXf5lKWHmP1mXNKfERTDtbefgvQzeb8OOYI5uaPsgBb9MWUH4_PKqNF-QoXnxWgdm4_B3PZUNEhU__9rC0YS40DS3poAid7u9xKLpLtMvYG2iDORAHmDzuUt7gSOkfxWY8wVswCb2Mi1kM%3D&request_ab2=0&zoneid=5968118&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=e77493c2-183f-4962-8c57-ab88697644dd&wasm=1&userId=0080588517664caeee1f0695ab8e039d&m=link HTTP/1.1
Host: deenoacepok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: OAID=0080588517664caeee1f0695ab8e039d; oaidts=1715348544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json
x-trace-id: 536fd64288288e7ca05af36254bee8f9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 17 May 2024 13:42:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

cameesse.net/1?z=5968116

139.45.197.242

200 OK

16 kB

URL GET HTTP/2
cameesse.net/1?z=5968116
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
gzip compressed data, max speed, from Unix
Size
16 kB (16292 bytes)
Hash
e4ab8556ac03e54a33997511e271c4e0
db7b0b2616a62888a2ee1879189db04dd2c3c9ee
ed386d21e70845ab984cf8834fd1517d63ba886bc3455bba5fbeb1db08637ed7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=5968116 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 499da4b783c52cb6e6077e03251a835f
access-control-expose-headers: X-Sc
x-sc: 3qRyzQfWi1ZM0pFBIYavr6W9OZmnkfrdNopgDIrD4lZMgeCsFtHlgh8LrlZQM3XUrUjmW3HOdFjgEOA8dpRyNcTBIyI=
set-cookie: scm=1; expires=Sat, 10 May 2025 13:42:24 GMT; secure; SameSite=None
OAID=04005887ea5747cbe48055edc9d34443; expires=Sat, 10 May 2025 13:42:24 GMT; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:24 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 391
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a5ba6bff148276c8d6fea06687564d2a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.dosya.tc/sw.js

88.99.254.43

404 Not Found

3.6 kB

URL GET HTTP/1.1
www.dosya.tc/sw.js
IP
88.99.254.43:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subject*.dosya.tc
FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F
ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
JavaScript source, ISO-8859 text
Size
3.6 kB (3610 bytes)
Hash
abca2f9dd88e6a7b1673979a0f446b7f
80644e4480fd9cf476740e03dc28e01620319cf4
fad0b231e90295e6c492cdb977f73af3ac2d6613ebc3c32fa5c5fa3c0e950685

HTTP Headers

GET /sw.js HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/server41/2z8jq4/reach.zip.html
DNT: 1
Connection: keep-alive
Cookie: prefetchAd_5968118=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 13:42:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 747
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5ad2cffea82255c3f5d887143495da27
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=f5fda502-a7ff-426d-9a9b-696a2ab2c9aa

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=f5fda502-a7ff-426d-9a9b-696a2ab2c9aa
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=f5fda502-a7ff-426d-9a9b-696a2ab2c9aa HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1412
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 10 May 2024 13:42:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.dosya.tc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

gishejuy.com/500/5968115?excludes=&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/5968115?excludes=&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/5968115?excludes=&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
b5cfdf33dccf867b4b9fb0cc80282f99
58f3985a885fa97383ad876dd3cfaeafe4b8c4a4
0fc8499be86251e27d6799adce388d4209d932be7e6872bb7fee3be1f63af7af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 527
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d

139.45.197.242

204 No Content

0 B

URL OPTIONS HTTP/2
cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

moonoafy.net/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
moonoafy.net/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
77a6d302a90ba172d9fae74b9bc66133
5ba9ee361e48eda966b40bcc1540017cf98f98bc
94a6a459e0513ca4174db64bd6150398e94f44248bb5605f6639855b40edde25

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 1715
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=10a0d42c9f114b0fb1e30bbb9a40d3b7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=10a0d42c9f114b0fb1e30bbb9a40d3b7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
fb12de2d9a06747cae6d8bd516b705f6
f807b099f5da956b2e233b1c54f778ec1eaaa1be
e768051c241dc8ad916c3c1d0710e204b742eb504d3031cdab9afb8dc8fc8042

HTTP Headers

GET /gid.js?pub=0&userId=10a0d42c9f114b0fb1e30bbb9a40d3b7&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: ID=0080588517664caeee1f0695ab8e039d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

172.67.22.216

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:25 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 10 May 2024 20:16:56 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62729
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a36fb9fb50f-OSL
X-Firefox-Spdy: h2

cameesse.net/11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=134

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=134
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=134 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=0080588517664caeee1f0695ab8e039d; oaidts=1715348544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: cd2004dceeaaf77e11975e7e9c8bb083
access-control-expose-headers: X-Sc
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

cameesse.net/121?rnd=311753044&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D812793314160939008&cln={CELL_NUMBER}&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&bag=12zEY1nBan10dqfOdX7fmNsP-KAjIJqm&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008

139.45.197.242

302 Found

0 B

URL GET HTTP/2
cameesse.net/121?rnd=311753044&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D812793314160939008&cln={CELL_NUMBER}&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&bag=12zEY1nBan10dqfOdX7fmNsP-KAjIJqm&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /121?rnd=311753044&z=5968116&b=15763363&c=6332999&var=&varid=0&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D812793314160939008&cln={CELL_NUMBER}&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&bag=12zEY1nBan10dqfOdX7fmNsP-KAjIJqm&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=0080588517664caeee1f0695ab8e039d; oaidts=1715348544
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-length: 0
location: https://www.nbfcs.org/#signUp=812793314160939008
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 1ae76fce5e1c5f7aba86f88b6e3e391d
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

139.45.197.242

204 No Content

2.6 kB

URL OPTIONS HTTP/2
cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JSON text data
Size
2.6 kB (2594 bytes)
Hash
5b612c636f60ce7e9d4b1e6310a7d5de
4c5303a3194343086567fc1387c895a63bdd1a22
9a0bfaefcdd679046aa8e8aff6448cb824f369638ceb8c40f5d58152dccb0ee8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080588517664caeee1f0695ab8e039d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 354
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=04005887ea5747cbe48055edc9d34443; oaidts=1715348544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 14b625ad650437cfd7d5e39fef55d072
access-control-expose-headers: X-Sc
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:25 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
07ccf494111812c3536226af3a979e5f
fd6d88de73356bbf438acc8966741a16afa957e0
1be48101cf038b38264ee57efe8ced7fa97f59317ebd04dc5fa4d8482a835735

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 527
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

131 kB

URL GET HTTP/2
cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
gzip compressed data, max speed, from Unix
Size
131 kB (131084 bytes)
Hash
3fa88502945dcc697baa30a2d98e4b88
812c54c78141c94f125e5789d14d8b98ea23dc27
1cfa9dc6e1163fa92ed0684a382e84d399c42b0d319ee4a2bee3c25a2200862e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=04005887ea5747cbe48055edc9d34443; oaidts=1715348544
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: eb493e0a04800572d0dc4a753807ad5f
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Content-Type: application/json
Content-Length: 388
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d40ef76702d4cbc0e41327b6855eeece
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

28 kB

URL GET HTTP/2
moonoafy.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
gzip compressed data, max speed, from Unix
Size
28 kB (28532 bytes)
Hash
d73d4ab40324602db2f5cb961ac4d0b9
f7c16cca23fb07bb9df2f6d295d4b61ebb151d06
7ad86340f1531d6cad452b93c04c64798b95786532daa80235c1892868138383

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:25 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-df63"
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

www.nbfcs.org/

95.211.117.215

11 B

URL
www.nbfcs.org/
IP
95.211.117.215:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 10 May 2024 13:42:25 GMT
location: http://ww1.nbfcs.org/?subid1=2299fbb5-0ed3-11ef-81fd-51e67a067a85
server: Cowboy
set-cookie: sid=2299fbb5-0ed3-11ef-81fd-51e67a067a85; path=/; domain=.nbfcs.org; expires=Wed, 28 May 2092 16:56:32 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

gishejuy.com/impression/tE89IitxTejLi_UxhVxq6aOAfkGDLdp2lNn-j770BQYJAVCUd_zMi_qoyhjWwprWRd07AEhpNzc8JM_KpR_j9WqAc4bac1pA7tK6ybsbjd4NAcoxl0D-y0EJs2RLSzdzB8iZcAl28gguFigbZBM3439q9ywTzUH7Ab06z6U-F57TsJVvZ0wPBu3slvXJpWq4KKX-Rv3-3O3VTa7PbgbfH04he0rAYueiR9seCzWFQRSoRrUzXXtzQStS1xcvza-nF1I8wzg5Hl4JjbtWDTlkxcaUm2g2uR5F_aOL0e6S-K28ZFPBFe1oLOWPJVIdwHXkKQ9cQVB39yQ-5KoBFGSPuZmRSG3X27rVtgn7pseOfeBL78Up078x5s-0DcTJiYzswMNN6_EmwofWP5Z89rOEk2cSosBOlwNHcfFsRwKCfB57roQnIjgTA9mtfubyqRbYNKLAaTFz4lOOrfCil0QegLno2kJn1d6pDGohYo_4NC1bix8xyXvkEy97STfZHrqKTtR47aRaeTkNQBCOv0a93c1qs8dzGfABJFOJ5VETj_R8vBKcLQ1lSdIX2HH11e2H563j45z5IbD965On6RXc9oUWzMuS1MqW31kPA97sIutrOCCHt7cMGHYm55xjxIVHQNLokbtuxcke-nYjuoQldw==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/tE89IitxTejLi_UxhVxq6aOAfkGDLdp2lNn-j770BQYJAVCUd_zMi_qoyhjWwprWRd07AEhpNzc8JM_KpR_j9WqAc4bac1pA7tK6ybsbjd4NAcoxl0D-y0EJs2RLSzdzB8iZcAl28gguFigbZBM3439q9ywTzUH7Ab06z6U-F57TsJVvZ0wPBu3slvXJpWq4KKX-Rv3-3O3VTa7PbgbfH04he0rAYueiR9seCzWFQRSoRrUzXXtzQStS1xcvza-nF1I8wzg5Hl4JjbtWDTlkxcaUm2g2uR5F_aOL0e6S-K28ZFPBFe1oLOWPJVIdwHXkKQ9cQVB39yQ-5KoBFGSPuZmRSG3X27rVtgn7pseOfeBL78Up078x5s-0DcTJiYzswMNN6_EmwofWP5Z89rOEk2cSosBOlwNHcfFsRwKCfB57roQnIjgTA9mtfubyqRbYNKLAaTFz4lOOrfCil0QegLno2kJn1d6pDGohYo_4NC1bix8xyXvkEy97STfZHrqKTtR47aRaeTkNQBCOv0a93c1qs8dzGfABJFOJ5VETj_R8vBKcLQ1lSdIX2HH11e2H563j45z5IbD965On6RXc9oUWzMuS1MqW31kPA97sIutrOCCHt7cMGHYm55xjxIVHQNLokbtuxcke-nYjuoQldw==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/tE89IitxTejLi_UxhVxq6aOAfkGDLdp2lNn-j770BQYJAVCUd_zMi_qoyhjWwprWRd07AEhpNzc8JM_KpR_j9WqAc4bac1pA7tK6ybsbjd4NAcoxl0D-y0EJs2RLSzdzB8iZcAl28gguFigbZBM3439q9ywTzUH7Ab06z6U-F57TsJVvZ0wPBu3slvXJpWq4KKX-Rv3-3O3VTa7PbgbfH04he0rAYueiR9seCzWFQRSoRrUzXXtzQStS1xcvza-nF1I8wzg5Hl4JjbtWDTlkxcaUm2g2uR5F_aOL0e6S-K28ZFPBFe1oLOWPJVIdwHXkKQ9cQVB39yQ-5KoBFGSPuZmRSG3X27rVtgn7pseOfeBL78Up078x5s-0DcTJiYzswMNN6_EmwofWP5Z89rOEk2cSosBOlwNHcfFsRwKCfB57roQnIjgTA9mtfubyqRbYNKLAaTFz4lOOrfCil0QegLno2kJn1d6pDGohYo_4NC1bix8xyXvkEy97STfZHrqKTtR47aRaeTkNQBCOv0a93c1qs8dzGfABJFOJ5VETj_R8vBKcLQ1lSdIX2HH11e2H563j45z5IbD965On6RXc9oUWzMuS1MqW31kPA97sIutrOCCHt7cMGHYm55xjxIVHQNLokbtuxcke-nYjuoQldw==?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=0080588517664caeee1f0695ab8e039d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:29 GMT
content-type: image/gif
content-length: 43
x-trace-id: 5820ccf18cc9a064290de044af82706c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

gishejuy.com/500/5968115?excludes=19845928&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/5968115?excludes=19845928&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/5968115?excludes=19845928&oaid=0080588517664caeee1f0695ab8e039d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:29 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/3303c3ec46f8b840a87559e75824b84b.jpg

172.67.22.216

200 OK

9.3 kB

URL GET HTTP/2
offerimage.com/www/images/3303c3ec46f8b840a87559e75824b84b.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
9.3 kB (9292 bytes)
Hash
3303c3ec46f8b840a87559e75824b84b
dca17ecb9395b5e83d50ba8c140af48d0b5a76ae
a680f7fe40d758da9e24159585e9d43a5080c8130fcf8349fae977243b6a0987

HTTP Headers

GET /www/images/3303c3ec46f8b840a87559e75824b84b.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:30 GMT
content-type: image/jpeg
content-length: 9292
cache-control: max-age=86400
cf-bgj: h2pri
etag: "64aecb18-244c"
expires: Fri, 10 May 2024 20:16:41 GMT
last-modified: Wed, 12 Jul 2023 15:47:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62749
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a558935b50f-OSL
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

172.67.22.216

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:30 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 10 May 2024 20:16:56 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62734
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a567ac0b50f-OSL
X-Firefox-Spdy: h2

gishejuy.com/impression/jVoa7TYCNgF6Bu4Yg5WN1yKeifsauMJsnaxvguSTmwMPMnTPA4d7P6TeV9YDQsNe9UJSzEJebkCXAWCtntVa5eFUUgEUIEcEPBCNRHVDCvrty_NOIaIPh10Ib9zfqjqAzZz67CG2n7k7X012ZIfTiS3fWcv36XMCb8PtgOdN2AbF5avZtcCWcZTooV4Y82GCe6byE-D84Ct1d1F4TrI2APi-aV9iMnuZRnVQAcza58IUEd1IbVenawl1cZLgAjkZ9bXJvw2PiaydJUE0teq8MTNxZw7JumrcYUSCIJvDyM-V29x_gHxNgz5hsGBaafZBN3hPI_Rduuu4rxhRcAem3e-U8E2IpjSPh00h-1gH9q0h21KnMVlDeggqmf0kIB_mTBK_q92egQGMD19usyjNy2mLPx5l-INbQUEVN0F8fTYzCltdilrJJ2YkTev4kM9vJ0qQI-XJxUpe7S5GMCzMdcxVCtzBEhhytFLOib_MV6mrBvN6gP6OBTAyNo6Mfq8HUIigHTa7r9l1WQio3PsMJXTT6gdZ84Mzf2WTQz5aNjuc8YOrenlppIl3ThU5loLeQD83MxGa2cB9JwjfwiAylICX2YAr5SQUJYoT_cL7zf7Rs6rDNBEBjpZHXr5BVZbyxrkWZHxmfao=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/jVoa7TYCNgF6Bu4Yg5WN1yKeifsauMJsnaxvguSTmwMPMnTPA4d7P6TeV9YDQsNe9UJSzEJebkCXAWCtntVa5eFUUgEUIEcEPBCNRHVDCvrty_NOIaIPh10Ib9zfqjqAzZz67CG2n7k7X012ZIfTiS3fWcv36XMCb8PtgOdN2AbF5avZtcCWcZTooV4Y82GCe6byE-D84Ct1d1F4TrI2APi-aV9iMnuZRnVQAcza58IUEd1IbVenawl1cZLgAjkZ9bXJvw2PiaydJUE0teq8MTNxZw7JumrcYUSCIJvDyM-V29x_gHxNgz5hsGBaafZBN3hPI_Rduuu4rxhRcAem3e-U8E2IpjSPh00h-1gH9q0h21KnMVlDeggqmf0kIB_mTBK_q92egQGMD19usyjNy2mLPx5l-INbQUEVN0F8fTYzCltdilrJJ2YkTev4kM9vJ0qQI-XJxUpe7S5GMCzMdcxVCtzBEhhytFLOib_MV6mrBvN6gP6OBTAyNo6Mfq8HUIigHTa7r9l1WQio3PsMJXTT6gdZ84Mzf2WTQz5aNjuc8YOrenlppIl3ThU5loLeQD83MxGa2cB9JwjfwiAylICX2YAr5SQUJYoT_cL7zf7Rs6rDNBEBjpZHXr5BVZbyxrkWZHxmfao=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/jVoa7TYCNgF6Bu4Yg5WN1yKeifsauMJsnaxvguSTmwMPMnTPA4d7P6TeV9YDQsNe9UJSzEJebkCXAWCtntVa5eFUUgEUIEcEPBCNRHVDCvrty_NOIaIPh10Ib9zfqjqAzZz67CG2n7k7X012ZIfTiS3fWcv36XMCb8PtgOdN2AbF5avZtcCWcZTooV4Y82GCe6byE-D84Ct1d1F4TrI2APi-aV9iMnuZRnVQAcza58IUEd1IbVenawl1cZLgAjkZ9bXJvw2PiaydJUE0teq8MTNxZw7JumrcYUSCIJvDyM-V29x_gHxNgz5hsGBaafZBN3hPI_Rduuu4rxhRcAem3e-U8E2IpjSPh00h-1gH9q0h21KnMVlDeggqmf0kIB_mTBK_q92egQGMD19usyjNy2mLPx5l-INbQUEVN0F8fTYzCltdilrJJ2YkTev4kM9vJ0qQI-XJxUpe7S5GMCzMdcxVCtzBEhhytFLOib_MV6mrBvN6gP6OBTAyNo6Mfq8HUIigHTa7r9l1WQio3PsMJXTT6gdZ84Mzf2WTQz5aNjuc8YOrenlppIl3ThU5loLeQD83MxGa2cB9JwjfwiAylICX2YAr5SQUJYoT_cL7zf7Rs6rDNBEBjpZHXr5BVZbyxrkWZHxmfao=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.339.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: OAID=0080588517664caeee1f0695ab8e039d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:32 GMT
content-type: image/gif
content-length: 43
x-trace-id: f6b859596feeeab068ab56cd59a4c840
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/3303c3ec46f8b840a87559e75824b84b.jpg

172.67.22.216

200 OK

9.3 kB

URL GET HTTP/2
offerimage.com/www/images/3303c3ec46f8b840a87559e75824b84b.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
9.3 kB (9292 bytes)
Hash
3303c3ec46f8b840a87559e75824b84b
dca17ecb9395b5e83d50ba8c140af48d0b5a76ae
a680f7fe40d758da9e24159585e9d43a5080c8130fcf8349fae977243b6a0987

HTTP Headers

GET /www/images/3303c3ec46f8b840a87559e75824b84b.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:33 GMT
content-type: image/jpeg
content-length: 9292
cache-control: max-age=86400
cf-bgj: h2pri
etag: "64aecb18-244c"
expires: Fri, 10 May 2024 20:16:41 GMT
last-modified: Wed, 12 Jul 2023 15:47:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62752
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a693f2eb50f-OSL
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=xeu0HIRlK0x8GW47TN6nlmwh741EbsBIqtCdmVliV4T6KfOxFIiElamfXsbBC-t7FnWtm5siz4cGjNA7Bacrf1d7qBMQlGzumMIShTjjO1_EuEYFKskBT7GkBO47sFx4
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 10 May 2024 13:40:50 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 112
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

cameesse.net/11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=1570705678&z=5968116&b=15763363&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=OY348BuvvyLObpkY3daYGfKZnlZSDZkxTpbLejn8uQUXE20IL7ORhwmEaPbeFrYWiFIZEeL_rFv-QrJI463yj-B_mIjbUHb8eYfeqwmfroE78MLhorRfXF20aHGFPgZJhorzUpJWTY13tVn8lB0w-fW1wI9v_BGAIs3tDYaekfzQYGO_W2nFtW6WLUDjS1IzTfOnXibuBFZi2YrCdCgHil33eiYjFQTsEoZGCRJyguTuRF8kemg5wonpgIaSxVYU6RMYYgJrL5BRfXfheQA4BZadv1fgF-FIzI3MoWvA8uzrwXWWeVJlBHBAwDyDWGk26pZWdDV_BPbJKrm80fH8Pr-CABOOoUL8ty1Fngx8muBISIMLWShMVVBDUOQEJN4FS8l8DYylzFhcs4v_EqcDFkmEhSwpOgd_88_y8o-Dc2-A1k0BcUOUapMqnzLBluE6bYvMeKQrUWiaWk_uv7AmsW0Ot-gDqKbdiKaFOLJA8fTbw76QWjI8VRrBVwswDKaEt9B5t2txolYajyZ6jDmnt4QCvHIuMKojtpXFektTPkEQKP4rE02oiLw1QoqTH701qSR4r1SKYLHnsf1GqgsxhnH1CMl9Wd0qFWpVNyLHgS61-8dbDRlA74FydK6MCSlL&ruid=4331496b-d444-4b42-8075-0766d95107d5&subid=812793314160939008&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dosya.tc%2Fserver41%2F2z8jq4%2Freach.zip.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Cookie: scm=1; OAID=0080588517664caeee1f0695ab8e039d; oaidts=1715348544
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:45 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: d503aed27f43e2e8cb19a6d0f31e3034
access-control-expose-headers: X-Sc
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:45 GMT; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:45 GMT; secure; SameSite=None
oaidvc=1; expires=Sat, 10 May 2025 13:42:45 GMT; secure; SameSite=None
CNT=1_v1_o4fwAAEAAACNTQAA; expires=Fri, 10 May 2024 14:42:45 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/tag.min.js?z=5968117

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
moonoafy.net/pfe/current/tag.min.js?z=5968117
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (14612), with no line terminators
Size
15 kB (14612 bytes)
Hash
ffdd38e0a5a1a47cb341a116a3318e0e
2fd730feff506cf56e14c531e9d89cdea2cca424
7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/tag.min.js?z=5968117 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

172.67.211.29

200 OK

90 kB

URL GET HTTP/2
inklinkor.com/tag.min.js
IP
172.67.211.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectinklinkor.com
Fingerprint28:84:D7:8F:63:D7:99:15:D5:E8:2C:F5:74:62:0D:94:C1:0A:EF:95
ValidityWed, 17 Apr 2024 17:58:45 GMT - Tue, 16 Jul 2024 17:58:44 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (90313 bytes)
Hash
e3024b1a3cbcc47f3eef4bab101c0b7f
73f6d27a2ff5cbf11ab455917016b5f70ba63444
41e1c3be0f91a1766e024356a7c4feee73a360f9f5691b79d6ceab270fd51edc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:23 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 572b03ef9cee94d3764156900ed5fe51
cache-control: max-age=86400
last-modified: Thu, 09 May 2024 21:47:18 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 11 May 2024 13:40:21 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 122
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C4vPzEGRcsEgGHRH6KPDJ%2BBTF4IISC5ajvPjURAhPWhICnjxymRXCPK0SzCyOY0YN4ULoWwXN7nqtaaTZUxrcdThwWFh%2BWxrPxpf%2F2GEAnqBlrH%2FF9E9AOjwdL3NgvKk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a2fb8415685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.nbfcs.org/

95.211.117.215

302 Found

0 B

URL GET HTTP/2
www.nbfcs.org/
IP
95.211.117.215:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectnbfcs.org
FingerprintE3:83:6F:69:48:41:C8:15:8B:C9:60:80:00:84:9A:A7:01:18:85:36
ValidityFri, 05 Apr 2024 04:35:50 GMT - Thu, 04 Jul 2024 04:35:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.nbfcs.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 10 May 2024 13:42:25 GMT
location: http://ww1.nbfcs.org/?subid1=2299fbb5-0ed3-11ef-81fd-51e67a067a85
server: Cowboy
set-cookie: sid=2299fbb5-0ed3-11ef-81fd-51e67a067a85; path=/; domain=.nbfcs.org; expires=Wed, 28 May 2092 16:56:32 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.67.193.52

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18486)
Size
19 kB (19136 bytes)
Hash
70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5044
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u755Zc5MAkiFdvh2JvRgb%2FLL162se9QM6kjXTHA%2FZGoI5w7oVTxF01GxKs%2F9RGlngL3jORI%2BZduN0a7Vr7B26ZQ2FD5dpt96x9iac6w2G0mOM3zTFecFpLZ5jZdX1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a5a341eb85691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/universal.min.js?v=3.1.504

139.45.197.250

200 OK

90 kB

URL GET HTTP/2
moonoafy.net/pfe/current/universal.min.js?v=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89850 bytes)
Hash
4caad44ecc6a13eba45b63ed7cf9e387
e67dfe90bebd5447495d8fe962d03e55f6d13071
66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dosya.tc/
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-15efa"
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

gishejuy.com/400/5968115

139.45.197.242

200 OK

84 kB

URL GET HTTP/2
gishejuy.com/400/5968115
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
84 kB (83847 bytes)
Hash
a77625f22af70d0aa562629dc324a058
24db27eecd92a25de56dd16215be62fe35eb0e00
3e40e68120f2dfb4e5a6be6fd22cb47af0e9f78d4733816209211ccbba88383c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/5968115 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/javascript
x-trace-id: 385b2de3935c757fd9fac89f5629c843
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03005812f0f14bcee0c3d7b80ff1f5c5; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

deenoacepok.com/5/5968118/?oo=1&js_build=iclick-v1.792.1-auto

139.45.197.242

200 OK

3.0 kB

URL GET HTTP/2
deenoacepok.com/5/5968118/?oo=1&js_build=iclick-v1.792.1-auto
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://www.dosya.tc/server41/2z8jq4/reach.zip.html
Certificate
IssuerLet's Encrypt
Subjectdeenoacepok.com
Fingerprint0D:76:17:06:1C:25:7C:C3:91:09:56:0F:C9:97:C9:9E:3E:AB:60:FB
ValidityThu, 09 May 2024 18:55:12 GMT - Wed, 07 Aug 2024 18:55:11 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3217), with no line terminators
Size
3.0 kB (2973 bytes)
Hash
fd48edecce6cb4dc9374752848af4fca
e69d248a5d244843c67d8eeec4e0750b23547491
e85b83da841dc370af6d9447cea3abd602c91c0b3a3d562e0e5ca91d7c6f8837

HTTP Headers

GET /5/5968118/?oo=1&js_build=iclick-v1.792.1-auto HTTP/1.1
Host: deenoacepok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://www.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:42:24 GMT
content-type: application/json
x-trace-id: 42a36a16977b11b31e7a3822605d6e40
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://www.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080588517664caeee1f0695ab8e039d; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
oaidts=1715348544; expires=Sat, 10 May 2025 13:42:24 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL