Report - fileknot.com/2a6927d2719c5301/Deep

Report Overview

Visited public
2023-12-09 14:42:33
Tags
URL
fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Finishing URL
fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
IP / ASN
65.21.143.180
#24940 Hetzner Online GmbH
Title
Deep_Sleep.7z - FileKnot.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-09 07:42:19	935 B	85 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-09 06:06:20	3.9 kB	284 kB	142.250.74.99
tm-banners.gamingadult.com	242696	2017-06-09	2017-10-09 13:15:15	2023-12-07 05:41:30	948 B	601 kB	5.196.166.128
tm-offers.gamingadult.com	175580	2017-06-09	2017-10-09 13:15:14	2023-12-08 06:47:47	1.2 kB	1.3 kB	5.196.166.128
gamingadlt.com	unknown	2023-09-14	2023-09-28 16:36:39	2023-12-08 01:10:42	1.0 kB	314 B	5.196.166.128
fileknot.com	unknown	2023-02-19	2023-02-20 21:29:45	2023-12-08 06:47:38	16 kB	1.2 MB	65.21.143.180
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-09 07:44:59	431 B	92 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-09 14:42:22	high	Client IP	Internal IP	ET POLICY DNS Query For XXX Adult Site Top Level Domain
2023-12-09 14:42:23	high	Client IP	Internal IP	ET POLICY DNS Query For XXX Adult Site Top Level Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed
2023-12-09	medium	fileknot.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	fileknot.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 13:23 Times Seen112282 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	fileknot.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js	ScriptElement	70 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 07:01 Times Seen5347 Hash 737f853e9fd6a31d62f5028e88663c9f cf144f2ab49f53a69fbfe10d3588fc23437d2736 6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841 Loading...

	fileknot.com/2a6927d2719c5301/Deep_Sleep.7z	ScriptElement	44 B	2023-03-07	2025-05-11
Pretty URL fileknot.com/2a6927d2719c5301/Deep_Sleep.7z IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:28 Last Seen2025-05-11 17:33 Times Seen3567 Hash 21d884540875fb4d2b8f280c541d092c 9f2a58bb4ff1897269b2df54e333ce35d4435b91 8f75c65a00382bae7799a76f3517023df9a72035e9b469e95469b028d4bd0d0a Loading...

	fileknot.com/themes/spirit/assets/frontend/js/cookiealert.js	ScriptElement	1.8 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/cookiealert.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:47 Last Seen2025-05-11 01:09 Times Seen2627 Hash 81279e22c8ece9e1d0536a402484daa3 911797507fb12d4f451d5900e32db96ad697c401 5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab Loading...

	www.googletagmanager.com/gtag/js?id=G-D2HXTPWBWQ	ScriptElement	274 kB	2023-12-09	2023-12-09
Pretty URL www.googletagmanager.com/gtag/js?id=G-D2HXTPWBWQ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-09 15:42 Last Seen2023-12-09 15:42 Times Seen1 Hash d5da969351ec91f74b475b6bf07d6930 a827319aa76f490a5e169a18effa8d386ba4c46a c6557f8ba8b0814f173b052ae09c5d89386010e9dfa5d7c4be6d321db444fc42 Loading...

	fileknot.com/themes/spirit/assets/frontend/js/datepicker.js	ScriptElement	21 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/datepicker.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28 Last Seen2025-05-11 17:33 Times Seen3328 Hash 8cfe207a6a21c7495cfb751c761217a6 35d686a6c4ecc9946c35444ce93e110cb0e1611c 804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc Loading...

	fileknot.com/themes/spirit/assets/frontend/js/granim.min.js	ScriptElement	11 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/granim.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-11 01:09 Times Seen2625 Hash 2c16a9a724563fc0c306abb5bdeb03fe 90c2032537714e66059a3eaa150b93f3c9c80163 997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e Loading...

	fileknot.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js	ScriptElement	6.0 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-11 01:09 Times Seen2655 Hash b67e171349c4716dd7bb15c018a2c8c1 60b204148c0eed83b06043897d1cbd54709eab66 8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30 Loading...

	fileknot.com/2a6927d2719c5301/Deep_Sleep.7z	ScriptElement	940 B	2024-08-20	2024-08-20
Pretty URL fileknot.com/2a6927d2719c5301/Deep_Sleep.7z IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:17 Last Seen2024-08-20 16:17 Times Seen1 Hash 1f75cc150401a44af4da32ab4b95a259 dc20890c1c5ff0bf04ea28321147d56db3842e35 8d925bfee1fec7c9544a99c997aeb7986548f249cea77552aa690c672bae4faf Loading...

	fileknot.com/themes/spirit/assets/frontend/js/flickity.min.js	ScriptElement	54 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/flickity.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-11 01:09 Times Seen2647 Hash 81a84001ccd9bdd589d1b4f187311b15 5cdf8cb0d97b5b16a5f812e1541ad387a7cb8af5 5a28889b1faf91d12eeb5b5d173c50135eefd7fdc29a951b365340cf473bd9b2 Loading...

	fileknot.com/themes/spirit/assets/frontend/js/typed.min.js	ScriptElement	3.9 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/typed.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28 Last Seen2025-05-11 17:33 Times Seen3942 Hash 2f6185a8a32a50b2b3e04849f44359d4 0e5501588c5c0d1c9462f34b0d56c21abff5bfef 914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b Loading...

	fileknot.com/themes/spirit/assets/frontend/js/scripts.js	ScriptElement	112 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/scripts.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:47 Last Seen2025-05-11 01:09 Times Seen2565 Hash ccd6c308b2b8e36ae154d7bacea4240d f7d2f7195150771246dd599dbb4ff3bc2f0f2179 fc2a8bf60f1e7577697c0b457c01aeeecfd2b18ea68c93e2d374bf6d95fbe7a0 Loading...

	fileknot.com/2a6927d2719c5301/Deep_Sleep.7z	ScriptElement	292 B	2023-03-07	2025-05-11
Pretty URL fileknot.com/2a6927d2719c5301/Deep_Sleep.7z IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:28 Last Seen2025-05-11 17:33 Times Seen3891 Hash f6038f840321581380bcf8e68fbec2ed 9c64ca84baabd04b9994597b90882d8ec7158ba2 fc7d223cc022e6a00869dea89642667579b0ca033afb07bb0070c7b7a0fd23c3 Loading...

	fileknot.com/2a6927d2719c5301/Deep_Sleep.7z	ScriptElement	153 B	2023-03-26	2024-08-21
Pretty URL fileknot.com/2a6927d2719c5301/Deep_Sleep.7z IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 07:02 Last Seen2024-08-21 09:44 Times Seen1132 Hash 1b43df5cc9b9abbbb15743ae0347abfc c5df8b4705ba37c66ab957257d70b9bdd6a2f5d7 2bd1b5a19d18d25846cc1306dab2232fe45e42d455daef5fdbd337edc73d14fc Loading...

	fileknot.com/themes/spirit/assets/frontend/js/jquery.steps.min.js	ScriptElement	14 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/jquery.steps.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-11 01:09 Times Seen2666 Hash 4c5e9f4e84d32b7df69af7420b355e03 14e1e287ec98e8cc0a992ee996783b0c42f9ec0f c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d Loading...

	fileknot.com/themes/spirit/assets/frontend/js/countdown.min.js	ScriptElement	5.3 kB	2023-03-07	2025-05-11
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/countdown.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 01:09 Times Seen4618 Hash 5d3ff3c3fbaa67cc639501f44eeb07be bd66e4cd58de09c198e7abc77fa4c883955d189e 2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f Loading...

HTTP Transactions (46)

URL IP Response Size

fileknot.com/2a6927d2719c5301/Deep_Sleep.7z

65.21.143.180

200 OK

4.6 kB

URL User Request GET HTTP/1.1
fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
4.6 kB (4578 bytes)
Hash
a5705c0edbe40d21701a05550234161d
531c45c2296b09987e99a85743ea80f7fef9c268
c5f38441aeaf68b94f68f307627d55b51f7f96e31c3b8368cd99b2dbd0c838a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2a6927d2719c5301/Deep_Sleep.7z HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: filehosting=iejl5fistab91b8ga5okoblodo; expires=Sun, 10-Dec-2023 14:42:14 GMT; Max-Age=86400; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, no-cache, private
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Encoding: gzip

fileknot.com/themes/spirit/assets/frontend/css/bootstrap.min.css

65.21.143.180

200 OK

77 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/bootstrap.min.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (65324)
Size
77 kB (76917 bytes)
Hash
bc48830f50049b0cbbe3dd417755a347
e5cdb6545f9b4bce4eeda78f64a714e2de4d0e09
7d56baeec9679114562cdc56d3f28cb9a43263cada11b1f64809851e7a8b1419

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 76917
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-12c75"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/jquery.steps.css

65.21.143.180

200 OK

5.6 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/jquery.steps.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
5.6 kB (5638 bytes)
Hash
a0ed38e9ba9498867df1f62407377def
6d2278f924b80328695e8fe5213b252ae499fc77
70110803124af60b1e1dc1ea3c0408353947b4a0d7000f47873c85287de875d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/jquery.steps.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 5638
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-1606"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/stack-interface.css

65.21.143.180

200 OK

3.1 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/stack-interface.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
Unicode text, UTF-8 text
Size
3.1 kB (3082 bytes)
Hash
6406d626f8bfc1e6815698bfecf9a2f8
a918901be3ab1b9bb4ce9980db521eb4731bb82b
f620d1bf10d3f45a7b19edd4f863090c5dd5031411918508493634c4018e81b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 3082
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-c0a"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/socicon.css

65.21.143.180

200 OK

9.3 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/socicon.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
9.3 kB (9283 bytes)
Hash
b23fff7d228bbe8796ad8b3d280e3401
1a9861031bda4d3c1cb58564107d8b777982750b
17beb90ae4f385180d6b7d184dcb640ccd2a360e4ee03af0254c83b00ef87202

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/socicon.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 9283
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-2443"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/lightbox.min.css

65.21.143.180

200 OK

3.7 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/lightbox.min.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
3.7 kB (3668 bytes)
Hash
40cab6b747df96a8a66f5c0ac4e034dd
85dd24bc614fb1ecaeb873f4e686213aa53927c3
798da60d899fcd9aa5074834d88b63c398dd72af5711ed48d7f68dde8dc8db5e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/lightbox.min.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 3668
Last-Modified: Mon, 28 Sep 2020 15:26:46 GMT
Connection: keep-alive
ETag: "5f7200b6-e54"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/flickity.css

65.21.143.180

200 OK

2.4 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/flickity.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
2.4 kB (2392 bytes)
Hash
5439695b076327f53edcda86d192856b
d938327051f0bf044bc65b68721ad3193bd2ef12
1709404c1e9beb94953cc95fcc3477e7cb4213e03bfe9bbe0f8a37877c1c6e42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/flickity.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 2392
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-958"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/cookiealert.css

65.21.143.180

200 OK

12 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/cookiealert.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (11486), with CRLF line terminators
Size
12 kB (12369 bytes)
Hash
3d2946aeae3cc8f43e2acf82ea029bd4
c25a0bd445ff9e6034d34e8f388f5565515a2783
705d9fc8952ac3bf3d9300e3d9ea6753284cdd920c34be0213ec8bc862df7a28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/cookiealert.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 12369
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-3051"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/custom.css

65.21.143.180

200 OK

8.9 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/custom.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
8.9 kB (8939 bytes)
Hash
2d34677dcb97822f9aba5b99bda85a5b
a379d63073cb978f7ca8393040f3f709556cc202
e42f4e33f6ac2e2a576bb83e540cf63ef44ac4fc01495d08a47697991b1f5458

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/custom.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 8939
Last-Modified: Thu, 30 Mar 2023 04:27:22 GMT
Connection: keep-alive
ETag: "64250faa-22eb"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js

65.21.143.180

200 OK

87 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (32030)
Size
87 kB (86709 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery-3.1.1.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 86709
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-152b5"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/theme/red.css

65.21.143.180

200 OK

201 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/theme/red.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
assembler source, ASCII text
Size
201 kB (200780 bytes)
Hash
9cff116a152b3c016fa75940add96a21
89d1dec321e84a767467a7cb96ec61e621b84a2a
5768e1eaa7d32942d474a1fe8177ec8a40de3302b912108f807c849e76ead99c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme/red.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 200780
Last-Modified: Fri, 09 Jun 2023 18:00:30 GMT
Connection: keep-alive
ETag: "648368be-3104c"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/font-awesome.min.css

65.21.143.180

200 OK

59 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/font-awesome.min.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (58929)
Size
59 kB (59115 bytes)
Hash
66e407beb68fdbb8bacd87d91ddf7829
5ed55601e30871fb757dc4b78a40a432f9a3600b
eb98a660b34391ce502005c6b8553af83defcf0832489134efb499498051d1d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/font-awesome.min.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 59115
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-e6eb"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js

65.21.143.180

200 OK

70 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (768)
Size
70 kB (69604 bytes)
Hash
737f853e9fd6a31d62f5028e88663c9f
cf144f2ab49f53a69fbfe10d3588fc23437d2736
6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.dataTables.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 69604
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-10fe4"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/iconsmind.css

65.21.143.180

200 OK

96 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/iconsmind.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
96 kB (96447 bytes)
Hash
39aa385af1cfd640bac73a09de3ac9fe
6d17dff21d04138cd8ab3ef9dfe1eae79994834c
0909de268b3276cb7464acb2f86701f62974a893dd374312908a3f8efc363438

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/iconsmind.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 96447
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-178bf"
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-D2HXTPWBWQ

142.250.74.168

200 OK

92 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-D2HXTPWBWQ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintC1:58:7C:BF:5A:61:79:08:CB:C2:00:63:60:07:86:BD:EA:0A:45:8A
ValidityMon, 20 Nov 2023 08:02:50 GMT - Mon, 12 Feb 2024 08:02:49 GMT

File type
ASCII text, with very long lines (4179)
Size
92 kB (91653 bytes)
Hash
d5da969351ec91f74b475b6bf07d6930
a827319aa76f490a5e169a18effa8d386ba4c46a
c6557f8ba8b0814f173b052ae09c5d89386010e9dfa5d7c4be6d321db444fc42

HTTP Headers

GET /gtag/js?id=G-D2HXTPWBWQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 09 Dec 2023 14:42:15 GMT
expires: Sat, 09 Dec 2023 14:42:15 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91653
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fileknot.com/themes/spirit/assets/frontend/js/flickity.min.js

65.21.143.180

200 OK

54 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/flickity.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (32032)
Size
54 kB (53861 bytes)
Hash
81a84001ccd9bdd589d1b4f187311b15
5cdf8cb0d97b5b16a5f812e1541ad387a7cb8af5
5a28889b1faf91d12eeb5b5d173c50135eefd7fdc29a951b365340cf473bd9b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/flickity.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 53861
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-d265"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/theme.css

65.21.143.180

200 OK

197 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/theme.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
assembler source, ASCII text
Size
197 kB (197018 bytes)
Hash
dffe46f9563b1df7e079ff40aed68bd6
f6886f1e4383bbc4bcfac1b036b71a6130930758
a9a7db4665ab3edea2abe8c718413e32f7448bcea298fcba7276b545c8d85416

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: text/css
Content-Length: 197018
Last-Modified: Tue, 28 Mar 2023 19:55:48 GMT
Connection: keep-alive
ETag: "64234644-3019a"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/typed.min.js

65.21.143.180

200 OK

3.9 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/typed.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (3949), with no line terminators
Size
3.9 kB (3949 bytes)
Hash
2f6185a8a32a50b2b3e04849f44359d4
0e5501588c5c0d1c9462f34b0d56c21abff5bfef
914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/typed.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 3949
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-f6d"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/datepicker.js

65.21.143.180

200 OK

21 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/datepicker.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (12692), with CRLF line terminators
Size
21 kB (20975 bytes)
Hash
8cfe207a6a21c7495cfb751c761217a6
35d686a6c4ecc9946c35444ce93e110cb0e1611c
804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/datepicker.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 20975
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-51ef"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/granim.min.js

65.21.143.180

200 OK

11 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/granim.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (10573)
Size
11 kB (10634 bytes)
Hash
2c16a9a724563fc0c306abb5bdeb03fe
90c2032537714e66059a3eaa150b93f3c9c80163
997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/granim.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 10634
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-298a"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/jquery.steps.min.js

65.21.143.180

200 OK

14 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (13686)
Size
14 kB (13857 bytes)
Hash
4c5e9f4e84d32b7df69af7420b355e03
14e1e287ec98e8cc0a992ee996783b0c42f9ec0f
c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.steps.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 13857
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-3621"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/countdown.min.js

65.21.143.180

200 OK

5.3 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/countdown.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (4136)
Size
5.3 kB (5339 bytes)
Hash
5d3ff3c3fbaa67cc639501f44eeb07be
bd66e4cd58de09c198e7abc77fa4c883955d189e
2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/countdown.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 5339
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-14db"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js

65.21.143.180

200 OK

6.0 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (4887)
Size
6.0 kB (6006 bytes)
Hash
b67e171349c4716dd7bb15c018a2c8c1
60b204148c0eed83b06043897d1cbd54709eab66
8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/smooth-scroll.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 6006
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-1776"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/scripts.js

65.21.143.180

200 OK

112 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/scripts.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (914)
Size
112 kB (111905 bytes)
Hash
ccd6c308b2b8e36ae154d7bacea4240d
f7d2f7195150771246dd599dbb4ff3bc2f0f2179
fc2a8bf60f1e7577697c0b457c01aeeecfd2b18ea68c93e2d374bf6d95fbe7a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/scripts.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 111905
Last-Modified: Wed, 14 Oct 2020 17:17:02 GMT
Connection: keep-alive
ETag: "5f87328e-1b521"
Accept-Ranges: bytes

fileknot.com/cache/themes/spirit/logo_inverse.png

65.21.143.180

200 OK

6.3 kB

URL GET HTTP/1.1
fileknot.com/cache/themes/spirit/logo_inverse.png
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
PNG image data, 431 x 85, 8-bit colormap, non-interlaced
Size
6.3 kB (6349 bytes)
Hash
0ab8013080ccdd0222f01ead7d6156d9
120d7ed83eba2f0af0b9e956c312dedcc34e00a0
55808b2db6733b9637842fdcd84a95fbd204b0b3fc8d7ba39ae24285efd99e44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cache/themes/spirit/logo_inverse.png HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: image/png
Content-Length: 6349
Last-Modified: Wed, 22 Feb 2023 11:40:31 GMT
Connection: keep-alive
ETag: "63f5ff2f-18cd"
Accept-Ranges: bytes

fileknot.com/cache/themes/spirit/logo.png

65.21.143.180

200 OK

6.3 kB

URL GET HTTP/1.1
fileknot.com/cache/themes/spirit/logo.png
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
PNG image data, 431 x 85, 8-bit colormap, non-interlaced
Size
6.3 kB (6349 bytes)
Hash
0ab8013080ccdd0222f01ead7d6156d9
120d7ed83eba2f0af0b9e956c312dedcc34e00a0
55808b2db6733b9637842fdcd84a95fbd204b0b3fc8d7ba39ae24285efd99e44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cache/themes/spirit/logo.png HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: image/png
Content-Length: 6349
Last-Modified: Wed, 22 Feb 2023 11:40:31 GMT
Connection: keep-alive
ETag: "63f5ff2f-18cd"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/cookiealert.js

65.21.143.180

200 OK

1.8 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/cookiealert.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with CRLF line terminators
Size
1.8 kB (1836 bytes)
Hash
81279e22c8ece9e1d0536a402484daa3
911797507fb12d4f451d5900e32db96ad697c401
5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/cookiealert.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/javascript
Content-Length: 1836
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-72c"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631

65.21.143.180

200 OK

4.3 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 4292, version 1.0
Size
4.3 kB (4292 bytes)
Hash
ae072782b361d2afdbf43db08d3cfb73
f3db2e65b53d97491672f8631e21d6d05905cc88
31205df908aed9881f6d2d3ae7d38975252bf99e38268978b4236dc3c314754b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631 HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/themes/spirit/assets/frontend/css/stack-interface.css
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/octet-stream
Content-Length: 4292
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-10c4"
Accept-Ranges: bytes

fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i

142.250.74.106

200 OK

81 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
gzip compressed data, max compression
Size
81 kB (81231 bytes)
Hash
9e3397f0a97536fa9184b92b2ce9d02f
24e91e810c8775495155eb4dbf14c870b1f78b85
7b9e73b8bb30ac433941ea76b1dac224596fb31a15fd2c3e330f48d5cb34b0fa

HTTP Headers

GET /css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 09 Dec 2023 14:42:15 GMT
date: Sat, 09 Dec 2023 14:42:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.99

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:40:55 GMT
expires: Fri, 06 Dec 2024 15:40:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 169280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.99

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:40:55 GMT
expires: Fri, 06 Dec 2024 15:40:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 169280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

142.250.74.99

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19308, version 1.0
Size
19 kB (19308 bytes)
Hash
0d17dc102f6109715e0d74d9e267cbd7
204a106f9eb8c74953d411f200196c544ed87300
883bd0f053cde78238a0881291e4b6647acd9b3fa73808db5ac83d286bb4b44e

HTTP Headers

GET /s/opensans/v36/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:43:32 GMT
expires: Tue, 03 Dec 2024 23:43:32 GMT
cache-control: public, max-age=31536000
age: 399523
last-modified: Thu, 14 Sep 2023 01:04:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.99

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:40:55 GMT
expires: Fri, 06 Dec 2024 15:40:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 169280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.99

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:40:55 GMT
expires: Fri, 06 Dec 2024 15:40:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 169280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.99

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:40:55 GMT
expires: Fri, 06 Dec 2024 15:40:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 169280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16496, version 1.0
Size
16 kB (16496 bytes)
Hash
10ec04423fabd5abba8e0c43c1cb62dd
031a2355bbb3100025462d681e78d84b962bdc43
fe6c909326c0d229836a972a1b337c193634ab4d734c7169382fc1263081ae1c

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16496
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 04:53:32 GMT
expires: Fri, 06 Dec 2024 04:53:32 GMT
cache-control: public, max-age=31536000
age: 208124
last-modified: Thu, 14 Sep 2023 01:02:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fileknot.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png

65.21.143.180

200 OK

414 B

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
414 B (414 bytes)
Hash
d6cf4209c9507b36a1a4cda6df75dbf3
c83e9be8d522521a03b1c0fe019bbc353d72b6da
5ae1208c61d318ef771c3a8e297edf1e1df1c768cfae2dba35399ee78919559b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/favicon-16x16.png HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:16 GMT
Content-Type: image/png
Content-Length: 414
Last-Modified: Wed, 22 Feb 2023 11:30:49 GMT
Connection: keep-alive
ETag: "63f5fce9-19e"
Accept-Ranges: bytes

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

2.7 kB

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
gzip compressed data, max compression
Size
2.7 kB (2741 bytes)
Hash
52e8cf8f7a0df177fc39791947f7208d
e89e1ee1733e3d15e4058142f246ccfd044fb664
a1dfb8b039c871a976f2f1863d401d66a83cc37cf819f4b150c9941482c3422d

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 09 Dec 2023 14:42:15 GMT
date: Sat, 09 Dec 2023 14:42:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

tm-banners.gamingadult.com/63d3c5010e1df.gif

5.196.166.128

200 OK

304 kB

URL GET HTTP/2
tm-banners.gamingadult.com/63d3c5010e1df.gif
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
GIF image data, version 89a, 728 x 90
Size
304 kB (304285 bytes)
Hash
c6aea87ebe6e4ee9039e330fcc520a23
e36b695849ceabc6f1d6a7e8b2f1da115a088a83
43fe7f1f8933db9c46c9c8db87f86782e35755b0ecadc3addcb33501613bf24b

HTTP Headers

GET /63d3c5010e1df.gif HTTP/1.1
Host: tm-banners.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tm-offers.gamingadult.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 14:42:16 GMT
content-type: image/gif
content-length: 304285
last-modified: Fri, 27 Jan 2023 12:35:12 GMT
etag: "63d3c500-4a49d"
expires: Mon, 08 Jan 2024 14:42:16 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

tm-banners.gamingadult.com/63d3c500be3a1.gif

5.196.166.128

200 OK

296 kB

URL GET HTTP/2
tm-banners.gamingadult.com/63d3c500be3a1.gif
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
GIF image data, version 89a, 728 x 90
Size
296 kB (296136 bytes)
Hash
93183f1ffc359eecf25ff22a646e432e
60834b8cc063279458fa3f45443c1b4efeb3b2e2
0663aae600f9088b87d6b286f952e1ec1ffb0e29219a054d4f86e3227df9c3e0

HTTP Headers

GET /63d3c500be3a1.gif HTTP/1.1
Host: tm-banners.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tm-offers.gamingadult.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 14:42:16 GMT
content-type: image/gif
content-length: 296136
last-modified: Fri, 27 Jan 2023 12:35:12 GMT
etag: "63d3c500-484c8"
expires: Mon, 08 Jan 2024 14:42:16 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e

5.196.166.128

200 OK

498 B

URL GET HTTP/2
tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
HTML document, ASCII text, with very long lines (515), with no line terminators
Size
498 B (498 bytes)
Hash
0435b7b3bc536c99b360fd51d774d08c
03fb2948e3fae0ad33a8189d06ebe55a107346b2
a2321389bdd5dca082ed9fb4842ed5348391b9edba05e1aeb8e2c89577607e1d

HTTP Headers

GET /ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e HTTP/1.1
Host: tm-offers.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 14:42:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gamingadlt.com/pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38102&bid=2643

5.196.166.128

200 OK

43 B

URL GET HTTP/2
gamingadlt.com/pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38102&bid=2643
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

HTTP Headers

GET /pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38102&bid=2643 HTTP/1.1
Host: gamingadlt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tm-offers.gamingadult.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 14:42:16 GMT
content-type: image/gif
X-Firefox-Spdy: h2

fileknot.com/themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2

65.21.143.180

200 OK

80 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 80148, version 331.17301
Size
80 kB (80148 bytes)
Hash
c500da19d776384ba69573ae6fe274e7
6290834672aba86d5b6c1c73b30b57c9c53996f7
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2 HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/themes/spirit/assets/frontend/css/font-awesome.min.css
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:15 GMT
Content-Type: application/octet-stream
Content-Length: 80148
Last-Modified: Mon, 28 Sep 2020 15:26:42 GMT
Connection: keep-alive
ETag: "5f7200b2-13914"
Accept-Ranges: bytes

gamingadlt.com/pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38094&bid=2640

5.196.166.128

200 OK

43 B

URL GET HTTP/2
gamingadlt.com/pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38094&bid=2640
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

HTTP Headers

GET /pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38094&bid=2640 HTTP/1.1
Host: gamingadlt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tm-offers.gamingadult.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 14:42:16 GMT
content-type: image/gif
X-Firefox-Spdy: h2

tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e

5.196.166.128

200 OK

498 B

URL GET HTTP/2
tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
HTML document, ASCII text, with very long lines (515), with no line terminators
Size
498 B (498 bytes)
Hash
78e8e62fe183570d9f0015eb953c5511
8b89fcd2a55384eb643bb48f32ef5ce44af60b0f
91cf2e6f93fbddd4d9fc628da6656c3041c86d97321399801156f8039f31afba

HTTP Headers

GET /ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e HTTP/1.1
Host: tm-offers.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 14:42:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

fileknot.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png

65.21.143.180

200 OK

2.1 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
PNG image data, 180 x 180, 4-bit colormap, non-interlaced
Size
2.1 kB (2085 bytes)
Hash
6c858040fc1bae4bf08173c7bf46fad5
92a564975d224636ab27d77eef8700fd526afe1b
a8b209bd8fd6f2f688cce4bccbc133aa88e23aae70406862163f9aa91b55f0b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/2a6927d2719c5301/Deep_Sleep.7z
Cookie: filehosting=iejl5fistab91b8ga5okoblodo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 09 Dec 2023 14:42:16 GMT
Content-Type: image/png
Content-Length: 2085
Last-Modified: Wed, 22 Feb 2023 11:30:48 GMT
Connection: keep-alive
ETag: "63f5fce8-825"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by