Report - fileknot.com/500e302a4491524c/Assembly-CSharp.zip

Report Overview

Visited public
2023-12-10 09:28:16
Tags
URL
fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Finishing URL
fileknot.com/500e302a4491524c/Assembly-CSharp.zip
IP / ASN
65.21.143.180
#24940 Hetzner Online GmbH
Title
Assembly-CSharp.zip - FileKnot.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-09 07:42:19	939 B	22 kB	142.250.74.106
gamingadlt.com	unknown	2023-09-14	2023-09-28 16:36:39	2023-12-09 15:42:16	1.0 kB	314 B	5.196.166.128
tm-offers.gamingadult.com	175580	2017-06-09	2017-10-09 13:15:14	2023-12-08 06:47:47	1.2 kB	1.3 kB	5.196.166.128
fileknot.com	unknown	2023-02-19	2023-02-20 21:29:45	2023-12-08 06:47:38	16 kB	1.2 MB	65.21.143.180
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-09 07:44:59	431 B	92 kB	142.250.74.136
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-09 06:06:20	3.9 kB	284 kB	216.58.207.227
tm-banners.gamingadult.com	242696	2017-06-09	2017-10-09 13:15:15	2023-12-07 05:41:30	948 B	723 kB	5.196.166.128

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-10 09:27:49	high	Client IP	Internal IP	ET POLICY DNS Query For XXX Adult Site Top Level Domain
2023-12-10 09:27:49	high	Client IP	Internal IP	ET POLICY DNS Query For XXX Adult Site Top Level Domain
2023-12-10 09:27:50	high	Client IP	Internal IP	ET POLICY DNS Query For XXX Adult Site Top Level Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed
2023-12-10	medium	fileknot.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	fileknot.com/themes/spirit/assets/frontend/js/typed.min.js	ScriptElement	3.9 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/typed.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28 Last Seen2025-05-09 08:33 Times Seen3901 Hash 2f6185a8a32a50b2b3e04849f44359d4 0e5501588c5c0d1c9462f34b0d56c21abff5bfef 914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b Loading...

	fileknot.com/themes/spirit/assets/frontend/js/granim.min.js	ScriptElement	11 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/granim.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-09 05:48 Times Seen2623 Hash 2c16a9a724563fc0c306abb5bdeb03fe 90c2032537714e66059a3eaa150b93f3c9c80163 997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e Loading...

	fileknot.com/themes/spirit/assets/frontend/js/cookiealert.js	ScriptElement	1.8 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/cookiealert.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:47 Last Seen2025-05-09 05:48 Times Seen2625 Hash 81279e22c8ece9e1d0536a402484daa3 911797507fb12d4f451d5900e32db96ad697c401 5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab Loading...

	fileknot.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js	ScriptElement	70 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 05:48 Times Seen5342 Hash 737f853e9fd6a31d62f5028e88663c9f cf144f2ab49f53a69fbfe10d3588fc23437d2736 6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841 Loading...

	fileknot.com/themes/spirit/assets/frontend/js/datepicker.js	ScriptElement	21 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/datepicker.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28 Last Seen2025-05-09 08:33 Times Seen3291 Hash 8cfe207a6a21c7495cfb751c761217a6 35d686a6c4ecc9946c35444ce93e110cb0e1611c 804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc Loading...

	fileknot.com/themes/spirit/assets/frontend/js/jquery.steps.min.js	ScriptElement	14 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/jquery.steps.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-09 05:48 Times Seen2663 Hash 4c5e9f4e84d32b7df69af7420b355e03 14e1e287ec98e8cc0a992ee996783b0c42f9ec0f c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d Loading...

	fileknot.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js	ScriptElement	6.0 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-09 05:48 Times Seen2653 Hash b67e171349c4716dd7bb15c018a2c8c1 60b204148c0eed83b06043897d1cbd54709eab66 8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30 Loading...

	fileknot.com/500e302a4491524c/Assembly-CSharp.zip	ScriptElement	44 B	2023-03-07	2025-05-09
Pretty URL fileknot.com/500e302a4491524c/Assembly-CSharp.zip IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:28 Last Seen2025-05-09 08:33 Times Seen3518 Hash 21d884540875fb4d2b8f280c541d092c 9f2a58bb4ff1897269b2df54e333ce35d4435b91 8f75c65a00382bae7799a76f3517023df9a72035e9b469e95469b028d4bd0d0a Loading...

	fileknot.com/500e302a4491524c/Assembly-CSharp.zip	ScriptElement	940 B	2024-08-20	2024-08-20
Pretty URL fileknot.com/500e302a4491524c/Assembly-CSharp.zip IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:12 Last Seen2024-08-20 16:12 Times Seen1 Hash 9e7e101f01a60005104f09ed0fb49a64 bdd763bf7d01d729fdd7e70c0f09aa85a669e0a6 f67a34443d509c0e6dad0d73ccf64f6087312e6c7094e18b57ad572929d08710 Loading...

	fileknot.com/500e302a4491524c/Assembly-CSharp.zip	ScriptElement	292 B	2023-03-07	2025-05-09
Pretty URL fileknot.com/500e302a4491524c/Assembly-CSharp.zip IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:28 Last Seen2025-05-09 08:33 Times Seen3837 Hash f6038f840321581380bcf8e68fbec2ed 9c64ca84baabd04b9994597b90882d8ec7158ba2 fc7d223cc022e6a00869dea89642667579b0ca033afb07bb0070c7b7a0fd23c3 Loading...

	fileknot.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 08:31 Times Seen112198 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	fileknot.com/themes/spirit/assets/frontend/js/flickity.min.js	ScriptElement	54 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/flickity.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-09 05:48 Times Seen2645 Hash 81a84001ccd9bdd589d1b4f187311b15 5cdf8cb0d97b5b16a5f812e1541ad387a7cb8af5 5a28889b1faf91d12eeb5b5d173c50135eefd7fdc29a951b365340cf473bd9b2 Loading...

	fileknot.com/themes/spirit/assets/frontend/js/scripts.js	ScriptElement	112 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/scripts.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:47 Last Seen2025-05-09 05:48 Times Seen2563 Hash ccd6c308b2b8e36ae154d7bacea4240d f7d2f7195150771246dd599dbb4ff3bc2f0f2179 fc2a8bf60f1e7577697c0b457c01aeeecfd2b18ea68c93e2d374bf6d95fbe7a0 Loading...

	www.googletagmanager.com/gtag/js?id=G-D2HXTPWBWQ	ScriptElement	274 kB	2023-12-10	2023-12-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-D2HXTPWBWQ IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 10:28 Last Seen2023-12-10 10:28 Times Seen1 Hash 7d1127d799785b99b40eae5c1c4b1b9e dca5b655edd64699cb03c3aff765155d46a08458 9419d02908f466bfff7d3d8a2db93b7fcbcd98423d53ca817fd187e6d872e73b Loading...

	fileknot.com/themes/spirit/assets/frontend/js/countdown.min.js	ScriptElement	5.3 kB	2023-03-07	2025-05-09
Pretty URL fileknot.com/themes/spirit/assets/frontend/js/countdown.min.js IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 05:48 Times Seen4609 Hash 5d3ff3c3fbaa67cc639501f44eeb07be bd66e4cd58de09c198e7abc77fa4c883955d189e 2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f Loading...

	fileknot.com/500e302a4491524c/Assembly-CSharp.zip	ScriptElement	153 B	2023-03-26	2024-08-21
Pretty URL fileknot.com/500e302a4491524c/Assembly-CSharp.zip IP 65.21.143.180 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 07:02 Last Seen2024-08-21 09:44 Times Seen1132 Hash 1b43df5cc9b9abbbb15743ae0347abfc c5df8b4705ba37c66ab957257d70b9bdd6a2f5d7 2bd1b5a19d18d25846cc1306dab2232fe45e42d455daef5fdbd337edc73d14fc Loading...

HTTP Transactions (46)

URL IP Response Size

fileknot.com/500e302a4491524c/Assembly-CSharp.zip

65.21.143.180

200 OK

4.6 kB

URL User Request GET HTTP/1.1
fileknot.com/500e302a4491524c/Assembly-CSharp.zip
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with CRLF, LF line terminators
Size
4.6 kB (4588 bytes)
Hash
2756d44bce59db0d37fe76fdd5f4727f
32c07857825e4f0224dc705bc5072baa6a76c40e
8c3083e353dcb1c22fd7426d5dab72a522744b100abb23927127996a45dff6ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500e302a4491524c/Assembly-CSharp.zip HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd; expires=Mon, 11-Dec-2023 09:27:48 GMT; Max-Age=86400; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, no-cache, private
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Encoding: gzip

fileknot.com/themes/spirit/assets/frontend/css/bootstrap.min.css

65.21.143.180

200 OK

77 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/bootstrap.min.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (65324)
Size
77 kB (76917 bytes)
Hash
bc48830f50049b0cbbe3dd417755a347
e5cdb6545f9b4bce4eeda78f64a714e2de4d0e09
7d56baeec9679114562cdc56d3f28cb9a43263cada11b1f64809851e7a8b1419

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 76917
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-12c75"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/jquery.steps.css

65.21.143.180

200 OK

5.6 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/jquery.steps.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
5.6 kB (5638 bytes)
Hash
a0ed38e9ba9498867df1f62407377def
6d2278f924b80328695e8fe5213b252ae499fc77
70110803124af60b1e1dc1ea3c0408353947b4a0d7000f47873c85287de875d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/jquery.steps.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 5638
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-1606"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/stack-interface.css

65.21.143.180

200 OK

3.1 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/stack-interface.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
Unicode text, UTF-8 text
Size
3.1 kB (3082 bytes)
Hash
6406d626f8bfc1e6815698bfecf9a2f8
a918901be3ab1b9bb4ce9980db521eb4731bb82b
f620d1bf10d3f45a7b19edd4f863090c5dd5031411918508493634c4018e81b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 3082
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-c0a"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/socicon.css

65.21.143.180

200 OK

9.3 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/socicon.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
9.3 kB (9283 bytes)
Hash
b23fff7d228bbe8796ad8b3d280e3401
1a9861031bda4d3c1cb58564107d8b777982750b
17beb90ae4f385180d6b7d184dcb640ccd2a360e4ee03af0254c83b00ef87202

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/socicon.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 9283
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-2443"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/cookiealert.css

65.21.143.180

200 OK

12 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/cookiealert.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (11486), with CRLF line terminators
Size
12 kB (12369 bytes)
Hash
3d2946aeae3cc8f43e2acf82ea029bd4
c25a0bd445ff9e6034d34e8f388f5565515a2783
705d9fc8952ac3bf3d9300e3d9ea6753284cdd920c34be0213ec8bc862df7a28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/cookiealert.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 12369
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-3051"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/lightbox.min.css

65.21.143.180

200 OK

3.7 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/lightbox.min.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
3.7 kB (3668 bytes)
Hash
40cab6b747df96a8a66f5c0ac4e034dd
85dd24bc614fb1ecaeb873f4e686213aa53927c3
798da60d899fcd9aa5074834d88b63c398dd72af5711ed48d7f68dde8dc8db5e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/lightbox.min.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 3668
Last-Modified: Mon, 28 Sep 2020 15:26:46 GMT
Connection: keep-alive
ETag: "5f7200b6-e54"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/flickity.css

65.21.143.180

200 OK

2.4 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/flickity.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
2.4 kB (2392 bytes)
Hash
5439695b076327f53edcda86d192856b
d938327051f0bf044bc65b68721ad3193bd2ef12
1709404c1e9beb94953cc95fcc3477e7cb4213e03bfe9bbe0f8a37877c1c6e42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/flickity.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 2392
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-958"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/custom.css

65.21.143.180

200 OK

8.9 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/custom.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
8.9 kB (8939 bytes)
Hash
2d34677dcb97822f9aba5b99bda85a5b
a379d63073cb978f7ca8393040f3f709556cc202
e42f4e33f6ac2e2a576bb83e540cf63ef44ac4fc01495d08a47697991b1f5458

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/custom.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 8939
Last-Modified: Thu, 30 Mar 2023 04:27:22 GMT
Connection: keep-alive
ETag: "64250faa-22eb"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/font-awesome.min.css

65.21.143.180

200 OK

59 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/font-awesome.min.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (58929)
Size
59 kB (59115 bytes)
Hash
66e407beb68fdbb8bacd87d91ddf7829
5ed55601e30871fb757dc4b78a40a432f9a3600b
eb98a660b34391ce502005c6b8553af83defcf0832489134efb499498051d1d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/font-awesome.min.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 59115
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-e6eb"
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-D2HXTPWBWQ

142.250.74.136

200 OK

92 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-D2HXTPWBWQ
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintC1:58:7C:BF:5A:61:79:08:CB:C2:00:63:60:07:86:BD:EA:0A:45:8A
ValidityMon, 20 Nov 2023 08:02:50 GMT - Mon, 12 Feb 2024 08:02:49 GMT

File type
ASCII text, with very long lines (4179)
Size
92 kB (91629 bytes)
Hash
7d1127d799785b99b40eae5c1c4b1b9e
dca5b655edd64699cb03c3aff765155d46a08458
9419d02908f466bfff7d3d8a2db93b7fcbcd98423d53ca817fd187e6d872e73b

HTTP Headers

GET /gtag/js?id=G-D2HXTPWBWQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 10 Dec 2023 09:27:49 GMT
expires: Sun, 10 Dec 2023 09:27:49 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91629
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fileknot.com/themes/spirit/assets/frontend/js/flickity.min.js

65.21.143.180

200 OK

54 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/flickity.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (32032)
Size
54 kB (53861 bytes)
Hash
81a84001ccd9bdd589d1b4f187311b15
5cdf8cb0d97b5b16a5f812e1541ad387a7cb8af5
5a28889b1faf91d12eeb5b5d173c50135eefd7fdc29a951b365340cf473bd9b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/flickity.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 53861
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-d265"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/theme.css

65.21.143.180

200 OK

197 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/theme.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
assembler source text - assembler source, ASCII text
Size
197 kB (197018 bytes)
Hash
dffe46f9563b1df7e079ff40aed68bd6
f6886f1e4383bbc4bcfac1b036b71a6130930758
a9a7db4665ab3edea2abe8c718413e32f7448bcea298fcba7276b545c8d85416

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 197018
Last-Modified: Tue, 28 Mar 2023 19:55:48 GMT
Connection: keep-alive
ETag: "64234644-3019a"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/theme/red.css

65.21.143.180

200 OK

201 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/theme/red.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
assembler source text - assembler source, ASCII text
Size
201 kB (200780 bytes)
Hash
9cff116a152b3c016fa75940add96a21
89d1dec321e84a767467a7cb96ec61e621b84a2a
5768e1eaa7d32942d474a1fe8177ec8a40de3302b912108f807c849e76ead99c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme/red.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 200780
Last-Modified: Fri, 09 Jun 2023 18:00:30 GMT
Connection: keep-alive
ETag: "648368be-3104c"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js

65.21.143.180

200 OK

70 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (768)
Size
70 kB (69604 bytes)
Hash
737f853e9fd6a31d62f5028e88663c9f
cf144f2ab49f53a69fbfe10d3588fc23437d2736
6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.dataTables.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 69604
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-10fe4"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/css/iconsmind.css

65.21.143.180

200 OK

96 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/css/iconsmind.css
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text
Size
96 kB (96447 bytes)
Hash
39aa385af1cfd640bac73a09de3ac9fe
6d17dff21d04138cd8ab3ef9dfe1eae79994834c
0909de268b3276cb7464acb2f86701f62974a893dd374312908a3f8efc363438

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/css/iconsmind.css HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: text/css
Content-Length: 96447
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-178bf"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/typed.min.js

65.21.143.180

200 OK

3.9 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/typed.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (3949), with no line terminators
Size
3.9 kB (3949 bytes)
Hash
2f6185a8a32a50b2b3e04849f44359d4
0e5501588c5c0d1c9462f34b0d56c21abff5bfef
914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/typed.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 3949
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-f6d"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js

65.21.143.180

200 OK

87 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (32030)
Size
87 kB (86709 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery-3.1.1.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 86709
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-152b5"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/datepicker.js

65.21.143.180

200 OK

21 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/datepicker.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (12692), with CRLF line terminators
Size
21 kB (20975 bytes)
Hash
8cfe207a6a21c7495cfb751c761217a6
35d686a6c4ecc9946c35444ce93e110cb0e1611c
804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/datepicker.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 20975
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-51ef"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/granim.min.js

65.21.143.180

200 OK

11 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/granim.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (10573)
Size
11 kB (10634 bytes)
Hash
2c16a9a724563fc0c306abb5bdeb03fe
90c2032537714e66059a3eaa150b93f3c9c80163
997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/granim.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 10634
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-298a"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/jquery.steps.min.js

65.21.143.180

200 OK

14 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (13686)
Size
14 kB (13857 bytes)
Hash
4c5e9f4e84d32b7df69af7420b355e03
14e1e287ec98e8cc0a992ee996783b0c42f9ec0f
c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.steps.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 13857
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-3621"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/countdown.min.js

65.21.143.180

200 OK

5.3 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/countdown.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (4136)
Size
5.3 kB (5339 bytes)
Hash
5d3ff3c3fbaa67cc639501f44eeb07be
bd66e4cd58de09c198e7abc77fa4c883955d189e
2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/countdown.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 5339
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-14db"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js

65.21.143.180

200 OK

6.0 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (4887)
Size
6.0 kB (6006 bytes)
Hash
b67e171349c4716dd7bb15c018a2c8c1
60b204148c0eed83b06043897d1cbd54709eab66
8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/smooth-scroll.min.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 6006
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-1776"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/cookiealert.js

65.21.143.180

200 OK

1.8 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/cookiealert.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with CRLF line terminators
Size
1.8 kB (1836 bytes)
Hash
81279e22c8ece9e1d0536a402484daa3
911797507fb12d4f451d5900e32db96ad697c401
5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/cookiealert.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 1836
Last-Modified: Mon, 28 Sep 2020 15:26:40 GMT
Connection: keep-alive
ETag: "5f7200b0-72c"
Accept-Ranges: bytes

fileknot.com/cache/themes/spirit/logo_inverse.png

65.21.143.180

200 OK

6.3 kB

URL GET HTTP/1.1
fileknot.com/cache/themes/spirit/logo_inverse.png
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
PNG image data, 431 x 85, 8-bit colormap, non-interlaced - data
Size
6.3 kB (6349 bytes)
Hash
0ab8013080ccdd0222f01ead7d6156d9
120d7ed83eba2f0af0b9e956c312dedcc34e00a0
55808b2db6733b9637842fdcd84a95fbd204b0b3fc8d7ba39ae24285efd99e44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cache/themes/spirit/logo_inverse.png HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: image/png
Content-Length: 6349
Last-Modified: Wed, 22 Feb 2023 11:40:31 GMT
Connection: keep-alive
ETag: "63f5ff2f-18cd"
Accept-Ranges: bytes

fileknot.com/cache/themes/spirit/logo.png

65.21.143.180

200 OK

6.3 kB

URL GET HTTP/1.1
fileknot.com/cache/themes/spirit/logo.png
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
PNG image data, 431 x 85, 8-bit colormap, non-interlaced - data
Size
6.3 kB (6349 bytes)
Hash
0ab8013080ccdd0222f01ead7d6156d9
120d7ed83eba2f0af0b9e956c312dedcc34e00a0
55808b2db6733b9637842fdcd84a95fbd204b0b3fc8d7ba39ae24285efd99e44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cache/themes/spirit/logo.png HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: image/png
Content-Length: 6349
Last-Modified: Wed, 22 Feb 2023 11:40:31 GMT
Connection: keep-alive
ETag: "63f5ff2f-18cd"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/js/scripts.js

65.21.143.180

200 OK

112 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/js/scripts.js
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
ASCII text, with very long lines (914)
Size
112 kB (111905 bytes)
Hash
ccd6c308b2b8e36ae154d7bacea4240d
f7d2f7195150771246dd599dbb4ff3bc2f0f2179
fc2a8bf60f1e7577697c0b457c01aeeecfd2b18ea68c93e2d374bf6d95fbe7a0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/js/scripts.js HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/javascript
Content-Length: 111905
Last-Modified: Wed, 14 Oct 2020 17:17:02 GMT
Connection: keep-alive
ETag: "5f87328e-1b521"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631

65.21.143.180

200 OK

4.3 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 4292, version 1.0 - data
Size
4.3 kB (4292 bytes)
Hash
ae072782b361d2afdbf43db08d3cfb73
f3db2e65b53d97491672f8631e21d6d05905cc88
31205df908aed9881f6d2d3ae7d38975252bf99e38268978b4236dc3c314754b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631 HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/themes/spirit/assets/frontend/css/stack-interface.css
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/octet-stream
Content-Length: 4292
Last-Modified: Mon, 28 Sep 2020 15:26:44 GMT
Connection: keep-alive
ETag: "5f7200b4-10c4"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2

65.21.143.180

200 OK

80 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 80148, version 331.17301 - data
Size
80 kB (80148 bytes)
Hash
c500da19d776384ba69573ae6fe274e7
6290834672aba86d5b6c1c73b30b57c9c53996f7
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2 HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/themes/spirit/assets/frontend/css/font-awesome.min.css
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:49 GMT
Content-Type: application/octet-stream
Content-Length: 80148
Last-Modified: Mon, 28 Sep 2020 15:26:42 GMT
Connection: keep-alive
ETag: "5f7200b2-13914"
Accept-Ranges: bytes

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 275212
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 275212
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 275212
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 275212
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0 - data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:00:58 GMT
expires: Fri, 06 Dec 2024 05:00:58 GMT
cache-control: public, max-age=31536000
age: 275212
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19308, version 1.0 - data
Size
19 kB (19308 bytes)
Hash
0d17dc102f6109715e0d74d9e267cbd7
204a106f9eb8c74953d411f200196c544ed87300
883bd0f053cde78238a0881291e4b6647acd9b3fa73808db5ac83d286bb4b44e

HTTP Headers

GET /s/opensans/v36/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:53:12 GMT
expires: Fri, 06 Dec 2024 15:53:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 01:04:07 GMT
content-type: font/woff2
age: 236078
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16496, version 1.0 - data
Size
16 kB (16496 bytes)
Hash
10ec04423fabd5abba8e0c43c1cb62dd
031a2355bbb3100025462d681e78d84b962bdc43
fe6c909326c0d229836a972a1b337c193634ab4d734c7169382fc1263081ae1c

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fileknot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16496
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:42:27 GMT
expires: Fri, 06 Dec 2024 15:42:27 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 01:02:42 GMT
content-type: font/woff2
age: 236723
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fileknot.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png

65.21.143.180

200 OK

414 B

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced - data
Size
414 B (414 bytes)
Hash
d6cf4209c9507b36a1a4cda6df75dbf3
c83e9be8d522521a03b1c0fe019bbc353d72b6da
5ae1208c61d318ef771c3a8e297edf1e1df1c768cfae2dba35399ee78919559b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/favicon-16x16.png HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd; _ga_D2HXTPWBWQ=GS1.1.1702200470.1.0.1702200470.0.0.0; _ga=GA1.1.1182910835.1702200470
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:50 GMT
Content-Type: image/png
Content-Length: 414
Last-Modified: Wed, 22 Feb 2023 11:30:49 GMT
Connection: keep-alive
ETag: "63f5fce9-19e"
Accept-Ranges: bytes

fileknot.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png

65.21.143.180

200 OK

2.1 kB

URL GET HTTP/1.1
fileknot.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
IP
65.21.143.180:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectfileknot.com
Fingerprint91:30:9B:25:16:8A:6A:61:8A:86:00:C2:14:56:82:3A:47:C6:A3:98
ValiditySun, 19 Nov 2023 19:55:37 GMT - Sat, 17 Feb 2024 19:55:36 GMT

File type
PNG image data, 180 x 180, 4-bit colormap, non-interlaced - data
Size
2.1 kB (2085 bytes)
Hash
6c858040fc1bae4bf08173c7bf46fad5
92a564975d224636ab27d77eef8700fd526afe1b
a8b209bd8fd6f2f688cce4bccbc133aa88e23aae70406862163f9aa91b55f0b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png HTTP/1.1
Host: fileknot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Cookie: filehosting=fcllrj0feskcvj7qtiaddeqrnd; _ga_D2HXTPWBWQ=GS1.1.1702200470.1.0.1702200470.0.0.0; _ga=GA1.1.1182910835.1702200470
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 10 Dec 2023 09:27:50 GMT
Content-Type: image/png
Content-Length: 2085
Last-Modified: Wed, 22 Feb 2023 11:30:48 GMT
Connection: keep-alive
ETag: "63f5fce8-825"
Accept-Ranges: bytes

tm-banners.gamingadult.com/6476f5f5a983d.gif

5.196.166.128

200 OK

361 kB

URL GET HTTP/2
tm-banners.gamingadult.com/6476f5f5a983d.gif
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
GIF image data, version 89a, 728 x 90 - data
Size
361 kB (361000 bytes)
Hash
224367cc8f6a9c943a0b4616ef695088
c4ed82b86b55c52d57a4812e93fad31a70f1431d
d05d08220a282c6bafe8e5c0008b36d0d64ef3049b364389569cc4737646b302

HTTP Headers

GET /6476f5f5a983d.gif HTTP/1.1
Host: tm-banners.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tm-offers.gamingadult.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 10 Dec 2023 09:27:50 GMT
content-type: image/gif
content-length: 361000
last-modified: Wed, 31 May 2023 07:23:33 GMT
etag: "6476f5f5-58228"
expires: Tue, 09 Jan 2024 09:27:50 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

tm-banners.gamingadult.com/6476f5f5a983d.gif

5.196.166.128

200 OK

361 kB

URL GET HTTP/2
tm-banners.gamingadult.com/6476f5f5a983d.gif
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
GIF image data, version 89a, 728 x 90 - data
Size
361 kB (361000 bytes)
Hash
224367cc8f6a9c943a0b4616ef695088
c4ed82b86b55c52d57a4812e93fad31a70f1431d
d05d08220a282c6bafe8e5c0008b36d0d64ef3049b364389569cc4737646b302

HTTP Headers

GET /6476f5f5a983d.gif HTTP/1.1
Host: tm-banners.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tm-offers.gamingadult.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 10 Dec 2023 09:27:50 GMT
content-type: image/gif
content-length: 361000
last-modified: Wed, 31 May 2023 07:23:33 GMT
etag: "6476f5f5-58228"
expires: Tue, 09 Jan 2024 09:27:50 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 10 Dec 2023 09:27:49 GMT
date: Sun, 10 Dec 2023 09:27:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i

142.250.74.106

200 OK

20 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text
Size
20 kB (20235 bytes)
Hash
c1ee942d9e8618743da7880c448a4063
28e5fd4fc67bab9dadd97898fb41b02aa6167d37
57907596387af97ba3585ca324570ef46e83cd57f597052a1972ab4eb6dc414c

HTTP Headers

GET /css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 10 Dec 2023 09:27:49 GMT
date: Sun, 10 Dec 2023 09:27:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gamingadlt.com/pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38105&bid=2644

5.196.166.128

200 OK

43 B

URL GET HTTP/2
gamingadlt.com/pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38105&bid=2644
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
GIF image data, version 89a, 1 x 1 - data
Size
43 B (43 bytes)
Hash
57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

HTTP Headers

GET /pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38105&bid=2644 HTTP/1.1
Host: gamingadlt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tm-offers.gamingadult.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 10 Dec 2023 09:27:50 GMT
content-type: image/gif
X-Firefox-Spdy: h2

tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e

5.196.166.128

200 OK

498 B

URL GET HTTP/2
tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (515), with no line terminators
Size
498 B (498 bytes)
Hash
a7b48fa80a7a298e279a94d3ad397e91
14d41acbce040c9e601e56fcb5b783a14581a407
d754a4efd681041bc4fc13b53983f33d248e4d040e7053018e761c80196e9873

HTTP Headers

GET /ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e HTTP/1.1
Host: tm-offers.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 10 Dec 2023 09:27:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gamingadlt.com/pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38104&bid=2644

5.196.166.128

200 OK

43 B

URL GET HTTP/2
gamingadlt.com/pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38104&bid=2644
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
GIF image data, version 89a, 1 x 1 - data
Size
43 B (43 bytes)
Hash
57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

HTTP Headers

GET /pixel/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e&lp=38104&bid=2644 HTTP/1.1
Host: gamingadlt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tm-offers.gamingadult.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 10 Dec 2023 09:27:50 GMT
content-type: image/gif
X-Firefox-Spdy: h2

tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e

5.196.166.128

200 OK

498 B

URL GET HTTP/2
tm-offers.gamingadult.com/ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e
IP
5.196.166.128:443
ASN
#16276 OVH SAS

Requested by
https://fileknot.com/500e302a4491524c/Assembly-CSharp.zip
Certificate
IssuerLet's Encrypt
Subjectgamingadlt.com
Fingerprint9A:4B:D5:37:BD:29:ED:8C:AD:BB:A6:D0:AF:DB:F6:D2:36:7E:35:60
ValidityMon, 27 Nov 2023 20:13:26 GMT - Sun, 25 Feb 2024 20:13:25 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (515), with no line terminators
Size
498 B (498 bytes)
Hash
3e4c068ab1936fe8ceb46d163ae26c8b
3faf574403f4a50208444c5df70b58724f7fb037
e8db80562cef9bedc512daaf709f884f973aba0970e76ee8cf22cd37dec75772

HTTP Headers

GET /ifr/?bs=10&offer=3971&uid=05e9454c-3af8-4f8e-af48-6a5ad2755e2e HTTP/1.1
Host: tm-offers.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fileknot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 10 Dec 2023 09:27:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by