ppcnt.net/go.php?id=15&website_id=367374&token=ODVmekVrRy9QTUtIVHMwQk1Fc3JKdWpkU25BRW1lcHZHVzRTRE01V2dGQT0=
301 Moved Permanently 0 B URL HTTP/1.1 ppcnt.net/go.php?id=15&website_id=367374&token=ODVmekVrRy9QTUtIVHMwQk1Fc3JKdWpkU25BRW1lcHZHVzRTRE01V2dGQT0=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go.php?id=15&website_id=367374&token=ODVmekVrRy9QTUtIVHMwQk1Fc3JKdWpkU25BRW1lcHZHVzRTRE01V2dGQT0= HTTP/1.1
Host: ppcnt.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 02 Feb 2023 23:33:31 GMT
Location: https://ppcnt.net/go.php?id=15&website_id=367374&token=ODVmekVrRy9QTUtIVHMwQk1Fc3JKdWpkU25BRW1lcHZHVzRTRE01V2dGQT0=
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIg%2FixKu4Zf5tu6IP6zfzdu4Nbqpjhq7bQ31K%2FUKyh4Ppukw2V%2FNAw2NbGJ0NW%2BELQ8UmuSoDaSHLQI%2F3iqfJRsRjP04MKk9m0iIXIbOuvMoip3tv9QANonjlPA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793663947eceb500-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9916
Expires: Fri, 03 Feb 2023 01:18:47 GMT
Date: Thu, 02 Feb 2023 22:33:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ec47f9eed203ae063b9c210009de54a9
19ff156471b9cffbc2432c5b65543bdd18e36271
3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7852
Expires: Fri, 03 Feb 2023 00:44:23 GMT
Date: Thu, 02 Feb 2023 22:33:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10875
Expires: Fri, 03 Feb 2023 01:34:46 GMT
Date: Thu, 02 Feb 2023 22:33:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 21:43:32 GMT
content-type: application/json
age: 2999
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fFwCBurUUJB/WwTBA/IclrtbBL66qEN0SvHd5nAz2GoNsEO4qWpvh+ycPTcvtscJxQhIELALv00=
x-amz-request-id: RKHJ92ZZHM6K458S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 22:23:17 GMT
age: 614
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash aa8ab929fe895146320437f136c0c450
606c7fce3d75a1752ab5bee4a16086d8b0e125ec
9fdda7ba2fcd8749f65b825754a2724d0e2012ed314f51c7bcb1e293e3671881
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9FDDA7BA2FCD8749F65B825754A2724D0E2012ED314F51C7BCB1E293E3671881"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19420
Expires: Fri, 03 Feb 2023 03:57:12 GMT
Date: Thu, 02 Feb 2023 22:33:32 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 22:33:31 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 22:07:19 GMT
age: 1573
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15197
Expires: Fri, 03 Feb 2023 02:46:49 GMT
Date: Thu, 02 Feb 2023 22:33:32 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash a9c145a196aa7ccf571aa392d0638771
c5f6aa08bbb4d85f62e5aa542a7e2f7705cbc850
8aae558526cb07922968adf3bc05d5e161ad14162a19288d9a78ef13a000d39a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 02 Feb 2023 22:33:32 GMT
Last-Modified: Thu, 02 Feb 2023 21:14:51 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jzpm5KtczHCc2BvG7JVAUcSAiWpvA0Zv1hdJVwYIACtpoVNT7BY14w==
Age: 4721
webapk.s3.amazonaws.com/apk.html?367374
200 OK 6.5 kB URL HTTP/1.1 webapk.s3.amazonaws.com/apk.html?367374
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 5616e9f2be08e8f094be3ed309c5a2d8
bc3eb7c6267cbf2b919ad58ca20f286936ce9fc9
e7ed0216cd0bfd1e2962edbbffa155035edad75309e2598c78994cebeac77ebb
GET /apk.html?367374 HTTP/1.1
Host: webapk.s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: vY2r7EhfPtdmo36sTzzNb2ulALNB37+p5GrtoV59P9pl6IZwIDC9zQOuqUuIRqTD6YYFGKsgzTc=
x-amz-request-id: 9TXY93C2267W9PGM
Date: Thu, 02 Feb 2023 22:33:33 GMT
Last-Modified: Thu, 02 Feb 2023 13:29:13 GMT
ETag: "5616e9f2be08e8f094be3ed309c5a2d8"
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 6473
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5Mt6XLcaOvyIIF912o8NEA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZRvJ921AV69sHPvt98M8Gh1xmfI=
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 22:33:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 22:33:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-82078357-16
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-82078357-16
IP
File type ASCII text, with very long lines (1759)
Hash cac2840b7e868a4e036c7e22c0c873c2
6edb050bad115469206aa53a9700f9c8683a35bc
5b7ab226c98ac99d63af5c08ab35eee1db779121bc8d0371ca0041222d16d8f9
GET /gtag/js?id=UA-82078357-16 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 Feb 2023 22:33:33 GMT
expires: Thu, 02 Feb 2023 22:33:33 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 Feb 2023 21:28:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43943
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP
File type ASCII text, with very long lines (32180)
Hash f16500423cc2867eff8b773df637c48f
1cd32d75b59a89c3a70274e383151a61ce0594f4
6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 19:25:14 GMT
expires: Thu, 01 Feb 2024 19:25:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 97699
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 22:33:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 22:33:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2753e6c626df48c4615b18197d0cd2f2
06cc271de71d2d9483193a4b03297f6f00f16967
5ea8c31d8bae23e6d496e86fabd8a677d10945799bb43ff29321d1ca5dac0571
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 02 Feb 2023 22:33:33 GMT
Last-Modified: Thu, 02 Feb 2023 21:40:21 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Vlt-Ow34fC5xBroZtNDpVEEdrTTGcckIYKJibo_no73XutmvGqHELw==
Age: 3193
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 2753e6c626df48c4615b18197d0cd2f2
06cc271de71d2d9483193a4b03297f6f00f16967
5ea8c31d8bae23e6d496e86fabd8a677d10945799bb43ff29321d1ca5dac0571
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 02 Feb 2023 22:33:33 GMT
Last-Modified: Thu, 02 Feb 2023 21:41:51 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2SG80ceh9hTmTcNOzPs_WJTFzOEO1JSJiPtqBUqiJl-BJQBzI8UdNQ==
Age: 3102
s3.dosya.tc/pushlommy.com/ntfc.php?p=2138769
301 Moved Permanently 260 B URL HTTP/1.1 s3.dosya.tc/pushlommy.com/ntfc.php?p=2138769
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1cb025ce24e1e0767c677ddba021c8a9
eecdf7aa981e917eab8c87bf6a648cc6289d95fd
f0b139cc9ae3e54acd88665d497a94196ce2efa9223aba256b9b5ba8ec0cacaa
GET /pushlommy.com/ntfc.php?p=2138769 HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:33 GMT
Server: Apache
Location: http://www.dosya.tc/pushlommy.com/ntfc.php?p=2138769
Content-Length: 260
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
oyunindirsene.s3.eu-central-1.amazonaws.com/style.css?1
200 OK 15 kB URL HTTP/1.1 oyunindirsene.s3.eu-central-1.amazonaws.com/style.css?1
IP
File type assembler source, ASCII text
Hash a23364fc963fb50250eee6db9a922524
f9480004f6c2659d2e948c43acb11f24ecf66c88
6a04c56a6c682324f8decb0c3e75db68b7b5ff7e391d84ba442e478804efa888
GET /style.css?1 HTTP/1.1
Host: oyunindirsene.s3.eu-central-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: qa/KcX6TLlmfYq1es1xhNA9iWfGNm/JfNXLQYkw4RxxGczC8C2VM8EQJ/G6nNHk7Wdq0BqjV3uhDDLIwQYMayQ==
x-amz-request-id: 6C2Y23S194YK3TPX
Date: Thu, 02 Feb 2023 22:33:34 GMT
Last-Modified: Tue, 02 Jun 2020 18:21:55 GMT
ETag: "a23364fc963fb50250eee6db9a922524"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Content-Length: 14849
oyunindirsene.s3.eu-central-1.amazonaws.com/bootstrap.css
200 OK 142 kB URL HTTP/1.1 oyunindirsene.s3.eu-central-1.amazonaws.com/bootstrap.css
IP
File type ASCII text, with very long lines (540)
Size 142 kB (141622 bytes)
Hash 2183d05f5a0a9a3b2e8cb0509ca363e3
f2183455571b19311a235bd5aa204e694ade8e94
c942686010e285633d77a24341c43850ccd6162fcc7e8281ae8a70c2921a9af5
GET /bootstrap.css HTTP/1.1
Host: oyunindirsene.s3.eu-central-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: P8HkqaJRpiEl0CvAjawcy+tMrMyWOsfHurFsxHHwYaqrt1TbR5o0JcLQE1Jq0cWy2XUtUDDz86BXViELVmJxug==
x-amz-request-id: 6C2JRE1CN44CKR9D
Date: Thu, 02 Feb 2023 22:33:34 GMT
Last-Modified: Tue, 02 Jun 2020 18:16:39 GMT
ETag: "2183d05f5a0a9a3b2e8cb0509ca363e3"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Content-Length: 141622
s3.dosya.tc/images/download-img.png
301 Moved Permanently 251 B URL HTTP/1.1 s3.dosya.tc/images/download-img.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 98fe437be7b0dad9e866ba2b35cee829
8034fbe752b8b75b0170039a6576f16a647d946e
9310169e01b82ea1cbb65856b3693ea0c6dce3042104fffe12067fb99853eef0
GET /images/download-img.png HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:33 GMT
Server: Apache
Location: http://www.dosya.tc/images/download-img.png
Content-Length: 251
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3.dosya.tc/images/footer-icon1.png
301 Moved Permanently 251 B URL HTTP/1.1 s3.dosya.tc/images/footer-icon1.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4ae8e4e4ab7b685df17bb43a4bcd88cb
76b3b029f1c464d74d26e2ae83bf57dd445e3f6b
006f452026c73d551e9194365d07868c0bb753ab30654431667727a3d57882e3
GET /images/footer-icon1.png HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:33 GMT
Server: Apache
Location: http://www.dosya.tc/images/footer-icon1.png
Content-Length: 251
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3.dosya.tc/images/footer-icon3.png
301 Moved Permanently 251 B URL HTTP/1.1 s3.dosya.tc/images/footer-icon3.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d478a1884ff8fd2c941228e6ce510623
5c1ce4da8ecc57026e42ddef95dd7948f0dad08b
0c7ab4e3ac8fa555a62c135026cade95b7cc3453bb57c6917eb142a1cc19c408
GET /images/footer-icon3.png HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:33 GMT
Server: Apache
Location: http://www.dosya.tc/images/footer-icon3.png
Content-Length: 251
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3.dosya.tc/images/background.jpg
301 Moved Permanently 249 B URL HTTP/1.1 s3.dosya.tc/images/background.jpg
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 83465a623e08977cb9dae0c5b45fa3a8
8c03e6906cb3c9452ca5d425becaf57464421794
70f3f64418741a2b4ec0ceff6c33818f3413fa90f36567a7479d135f86c6d248
GET /images/background.jpg HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oyunindirsene.s3.eu-central-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:33 GMT
Server: Apache
Location: http://www.dosya.tc/images/background.jpg
Content-Length: 249
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3.dosya.tc/images/menu-ayrac.png
301 Moved Permanently 249 B URL HTTP/1.1 s3.dosya.tc/images/menu-ayrac.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6b3c1ebbd70e33901e0046d549878720
ce91bd4c1d79286fa911af6aebe72331730bbc15
dacc419a70fc2b6e987989e164efd13b33cdae0f69ca873f25352209b050425a
GET /images/menu-ayrac.png HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oyunindirsene.s3.eu-central-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:33 GMT
Server: Apache
Location: http://www.dosya.tc/images/menu-ayrac.png
Content-Length: 249
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3.dosya.tc/images/footer-icon2.png
301 Moved Permanently 251 B URL HTTP/1.1 s3.dosya.tc/images/footer-icon2.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5cce765f18af0a0ff33177891719d1c9
d6a5bda828dc446509c8f8d5644a122c0757a02d
ccf562c78a92b5ad3000cbb30221d1e25860d803cbd46d46cc72e5cd457ce643
GET /images/footer-icon2.png HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:33 GMT
Server: Apache
Location: http://www.dosya.tc/images/footer-icon2.png
Content-Length: 251
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
webapk.s3.amazonaws.com/aydo11.png
200 OK 82 kB URL HTTP/1.1 webapk.s3.amazonaws.com/aydo11.png
IP
File type PNG image data, 1395 x 779, 8-bit/color RGBA, non-interlaced\012- data
Hash f7195eec80c6c7ffe9f9b6bb69368a2a
201bce44363bb94579a356f6f647ae8150f27cc3
7b0df9cb849743967ef59282638f7298906e401945e54f85c28f7055efc41ead
GET /aydo11.png HTTP/1.1
Host: webapk.s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/apk.html?367374
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
x-amz-id-2: Iic2LW8m4tUeG/qtjbUCBzuxFdfaAuXbgJxYxaInB0uSphGN+7XUwotLNXizwmV4fEl/j2RxEd0=
x-amz-request-id: 6C2NN46SB5VFA4V5
Date: Thu, 02 Feb 2023 22:33:34 GMT
Last-Modified: Tue, 26 Jul 2022 22:01:08 GMT
ETag: "f7195eec80c6c7ffe9f9b6bb69368a2a"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 82142
www.dosya.tc/images/background.jpg
302 Found 226 B URL HTTP/1.1 www.dosya.tc/images/background.jpg
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6797b36f676d8829d6709fa773414197
9cedd7d1203f3cef3ea8f4f62cc6b7874f78a12d
436a67975d3b513a24decd5ed794533a0948b7f621b36c9de20e31a3e75c5453
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/background.jpg HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 22:33:33 GMT
Server: Apache
Location: https://www.dosya.tc/images/background.jpg
Content-Length: 226
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3.dosya.tc/pushlommy.com/ntfc.php?p=2138769
301 Moved Permanently 260 B URL HTTP/1.1 s3.dosya.tc/pushlommy.com/ntfc.php?p=2138769
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1cb025ce24e1e0767c677ddba021c8a9
eecdf7aa981e917eab8c87bf6a648cc6289d95fd
f0b139cc9ae3e54acd88665d497a94196ce2efa9223aba256b9b5ba8ec0cacaa
GET /pushlommy.com/ntfc.php?p=2138769 HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: http://www.dosya.tc/pushlommy.com/ntfc.php?p=2138769
Content-Length: 260
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3.dosya.tc/images/uye-girisi.png
301 Moved Permanently 249 B URL HTTP/1.1 s3.dosya.tc/images/uye-girisi.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7ace76dabe0c9f131740da6189078695
a72a9edf9c1bc73bfab5ed8ae58f2724022f6abb
dae5f66da764b34b2ff922900c36a7c9c37875fcff3945eb9b0f184248810d4b
GET /images/uye-girisi.png HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: http://www.dosya.tc/images/uye-girisi.png
Content-Length: 249
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.dosya.tc/images/uye-girisi.png
302 Found 226 B URL HTTP/1.1 www.dosya.tc/images/uye-girisi.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3bfcb3a2ae5a0a4ce1ce6b1eec37b52d
e5ca14e1affb2a203f74b445ee791f8e086ea849
4263f33ee05b731ff51a16afa5b307333569af17d25941fd6ca410458ee49ae4
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/uye-girisi.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: https://www.dosya.tc/images/uye-girisi.png
Content-Length: 226
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9176
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 22:33:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9176
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 22:33:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9176
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 22:33:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9176
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 22:33:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9176
Expires: Fri, 03 Feb 2023 01:06:30 GMT
Date: Thu, 02 Feb 2023 22:33:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02123eef9faa8560ff66b058d4e13a28
decf26282993d7f0b14cf4112d14fa39c97fa89f
28889ff20f1b2fe0b73f8f97e6569f1d68d77fe436eeb47cc06ee4f0822ff239
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9130
x-amzn-requestid: 09ad3fbb-1e71-4455-82df-6e59f65239a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuxiYEkqIAMFVZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2fa8-1dca116e4317f9bd14f6d45a;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:48:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _Bc2svrG-wX63DK9RPUyjh-n6AHVHaQe3QRmEL27L-amwCH2I_f_9g==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:38 GMT
age: 2156
etag: "decf26282993d7f0b14cf4112d14fa39c97fa89f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 2733
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a92e881554205ebbe3721a7bbaeab40
b620fc82bd15b55b581bd8c3a699e1b16563ad2e
ff753b8411bfa0df54938a5f829ce25acbad863a2a3540b3bacca02baf9a2c7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6398
x-amzn-requestid: 843fefd3-8cf4-44ee-bb7c-a010d4149442
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuv1XFXQoAMFe5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2cee-76739fd87b4c0d203eca4114;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2cGZEXolULcBUgvrZ55IWnR825LgkHDFmJFJ5i9lcl4KYbDte3-N1g==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:43 GMT
age: 2151
etag: "b620fc82bd15b55b581bd8c3a699e1b16563ad2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff49ad64-ed0c-4270-8972-02b93a55c3b8.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff49ad64-ed0c-4270-8972-02b93a55c3b8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b67f1de5050f7e32226bb0b279e5f450
058dc594601de546ae391ffa47269b404fee0f02
268b5f2557e4f171f33641cc7923d6cd786cba6e056f6656c82113b49b70a3df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff49ad64-ed0c-4270-8972-02b93a55c3b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12514
x-amzn-requestid: e5e536fd-15ec-4a9f-a678-c24e6202d0f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_y3HRSoAMFxUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379ab-5137ec566a8ccb4a3628e17a;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:13:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KvaWZ_Re1oRbOGg3MDxp5BKPCMAzYqCfVo4n3rf67ppjVO9Pmey4wg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:56:23 GMT
age: 2231
etag: "058dc594601de546ae391ffa47269b404fee0f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a53e95-81db-4f71-84bc-169a72e11b24.jpeg
200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a53e95-81db-4f71-84bc-169a72e11b24.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4242d4999b7b033873b81a482c319c2
bc4c004065ce9f558f210d508844c123a85737a1
ab35a5c1a7c1a0a548aee3b9c301893799680ec1922c13e7a16d44ca457cd91d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a53e95-81db-4f71-84bc-169a72e11b24.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7237
x-amzn-requestid: f6aa0d26-8df4-40fe-8984-1aac7c76097e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVr4jEdeIAMFTYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2269c-58a038d6491d8f461e9168d4;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:07:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XNO6ArxsjiZTxcoSn1Fmhso5bpWNIvzT9nplF6UGTiHVxXlJiv7bJA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:58:40 GMT
age: 2094
etag: "bc4c004065ce9f558f210d508844c123a85737a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc553a8677d9c0bf4835a0c29a7345c
ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8
e821faf86e44f2b9c9d5bd8cd3575c0a99acfc58774077034c413e345a7c0c0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7451
x-amzn-requestid: d671a7f1-56f3-42c4-825a-46b327c11c84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ftSoIHQ7oAMFYpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db97cd-0699ddd77f1402cd1cc03081;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 11:00:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cma6U9Vdmt5kH-BOhhrC1JW4cetPEBibEt7eSJCZHSVssE017jc66Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 2733
etag: "ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.dosya.tc/images/menu-ayrac.png
302 Found 226 B URL HTTP/1.1 www.dosya.tc/images/menu-ayrac.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 512a537682757dbc24a1c4d68ad48e31
86d9407ece23591e0f4157b8be25d7003f8375ec
297448da7a7269c9f297d4a2132be7099c62cbdc74b4462eed61392662490e2b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/menu-ayrac.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: https://www.dosya.tc/images/menu-ayrac.png
Content-Length: 226
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.dosya.tc/images/download-img.png
302 Found 228 B URL HTTP/1.1 www.dosya.tc/images/download-img.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c962886042f9f0b2e1c8fb4798260647
01c3cd257b54e557559665957e7149cebb3bec5f
828e2b63a6d8a51413e3f8b2c1b361a4c81fd3fc85e654b640a4966f35a6930d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/download-img.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: https://www.dosya.tc/images/download-img.png
Content-Length: 228
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.dosya.tc/images/footer-icon1.png
302 Found 228 B URL HTTP/1.1 www.dosya.tc/images/footer-icon1.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4775bfe12728259446914ef32c906fb3
8fdc60e6ced9faa8980dfbca50350f81129c9bc1
b71124bdff8f810108a63832bcca9c3e7b0a0080d866aaf0c7af930feec81ed7
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/footer-icon1.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: https://www.dosya.tc/images/footer-icon1.png
Content-Length: 228
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.dosya.tc/images/footer-icon3.png
302 Found 228 B URL HTTP/1.1 www.dosya.tc/images/footer-icon3.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f14d3e5b83763871d252e4319210a0e4
91b3f050f1eca1d786ee5c9d523d956913a6afe7
d439cd865b6c66faf90e62635cda3600979eb57157f405ca74f23d3768680e61
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/footer-icon3.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: https://www.dosya.tc/images/footer-icon3.png
Content-Length: 228
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.dosya.tc/images/footer-icon2.png
302 Found 228 B URL HTTP/1.1 www.dosya.tc/images/footer-icon2.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 398b1ff7fa9558b01dae70dba019b3e2
20b35859f4d2f3ac2a23d521abf8932af253a7f1
714412657cfc99e0e47c5f06aaa16259735665a11fe820d24cc1c886e2f9fe7e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/footer-icon2.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: https://www.dosya.tc/images/footer-icon2.png
Content-Length: 228
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3.dosya.tc/images/logo.png
301 Moved Permanently 243 B URL HTTP/1.1 s3.dosya.tc/images/logo.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1925c8174f1904e59a290dfa157c80c3
310a6b10d92b0cb4889823cfdf96e82a9bed11b9
95c3e5e322bba96a00093c0c40bc0ebf6aeb4afb4b2c55235198b1e55dbbb220
GET /images/logo.png HTTP/1.1
Host: s3.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Location: http://www.dosya.tc/images/logo.png
Content-Length: 243
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.dosya.tc/images/uye-girisi.png
200 OK 3.0 kB URL HTTP/1.1 www.dosya.tc/images/uye-girisi.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 140 x 51, 8-bit/color RGB, non-interlaced\012- data
Hash 6925e8f5c208aae4dd55cadd1340f180
a03365e7fb59c9588b3b7963e18c0b3e5d4cb369
6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/uye-girisi.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Last-Modified: Tue, 28 May 2019 20:58:56 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.dosya.tc/images/footer-icon2.png
200 OK 850 B URL HTTP/1.1 www.dosya.tc/images/footer-icon2.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 51a472b4a51ea9245ee6f4386f07818f
a19e86c411dc6da3592d1f90e89ddf68df1fee3c
eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/footer-icon2.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 22:33:35 GMT
Server: Apache
Last-Modified: Tue, 28 May 2019 20:58:47 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.dosya.tc/images/logo.png
302 Found 220 B URL HTTP/1.1 www.dosya.tc/images/logo.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e2883b641babbd9a5e07e998042d73d9
574d7472ee61e62e188a693ad051c38896533555
cb7211733be209268d458fe821419d17db2e1ca5ebcd4d2d2c5135a75b820925
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/logo.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 22:33:35 GMT
Server: Apache
Location: https://www.dosya.tc/images/logo.png
Content-Length: 220
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.dosya.tc/images/menu-ayrac.png
200 OK 125 B URL HTTP/1.1 www.dosya.tc/images/menu-ayrac.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 2 x 52, 8-bit/color RGB, non-interlaced\012- data
Hash 35a0591c63feeb75e3e547e894ff6e2d
7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c
9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/menu-ayrac.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 22:33:35 GMT
Server: Apache
Last-Modified: Tue, 28 May 2019 20:58:55 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.dosya.tc/images/download-img.png
200 OK 6.8 kB URL HTTP/1.1 www.dosya.tc/images/download-img.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 313 x 117, 8-bit/color RGB, non-interlaced\012- data
Hash 1edfa391c712325a169fa384adbfbfa7
4ae0807157e873cf80df3a3b0f8b2b67a098b0de
e7cfbf6b7de5e77de00e7376302839e106d3f0ab89637d2af07eb74b86ef4d4f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/download-img.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 22:33:35 GMT
Server: Apache
Last-Modified: Tue, 28 May 2019 20:58:46 GMT
Accept-Ranges: bytes
Content-Length: 6819
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.dosya.tc/images/footer-icon3.png
200 OK 1.7 kB URL HTTP/1.1 www.dosya.tc/images/footer-icon3.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 3a61d85a6bb0a45429b1e4b7d945aa95
6fcdf44c20d1ed269303583e16a98e245fa7b69b
c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/footer-icon3.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 22:33:35 GMT
Server: Apache
Last-Modified: Tue, 28 May 2019 20:58:47 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.dosya.tc/images/logo.png
200 OK 7.2 kB URL HTTP/1.1 www.dosya.tc/images/logo.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 191 x 53, 8-bit/color RGB, non-interlaced\012- data
Hash 2a193802d40b18cd55b0d159571bf63c
1a4e4bdf88317471241d9e5ee29d9572be3f37e3
77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/logo.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 22:33:35 GMT
Server: Apache
Last-Modified: Tue, 28 May 2019 20:58:54 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
www.dosya.tc/images/footer-icon1.png
200 OK 582 B URL HTTP/1.1 www.dosya.tc/images/footer-icon1.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash e62d200d08f565563cc9b713729bbaa6
3a130f79117f2aaa91154eb56a22b47de8c06a50
101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/footer-icon1.png HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 22:33:35 GMT
Server: Apache
Last-Modified: Tue, 28 May 2019 20:58:47 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.dosya.tc/images/background.jpg
200 OK 225 kB URL HTTP/1.1 www.dosya.tc/images/background.jpg
IP
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1050, components 3\012- data
Size 225 kB (225216 bytes)
Hash d12dc4efcddfd7ef2763cc6b89473c9a
3aad022f65a1735f34aff301a6948f4fa1119fc2
096063c06636af2837972b1f5a4ac95cbed503ae0a342472a65ba6758f928c38
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.tc domain
GET /images/background.jpg HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: Apache
Last-Modified: Tue, 28 May 2019 20:58:39 GMT
Accept-Ranges: bytes
Content-Length: 225216
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 02 Feb 2023 21:45:20 GMT
expires: Thu, 02 Feb 2023 23:45:20 GMT
cache-control: public, max-age=7200
age: 2895
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
webapk.s3.amazonaws.com/apple-touch-icon.png
403 Forbidden 243 B URL HTTP/1.1 webapk.s3.amazonaws.com/apple-touch-icon.png
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash e02adddd2eb28ccf461bee7225982490
67d132fb12d01c810e3f7210801a4f9df4eb26a6
e24d83987cdd4c3ffa716a4e827bca4076e2701167eec64717e7483cd76bdd70
GET /apple-touch-icon.png HTTP/1.1
Host: webapk.s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/apk.html?367374
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
x-amz-request-id: EW0QNW1NTG43TFYK
x-amz-id-2: grxITsHbW5h2ECPGJyHPjMvE21bGdTPgSylW4dDC0E42EViBN297IjNO1fR5NGEEya8hKZsR50Y=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Thu, 02 Feb 2023 22:33:34 GMT
Server: AmazonS3
webapk.s3.amazonaws.com/favicon-16x16.png
200 OK 1.6 kB URL HTTP/1.1 webapk.s3.amazonaws.com/favicon-16x16.png
IP
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 05c5d89a72c5dc5e863e151cc5fa9b68
df5a0242031f54494fe0bf1b2d7290cd5e864a15
cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46
GET /favicon-16x16.png HTTP/1.1
Host: webapk.s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webapk.s3.amazonaws.com/apk.html?367374
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
x-amz-id-2: 9JuJCiMj+CG6eTrKBajyog0MwpxpOpWJAOPAWfjN4avy4VOGb2x8CJv9IgOh7wLJkHDBkRwTIGM=
x-amz-request-id: EW0RXTH47W06SGYZ
Date: Thu, 02 Feb 2023 22:33:36 GMT
Last-Modified: Tue, 26 Jul 2022 22:00:57 GMT
ETag: "05c5d89a72c5dc5e863e151cc5fa9b68"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1594
ppcnt.net/go.php?id=15&website_id=367374&token=ODVmekVrRy9QTUtIVHMwQk1Fc3JKdWpkU25BRW1lcHZHVzRTRE01V2dGQT0=
200 OK 0 B URL HTTP/2 ppcnt.net/go.php?id=15&website_id=367374&token=ODVmekVrRy9QTUtIVHMwQk1Fc3JKdWpkU25BRW1lcHZHVzRTRE01V2dGQT0=
IP
GET /go.php?id=15&website_id=367374&token=ODVmekVrRy9QTUtIVHMwQk1Fc3JKdWpkU25BRW1lcHZHVzRTRE01V2dGQT0= HTTP/1.1
Host: ppcnt.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 02 Feb 2023 22:33:32 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/7.4.33, PleskLin
x-frame-options: SAMEORIGIN
set-cookie: cm-995991=1; expires=Fri, 03-Feb-2023 20:59:59 GMT; Max-Age=80787; path=/
refresh: 0; url=https://webapk.s3.amazonaws.com/apk.html?367374
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BLFoB%2BszCcV8Dz45Lf%2BHQrhaLe9Qa8JkpXnyRsgP5vbeeoidBSmOxiDNk5BpuwvTBrTAQ8MrtxmwXVziiecwVDlxRzqITd5dICn0Mvwbc25vb2Jm4fvzA3RXn2I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793663975fb3b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
104.21.13.220
23.36.77.32
142.250.74.106
136.243.28.94