| s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar | 168.119.136.27 | 302 Found | 3.6 kB |
URL User Request GET HTTP/1.1s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar IP168.119.136.27:80 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, ISO-8859 text Hash604cf80edc29c24be895b956a9c45ade 69add9e649a8557a7e93631637e372297758f191 f184f30e4587dd54f16898430a1913746db7c00d0b370b42c108b3a3a7add559
GET /server29/bfo0r8/assistenza_130_boost2.rar HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 13:16:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar | 168.119.136.27 | 302 Found | 245 B |
URL User Request GET HTTP/1.1s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar IP168.119.136.27:80 ASN#24940 Hetzner Online GmbH
File typeHTML document, ASCII text Hash172a2376c4f015c7f7a3f29c2373c13c 8edc9c29ce44dee0326aa28f3e48323160a760d6 328c00859233d47caacd73a6435c42590a49e34d5185335c51f0ddd26955e817
GET /server29/bfo0r8/assistenza_130_boost2.rar HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 26 Apr 2024 13:16:24 GMT
Server: Apache
Location: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Content-Length: 245
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar | 168.119.136.27 | 302 Found | 3.6 kB |
URL User Request GET HTTP/1.1s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar IP168.119.136.27:80 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, ISO-8859 text Hash604cf80edc29c24be895b956a9c45ade 69add9e649a8557a7e93631637e372297758f191 f184f30e4587dd54f16898430a1913746db7c00d0b370b42c108b3a3a7add559
GET /server29/bfo0r8/assistenza_130_boost2.rar HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 13:16:24 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| s2.dosya.tc/style/style.css | 168.119.136.27 | 200 OK | 2.0 kB |
URL GET HTTP/1.1s2.dosya.tc/style/style.css IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeassembler source, ASCII text Hashe36585a9f4a781f9445425224c85e695 4a34bb8474bd8d15a5313a157ca72bf8552910cc 2b8c3599f9d693fc1422d4ad7c8fe6b9fbb2ade6b19a89c55e0d94f02252410a
GET /style/style.css HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:24 GMT
Server: Apache
Last-Modified: Wed, 09 Mar 2022 23:11:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2005
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
|
|
| s2.dosya.tc/style/bootstrap.css | 168.119.136.27 | 200 OK | 21 kB |
URL GET HTTP/1.1s2.dosya.tc/style/bootstrap.css IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (386) Hash2dbb985a5bb6dd8ef0a7b21d290ea9ae f8676e1f4a902a63088f45982f3f9b6a6c401b47 d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a
GET /style/bootstrap.css HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2022 20:22:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21275
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
|
|
| s2.dosya.tc/images/footer-icon1.png | 168.119.136.27 | 200 OK | 582 B |
URL GET HTTP/1.1s2.dosya.tc/images/footer-icon1.png IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hashe62d200d08f565563cc9b713729bbaa6 3a130f79117f2aaa91154eb56a22b47de8c06a50 101d88dc759a5588d5c064fe233b6b19c565966a527a03eb9cdc29c733b8d4c3
GET /images/footer-icon1.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:37 GMT
Accept-Ranges: bytes
Content-Length: 582
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| s2.dosya.tc/images/footer-icon3.png | 168.119.136.27 | 200 OK | 1.7 kB |
URL GET HTTP/1.1s2.dosya.tc/images/footer-icon3.png IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash3a61d85a6bb0a45429b1e4b7d945aa95 6fcdf44c20d1ed269303583e16a98e245fa7b69b c84a015988434d7fa0c884f5590de727799abacb9c4a4ad6b4cadea4b97ea732
GET /images/footer-icon3.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:38 GMT
Accept-Ranges: bytes
Content-Length: 1702
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| s2.dosya.tc/images/uye-girisi.png | 168.119.136.27 | 200 OK | 3.0 kB |
URL GET HTTP/1.1s2.dosya.tc/images/uye-girisi.png IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 140 x 51, 8-bit/color RGB, non-interlaced Hash6925e8f5c208aae4dd55cadd1340f180 a03365e7fb59c9588b3b7963e18c0b3e5d4cb369 6bfa03e8b7d8249e9927cafe801657559f7b7064248bb970b55fb4b689611f2d
GET /images/uye-girisi.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:41 GMT
Accept-Ranges: bytes
Content-Length: 2979
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.dosya.tc/images/download.gif | 88.99.254.43 | 200 OK | 7.2 kB |
URL GET HTTP/1.1www.dosya.tc/images/download.gif IP88.99.254.43:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeGIF image data, version 89a, 300 x 86 Hasha9a5324512e43e463fe0a00118ad0c37 5375ae6855a34619ce428da5f835fc9d9ce06124 7964b17bc443c3bcf422211a690ac4bc62ad981d77d5c0b6bdddc982b8615a25
GET /images/download.gif HTTP/1.1
Host: www.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Sun, 26 Nov 2023 08:56:05 GMT
Accept-Ranges: bytes
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif
|
|
| s2.dosya.tc/images/footer-icon2.png | 168.119.136.27 | 200 OK | 850 B |
URL GET HTTP/1.1s2.dosya.tc/images/footer-icon2.png IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hash51a472b4a51ea9245ee6f4386f07818f a19e86c411dc6da3592d1f90e89ddf68df1fee3c eea1befd43d3dc930a0eb0335c56ed8bc7e14aa1ee3e6c546cd21c1826362750
GET /images/footer-icon2.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:38 GMT
Accept-Ranges: bytes
Content-Length: 850
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| s2.dosya.tc/images/logo.png | 168.119.136.27 | 200 OK | 7.2 kB |
URL GET HTTP/1.1s2.dosya.tc/images/logo.png IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 191 x 53, 8-bit/color RGB, non-interlaced Hash2a193802d40b18cd55b0d159571bf63c 1a4e4bdf88317471241d9e5ee29d9572be3f37e3 77eba513db8685e5a4b7633684b1d6b175bf8272ccfff3c6a1c0735d37d1d57a
GET /images/logo.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:40 GMT
Accept-Ranges: bytes
Content-Length: 7157
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| s2.dosya.tc/images/menu-ayrac.png | 168.119.136.27 | 200 OK | 125 B |
URL GET HTTP/1.1s2.dosya.tc/images/menu-ayrac.png IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 2 x 52, 8-bit/color RGB, non-interlaced Hash35a0591c63feeb75e3e547e894ff6e2d 7dd00c2e8d4e9203b71d3fcb9a660e717b8dca7c 9700fc9abb23b0fa04c070487f5aebdcec2cbb22f10788ab7898032abe3fcced
GET /images/menu-ayrac.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:41 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| s2.dosya.tc/images/background.webp | 168.119.136.27 | 200 OK | 113 kB |
URL GET HTTP/1.1s2.dosya.tc/images/background.webp IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1050, Scaling: [none]x[none], YUV color, decoders should clamp Size113 kB (112776 bytes) Hash2b08bddebb64127b30bc913f73cdab61 f8911fd91f0302e88e7fe6e089ba20af32269b79 0804b26a6993fc6ee8e977f77aa9ce5ddf9c4fe69773b296cc292ee7b2a5ac1b
GET /images/background.webp HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/style/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:35 GMT
Accept-Ranges: bytes
Content-Length: 112776
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/webp
|
|
| s2.dosya.tc/apple-touch-icon.png | 168.119.136.27 | 200 OK | 6.6 kB |
URL GET HTTP/1.1s2.dosya.tc/apple-touch-icon.png IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced Hashbfd9b50e03f63b25c253a5d6fa5c5ef4 b4c68746da8a1da96b57d37990bfbfb0f716c14b ca0f27136956761254299ac92d78aecca2c21841760c56904d894eb13ea0237f
GET /apple-touch-icon.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:16 GMT
Accept-Ranges: bytes
Content-Length: 6556
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
|
|
| s2.dosya.tc/favicon-16x16.png | 168.119.136.27 | 200 OK | 1.6 kB |
URL GET HTTP/1.1s2.dosya.tc/favicon-16x16.png IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash05c5d89a72c5dc5e863e151cc5fa9b68 df5a0242031f54494fe0bf1b2d7290cd5e864a15 cd6cef0b6624ec979018be137e45b606f36c018b2d64cfe7e3d39815c0936a46
GET /favicon-16x16.png HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 13:16:25 GMT
Server: Apache
Last-Modified: Mon, 24 Jan 2022 08:27:20 GMT
Accept-Ranges: bytes
Content-Length: 1594
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
|
|
| my.rtmark.net/gid.js?userId=00804af9deb34eeaecfa21f05a975a6d | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=00804af9deb34eeaecfa21f05a975a6d IP139.45.195.8:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash5edee5106c422aaa21e094e26827c53b 66fb6bf41cfd00b219da27424d988f0aad199f25 f1d78f016549c95fd15b04692e928b0ba81a715e3f23e1b6d47488e3c57fdbf1
GET /gid.js?userId=00804af9deb34eeaecfa21f05a975a6d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| eephoawaum.com/5/5968118/?oo=1&js_build=iclick-v1.784.0 | 139.45.197.243 | 200 OK | 8.5 kB |
URL GET HTTP/2eephoawaum.com/5/5968118/?oo=1&js_build=iclick-v1.784.0 IP139.45.197.243:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjecteephoawaum.com Fingerprint6E:9A:3F:81:A2:D5:35:8F:87:9A:2D:09:48:1B:1C:E2:6B:0F:A1:2A ValidityFri, 26 Apr 2024 02:25:13 GMT - Thu, 25 Jul 2024 02:25:12 GMT
File typegzip compressed data, max speed, from Unix Hash9439c7f0a21ace707d26743cf777f53f e73d199cfbeaea0d21c44a84b2819d30b60d1d91 47d2dbb96adedbc3e276af5288b0b9ab7dc2701aadc07dcbf98af36129c10751
GET /5/5968118/?oo=1&js_build=iclick-v1.784.0 HTTP/1.1
Host: eephoawaum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/json
x-trace-id: df0851c4c8f3e9d1963e82df6b945014
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:25 GMT; path=/; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:25 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d | 139.45.197.242 | 204 No Content | 0 B |
URL OPTIONS HTTP/2cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| gishejuy.com/400/5968115 | 139.45.197.242 | 200 OK | 66 kB |
IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typegzip compressed data, max speed, from Unix Hash5d7eb2929ff0db52bf878f09db84ba52 1b45f183c2909b69b54f55e837531ec6604430f9 d06f98d9753215148c060f06b6907dc6ef987223030e95a3d64b232040c24b35
GET /400/5968115 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
x-trace-id: de0de82b6bfcd09efd6efe282fd90339
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03004a68998b4988e608440f19b90638; expires=Sat, 26 Apr 2025 13:16:25 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d | 139.45.197.242 | 204 No Content | 2.7 kB |
URL OPTIONS HTTP/2cameesse.net/9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hash32b8a9fa7d1adb408dd714f873324bf7 830cf6420f22657ba11ffb46ca2ac3cb89cc1822 eaa391e508843a317112460412af19b374daea334b77fd166f27049cbd14de4e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /9?z=5968116&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=00804af9deb34eeaecfa21f05a975a6d HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 339
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: scm=1; OAID=04004af543374735ec24c849c5ff316d; oaidts=1714137385
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 332c7ccf51b85e021d24e7c6e941603a
access-control-expose-headers: X-Sc
set-cookie: OAID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| cameesse.net/11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=90 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2cameesse.net/11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=90 IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=90 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: scm=1; OAID=00804af9deb34eeaecfa21f05a975a6d; oaidts=1714137385
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: be961cd22d4b39eaf9a7259f38d79614
access-control-expose-headers: X-Sc
set-cookie: OAID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| cameesse.net/121?rnd=2189068270&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D807713345097441280&cln={CELL_NUMBER}&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&bag=ydU9kaAfa6I=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280 | 139.45.197.242 | 302 Found | 0 B |
URL GET HTTP/2cameesse.net/121?rnd=2189068270&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D807713345097441280&cln={CELL_NUMBER}&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&bag=ydU9kaAfa6I=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280 IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /121?rnd=2189068270&z=5968116&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D5968116%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D807713345097441280&cln={CELL_NUMBER}&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&bag=ydU9kaAfa6I=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=00804af9deb34eeaecfa21f05a975a6d; oaidts=1714137385
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-length: 0
location: https://securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=807713345097441280
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: ddbc4db8240f59405589ed06460fcc5f
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 400
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ac2bd7323b5dbf0aba746e04d1b42d0b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 778
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2020a1a86fc814a5c43f25dd5b28cd3a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| s2.dosya.tc/sw.js | 168.119.136.27 | 404 Not Found | 3.6 kB |
IP168.119.136.27:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subject*.dosya.tc FingerprintE7:24:90:11:F7:03:A1:89:62:15:16:E6:7F:F3:E3:7B:23:91:5C:5F ValiditySun, 03 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT
File typeJavaScript source, ISO-8859 text Hash604cf80edc29c24be895b956a9c45ade 69add9e649a8557a7e93631637e372297758f191 f184f30e4587dd54f16898430a1913746db7c00d0b370b42c108b3a3a7add559
GET /sw.js HTTP/1.1
Host: s2.dosya.tc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 13:16:26 GMT
Server: Apache
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-9
|
|
| gishejuy.com/500/5968115?excludes=&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2gishejuy.com/500/5968115?excludes=&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5968115?excludes=&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashe1dd80c44b4a671eafb212352659866f 215f878dfe66af3061eadf563a9bd608325775bf 3d1445278b95be652b5a14310a7a9c147caa8b426caf52169dabee9fd958d8c7
POST /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 1775
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash11e6c55cf2abfa7de93dc4cac37718b0 1b8d3db7def6cdc45848db5729229eae2ad6e98c 7e184adb9fa7694968d59db676425842c283e13a90e873ef5f46bbc2c4a646de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 537
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?pub=0&userId=d96018540232446ea1d4b8dcccc45b69&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?pub=0&userId=d96018540232446ea1d4b8dcccc45b69&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher IP139.45.195.8:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash5edee5106c422aaa21e094e26827c53b 66fb6bf41cfd00b219da27424d988f0aad199f25 f1d78f016549c95fd15b04692e928b0ba81a715e3f23e1b6d47488e3c57fdbf1
GET /gid.js?pub=0&userId=d96018540232446ea1d4b8dcccc45b69&zoneId=5968117&checkDuplicate=true&ymid=&var=&source=pusher HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Cookie: ID=00804af9deb34eeaecfa21f05a975a6d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:26 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash0c37ea1667595fc877a8347d7311032a 55e2beb014a7ebd62e7704cec74f6ee5aa301746 79eb9b496bd3936eb5822a14581b60d9c76ad2d7046189d9b0b69a5fdb80a1cd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 537
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/defaultSkin.min.js | 139.45.197.250 | 200 OK | 25 kB |
URL GET HTTP/2moonoafy.net/pfe/current/defaultSkin.min.js IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typegzip compressed data, max speed, from Unix Hashcd789bc69836e36f9aca730d13e76738 f50bceb5baedd3195f86224fefa8b591e46c94e5 044259899815901821307373336198ef64ce1414ca6416d00c383294495510f4
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-df63"
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/custom | 139.45.197.250 | 200 OK | 39 B |
IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Content-Type: application/json
Content-Length: 397
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1343cf42839e4ac357e62c3b3d6397fb
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 172.67.22.216 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP172.67.22.216:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 26 Apr 2024 18:59:43 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 65803
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d8e98fac1bfa-OSL
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash1ff2aebf0e00c94bf92289d47dd400d3 2277f0a7c8b4a502c1a2ac157c1dfcbf71e794e3 4f5ab27cbbc582ac806e2c61c8637e7bd6a0b8be6cff02fd2fa122d8810c098a
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Fri, 26 Apr 2024 13:16:26 GMT
Server: ECAcc (amb/6B60)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XY8dt5BKRzofStHBLELB_IGn7tyk-o5OVhfsetN9mn4SoIGTdeJlqQ==
|
|
| securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=807713345097441280 | 172.67.175.232 | 302 Found | 0 B |
URL GET HTTP/2securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=807713345097441280 IP172.67.175.232:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerGoogle Trust Services LLC Subjectsecuredpeacomm.com FingerprintE2:58:9B:FC:54:26:CA:CC:89:05:0D:28:D6:2E:28:9E:39:7E:5F:D6 ValidityMon, 15 Apr 2024 19:27:34 GMT - Sun, 14 Jul 2024 19:27:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=5968116&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=807713345097441280 HTTP/1.1
Host: securedpeacomm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/html; charset=UTF-8
location: https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=807713345097441280&ctrl_fetch_dest=iframe&ctrl_id=662ba92a6d19a391700824&ctrl_ts=1714137386.4469&ctrl_ab=burp
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qsNi9%2FxSfHfbasEm62qe5V8fpyVdc6RDyZxOqDqw1glbNpC4heDzgkMjXlgFLkZqbRnWDVPHt%2FJWRjZG0BqH7TimfaKHdyrHmdsZy6XT8Yo77WgwEsEoYLfG2ve0a018MJeZEgo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a6d8e7cf09568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/iw2z68SnXEHVix9nAUzz99nSc1K2rqLJrX2O-CiXjpIM7KldUWtGG7Hoar7bvXZVOaCMVAcNTRxGabltxW0CXoXX41CvcgwU8sNCI4KxxieB1faFi1lzhHxi_QfTd4VApQdknsbAG8dXsFIQ_6gPz1JhMJAymdCniP2Q5Kt198sQoerg77N_BM2dTbNG3oXyOSaImtNaSsi-2RmSMW23G2cPkGTLCnIxkg40RbVQ2lei_mHy8B3Zv7zAFe5AO4N0blUSwnOuNY4ULU9xGm6IRbNdCdy0jUV4GsVWInx5a-vSjyaFLi-wyKtF8N_BBZrnjvw01pGU77pugz0J68DXbu_hg-4hXQceb_HMV0i7Pu9PfQxOz424kX-j8yPu-si9BGXhkLrqMpwqdPpnH1ytJ_r8EPFglQahki5QSWqv6YmLU0P6k4_VpRerPlDIX5KSpIjwcgajdRGMJFOx5W7PkeArGFsg0JwvS-4Oez4jqKR89amruYFozIWk8e3e5l6ImbqkUECCy3Q7bDULxHJsnQMAxRi1W0PDlcY9FNMNs-wnGLD7h2m4i5BvuuxKROZ2uYUZL9d9ErgbJpWo89PcGgURH0W9uxyCOzW7_NoPR5hMKRBzLwBDJENYchxAz346G1DwG4s7wyrsRsVwG9BzhHpH9u7p-LeY4qYQiOFs7Neuuui1ldTl6fVtES3RmfFdb2Y5EtceT7IQgsSeEfUw_h5wH1sbfc7bguuPj2UTUWhW6dZklWJm4l-jLT3ZG3Cup7fEn_G-MedneWaZgXCKDjSbILUi5Dk8-qjAT3bvlkXswQSKZvtW8txlf0Y=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/iw2z68SnXEHVix9nAUzz99nSc1K2rqLJrX2O-CiXjpIM7KldUWtGG7Hoar7bvXZVOaCMVAcNTRxGabltxW0CXoXX41CvcgwU8sNCI4KxxieB1faFi1lzhHxi_QfTd4VApQdknsbAG8dXsFIQ_6gPz1JhMJAymdCniP2Q5Kt198sQoerg77N_BM2dTbNG3oXyOSaImtNaSsi-2RmSMW23G2cPkGTLCnIxkg40RbVQ2lei_mHy8B3Zv7zAFe5AO4N0blUSwnOuNY4ULU9xGm6IRbNdCdy0jUV4GsVWInx5a-vSjyaFLi-wyKtF8N_BBZrnjvw01pGU77pugz0J68DXbu_hg-4hXQceb_HMV0i7Pu9PfQxOz424kX-j8yPu-si9BGXhkLrqMpwqdPpnH1ytJ_r8EPFglQahki5QSWqv6YmLU0P6k4_VpRerPlDIX5KSpIjwcgajdRGMJFOx5W7PkeArGFsg0JwvS-4Oez4jqKR89amruYFozIWk8e3e5l6ImbqkUECCy3Q7bDULxHJsnQMAxRi1W0PDlcY9FNMNs-wnGLD7h2m4i5BvuuxKROZ2uYUZL9d9ErgbJpWo89PcGgURH0W9uxyCOzW7_NoPR5hMKRBzLwBDJENYchxAz346G1DwG4s7wyrsRsVwG9BzhHpH9u7p-LeY4qYQiOFs7Neuuui1ldTl6fVtES3RmfFdb2Y5EtceT7IQgsSeEfUw_h5wH1sbfc7bguuPj2UTUWhW6dZklWJm4l-jLT3ZG3Cup7fEn_G-MedneWaZgXCKDjSbILUi5Dk8-qjAT3bvlkXswQSKZvtW8txlf0Y=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/iw2z68SnXEHVix9nAUzz99nSc1K2rqLJrX2O-CiXjpIM7KldUWtGG7Hoar7bvXZVOaCMVAcNTRxGabltxW0CXoXX41CvcgwU8sNCI4KxxieB1faFi1lzhHxi_QfTd4VApQdknsbAG8dXsFIQ_6gPz1JhMJAymdCniP2Q5Kt198sQoerg77N_BM2dTbNG3oXyOSaImtNaSsi-2RmSMW23G2cPkGTLCnIxkg40RbVQ2lei_mHy8B3Zv7zAFe5AO4N0blUSwnOuNY4ULU9xGm6IRbNdCdy0jUV4GsVWInx5a-vSjyaFLi-wyKtF8N_BBZrnjvw01pGU77pugz0J68DXbu_hg-4hXQceb_HMV0i7Pu9PfQxOz424kX-j8yPu-si9BGXhkLrqMpwqdPpnH1ytJ_r8EPFglQahki5QSWqv6YmLU0P6k4_VpRerPlDIX5KSpIjwcgajdRGMJFOx5W7PkeArGFsg0JwvS-4Oez4jqKR89amruYFozIWk8e3e5l6ImbqkUECCy3Q7bDULxHJsnQMAxRi1W0PDlcY9FNMNs-wnGLD7h2m4i5BvuuxKROZ2uYUZL9d9ErgbJpWo89PcGgURH0W9uxyCOzW7_NoPR5hMKRBzLwBDJENYchxAz346G1DwG4s7wyrsRsVwG9BzhHpH9u7p-LeY4qYQiOFs7Neuuui1ldTl6fVtES3RmfFdb2Y5EtceT7IQgsSeEfUw_h5wH1sbfc7bguuPj2UTUWhW6dZklWJm4l-jLT3ZG3Cup7fEn_G-MedneWaZgXCKDjSbILUi5Dk8-qjAT3bvlkXswQSKZvtW8txlf0Y=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: OAID=00804af9deb34eeaecfa21f05a975a6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:30 GMT
content-type: image/gif
content-length: 43
x-trace-id: 50e4fa2c18e70de61c2764d68346081d
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| gishejuy.com/500/5968115?excludes=19845928&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2gishejuy.com/500/5968115?excludes=19845928&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5968115?excludes=19845928&oaid=00804af9deb34eeaecfa21f05a975a6d&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:31 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/8fb9de081da99ce3c8b8631cff72b564.jpg | 172.67.22.216 | 200 OK | 9.4 kB |
URL GET HTTP/2offerimage.com/www/images/8fb9de081da99ce3c8b8631cff72b564.jpg IP172.67.22.216:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash8fb9de081da99ce3c8b8631cff72b564 f6cb7aaa1ae6a6bf4349374eabfdfb8ff42f25ab 632c04a4c8ac3b4f17006c40ce31a705ce9c89a2f3e96e0a91fe6f7b1b9c5acf
GET /www/images/8fb9de081da99ce3c8b8631cff72b564.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:31 GMT
content-type: image/jpeg
content-length: 9375
cache-control: max-age=86400
cf-bgj: h2pri
etag: "66033f8d-249f"
expires: Sat, 27 Apr 2024 00:36:24 GMT
last-modified: Tue, 26 Mar 2024 21:35:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 45607
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d906add91bfa-OSL
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg | 172.67.22.216 | 200 OK | 17 kB |
URL GET HTTP/2offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg IP172.67.22.216:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash9c6355bcf96815c755fbba83f9fd8f64 ce698b45fb51ef1494f80f432b7aff0985247724 2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:31 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Fri, 26 Apr 2024 18:59:43 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 65808
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d907e84e1bfa-OSL
X-Firefox-Spdy: h2
|
|
| gishejuy.com/impression/j7m9Girpy4Oi9FGObenDS_KDQrqrCnLdtYGrF-94_ivVnyS9vCiesRCNvqA0MV2WuX_FEu3lhJkjYqYIkHq2Pfa5pJp5lp7qQdbaEJfgyZjLRaGqwBF_Wyk7rYqIHFLFWpk8_YJFHtU8r-XDC1GpMFmWYtV3FoBPl_oOiMSjpSY10ZspEaSKlVHqQop3ZHWoJ0CC9VXIdPzp36Mql-vArgsspfUfRl8gSkuLYHJpAFEg5x0CS5ZaBX4E72zXu-4mI7A2zRq7OBA-nBUFdjfbp8gJ4-k2GVSqzxVE6NDj0y0zXisY0AmZLDq8bNxD_Sap2xjKgUUQUTMYBWRll09xu1_eO0pw8VkWa_t_6ir_G64ASOoc57m6hZWK9jTYS9vZ-M1y1CF3hWyfhmRKj2Lc1HqrDKCjnj1FqNV9KRrbBs-vzjl7z-wjH0-avtCpVYQWCNIkeQA8sKgqDodnAx4fOeBfarG13vflgp-oQE0kCdvLz_m51-WJ1sxsp_4ukfpjLwVcZ4tdeLw9kdv5XTjiOtZ3kkrFK5Ni-IM8LWZtbmXWg9Za9HnKEIImBMd0-2TskxPumZny4m3lV0Fk3RvynK5FuweLkySYBWrJesenVssam0bUBCwwjzyB0w1o0sfgoFbdBb2lXcuVbqICBENknw1V3DfLc88_zqFYMt1XWAibTyAEMWVa5bBinFQKJGpZlJn_AIn8T8vD8LYAJUsVLRnnqFvHyFp5E-QO6WKjR3Oj5ZYQbgZ5H4FTU-4DMVCNCKFUrmFCv5469b8iZEsV3VIumonrBqO16YWmwhxX996nthKYKg2xpGaPT_k=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 | 139.45.197.242 | 200 OK | 43 B |
URL GET HTTP/2gishejuy.com/impression/j7m9Girpy4Oi9FGObenDS_KDQrqrCnLdtYGrF-94_ivVnyS9vCiesRCNvqA0MV2WuX_FEu3lhJkjYqYIkHq2Pfa5pJp5lp7qQdbaEJfgyZjLRaGqwBF_Wyk7rYqIHFLFWpk8_YJFHtU8r-XDC1GpMFmWYtV3FoBPl_oOiMSjpSY10ZspEaSKlVHqQop3ZHWoJ0CC9VXIdPzp36Mql-vArgsspfUfRl8gSkuLYHJpAFEg5x0CS5ZaBX4E72zXu-4mI7A2zRq7OBA-nBUFdjfbp8gJ4-k2GVSqzxVE6NDj0y0zXisY0AmZLDq8bNxD_Sap2xjKgUUQUTMYBWRll09xu1_eO0pw8VkWa_t_6ir_G64ASOoc57m6hZWK9jTYS9vZ-M1y1CF3hWyfhmRKj2Lc1HqrDKCjnj1FqNV9KRrbBs-vzjl7z-wjH0-avtCpVYQWCNIkeQA8sKgqDodnAx4fOeBfarG13vflgp-oQE0kCdvLz_m51-WJ1sxsp_4ukfpjLwVcZ4tdeLw9kdv5XTjiOtZ3kkrFK5Ni-IM8LWZtbmXWg9Za9HnKEIImBMd0-2TskxPumZny4m3lV0Fk3RvynK5FuweLkySYBWrJesenVssam0bUBCwwjzyB0w1o0sfgoFbdBb2lXcuVbqICBENknw1V3DfLc88_zqFYMt1XWAibTyAEMWVa5bBinFQKJGpZlJn_AIn8T8vD8LYAJUsVLRnnqFvHyFp5E-QO6WKjR3Oj5ZYQbgZ5H4FTU-4DMVCNCKFUrmFCv5469b8iZEsV3VIumonrBqO16YWmwhxX996nthKYKg2xpGaPT_k=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectgishejuy.com Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80 ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/j7m9Girpy4Oi9FGObenDS_KDQrqrCnLdtYGrF-94_ivVnyS9vCiesRCNvqA0MV2WuX_FEu3lhJkjYqYIkHq2Pfa5pJp5lp7qQdbaEJfgyZjLRaGqwBF_Wyk7rYqIHFLFWpk8_YJFHtU8r-XDC1GpMFmWYtV3FoBPl_oOiMSjpSY10ZspEaSKlVHqQop3ZHWoJ0CC9VXIdPzp36Mql-vArgsspfUfRl8gSkuLYHJpAFEg5x0CS5ZaBX4E72zXu-4mI7A2zRq7OBA-nBUFdjfbp8gJ4-k2GVSqzxVE6NDj0y0zXisY0AmZLDq8bNxD_Sap2xjKgUUQUTMYBWRll09xu1_eO0pw8VkWa_t_6ir_G64ASOoc57m6hZWK9jTYS9vZ-M1y1CF3hWyfhmRKj2Lc1HqrDKCjnj1FqNV9KRrbBs-vzjl7z-wjH0-avtCpVYQWCNIkeQA8sKgqDodnAx4fOeBfarG13vflgp-oQE0kCdvLz_m51-WJ1sxsp_4ukfpjLwVcZ4tdeLw9kdv5XTjiOtZ3kkrFK5Ni-IM8LWZtbmXWg9Za9HnKEIImBMd0-2TskxPumZny4m3lV0Fk3RvynK5FuweLkySYBWrJesenVssam0bUBCwwjzyB0w1o0sfgoFbdBb2lXcuVbqICBENknw1V3DfLc88_zqFYMt1XWAibTyAEMWVa5bBinFQKJGpZlJn_AIn8T8vD8LYAJUsVLRnnqFvHyFp5E-QO6WKjR3Oj5ZYQbgZ5H4FTU-4DMVCNCKFUrmFCv5469b8iZEsV3VIumonrBqO16YWmwhxX996nthKYKg2xpGaPT_k=?_z=5968115&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: OAID=00804af9deb34eeaecfa21f05a975a6d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:34 GMT
content-type: image/gif
content-length: 43
x-trace-id: 063ba14055e098b3d07958839ebfb074
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offerimage.com/www/images/8fb9de081da99ce3c8b8631cff72b564.jpg | 172.67.22.216 | 200 OK | 9.4 kB |
URL GET HTTP/2offerimage.com/www/images/8fb9de081da99ce3c8b8631cff72b564.jpg IP172.67.22.216:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerGoogle Trust Services LLC Subjectofferimage.com Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72 ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3 Hash8fb9de081da99ce3c8b8631cff72b564 f6cb7aaa1ae6a6bf4349374eabfdfb8ff42f25ab 632c04a4c8ac3b4f17006c40ce31a705ce9c89a2f3e96e0a91fe6f7b1b9c5acf
GET /www/images/8fb9de081da99ce3c8b8631cff72b564.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:34 GMT
content-type: image/jpeg
content-length: 9375
cache-control: max-age=86400
cf-bgj: h2pri
etag: "66033f8d-249f"
expires: Sat, 27 Apr 2024 00:36:24 GMT
last-modified: Tue, 26 Mar 2024 21:35:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 45610
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d91a9f321bfa-OSL
X-Firefox-Spdy: h2
|
|
| cameesse.net/11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 | 139.45.197.242 | 200 OK | 0 B |
URL GET HTTP/2cameesse.net/11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /11?rnd=2700212260&z=5968116&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=Y9IC0Yxwj30VPnGZWDUL9thbQNyNjgvqszNIzZZE2XimXej50G38tvm9bCLQmziRuHx3q5kPSO9dF_Matq82UuAmZmYGATCzdQvOKSF5mw05OL-AFpOfR4cDqiZ6QRUeFMeqd7TGjqkdQ6v08U4MpSBS6BIcOVs_vzkrdA6KJ3QLXaE0lKfFNhHzndZLqlz6Uw8V85Yc2MXV3W_PPna3JwvgSMuipODZpqOsEuDtSeiwqOnyMAieeHt5ga9PO1e4_KRcbCH3GGNFmiCVsLyOPXpvBxPdT70X7wYdz1yA9JBYSlIoQROKtsopOduJeHBQbvDInQdU_ZSPo0V_s6ATkdZbdRqRs08ZezpFvL8tqWAsZHM0U6aestzqcsSOOoWwDYdVhaI6I0e5Y7PSLK7nB0r9J_auBo0GbsC3NJ46NOYDoM_rBsj8Fq6f1E1kLKEhRziXdIU5kwl35xzdM1ugIIQN-scDeF2WqbLfJCvv06r9z4zMXvNmZ1vCWr3Xu7AvoNTajziApJ1q84lyoI2oSnruS1XMxKSaPu8XJ9NJHtI5380wt26GRHM5x03WnK6KxJ11mqgTEUxzitckg6mjD_af3WL1IiN183mnFB3ZYBcMav0JNHHmzm57xV7d1JU0zF6bmaccS-Tfxs_5HThTPLlEGLKZTTqzbMAYnVb_1U8=&ruid=8dd01465-0c26-4bdb-8121-af8a4224d846&subid=807713345097441280&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fs2.dosya.tc%2Fserver29%2Fbfo0r8%2Fassistenza_130_boost2.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: scm=1; OAID=00804af9deb34eeaecfa21f05a975a6d; oaidts=1714137385
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:46 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: b45875b58cad19eee9ba3d1ec554304d
access-control-expose-headers: X-Sc
set-cookie: OAID=00804af9deb34eeaecfa21f05a975a6d; expires=Sat, 26 Apr 2025 13:16:46 GMT; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:46 GMT; secure; SameSite=None
oaidvc=1; expires=Sat, 26 Apr 2025 13:16:46 GMT; secure; SameSite=None
CNT=1_v1_rtk9AQEAAAB_TQAA; expires=Fri, 26 Apr 2024 14:16:46 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
|
|
| inklinkor.com/tag.min.js | 104.21.91.63 | 200 OK | 89 kB |
IP104.21.91.63:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerGoogle Trust Services LLC Subjectinklinkor.com Fingerprint28:84:D7:8F:63:D7:99:15:D5:E8:2C:F5:74:62:0D:94:C1:0A:EF:95 ValidityWed, 17 Apr 2024 17:58:45 GMT - Tue, 16 Jul 2024 17:58:44 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3c003e0dc17f0065474b8326c712d09d b1208344832018ef2b6a051d16dc187b75b50074 34b76d99818bde68dfdd933fa7d72d679966295d887a5562eb0244d47970e90e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 8b37fd3af2e8203b6893bdab71661673
cache-control: max-age=86400
last-modified: Fri, 26 Apr 2024 10:18:35 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 27 Apr 2024 13:04:48 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 697
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uz26qoua2FfBizHMFtWvJAfnuIcXcPf%2Fq7FrqsHG9pG5nulXgf5nwbRWk5AtMhbr5Aei5N4RU3g866uAT2pvpU2kwoIOX%2FvDfb5MUoWVRBkbir5uCJFwGZ9rqyc9JYl%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d8e16ffdb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/universal.min.js?v=3.1.504 | 139.45.197.250 | 200 OK | 90 kB |
URL GET HTTP/2moonoafy.net/pfe/current/universal.min.js?v=3.1.504 IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00
GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-15efa"
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=807713345097441280&ctrl_fetch_dest=iframe&ctrl_id=662ba92a6d19a391700824&ctrl_ts=1714137386.4469&ctrl_ab=burp | 143.204.55.21 | 302 Found | 1.1 kB |
URL GET HTTP/2track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=807713345097441280&ctrl_fetch_dest=iframe&ctrl_id=662ba92a6d19a391700824&ctrl_ts=1714137386.4469&ctrl_ab=burp IP143.204.55.21:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerAmazon Subjecttrack.jefytrack.com FingerprintD9:FC:91:D1:FD:F0:F4:2D:48:E9:47:EE:31:A0:1C:23:D3:9A:29:D8 ValiditySun, 21 Apr 2024 00:00:00 GMT - Tue, 20 May 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /145f6684-c379-407a-a2eb-922622a713e1?zoneid=5968116&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=807713345097441280&ctrl_fetch_dest=iframe&ctrl_id=662ba92a6d19a391700824&ctrl_ts=1714137386.4469&ctrl_ab=burp HTTP/1.1
Host: track.jefytrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-length: 0
location: https://externalde.com/out/xyhkxckud/?ctrl_id=662ba92a6d19a391700824&ctrl_ab=burp&ctrl_ts=1714137386.4469&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w11j7og1n35ii5s03a235dgg
date: Fri, 26 Apr 2024 13:16:26 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 145f6684-c379-407a-a2eb-922622a713e1-v4=sI74Q8v9TII9ngYmubQ3P12R1QMl57jqcpZw6gZhjdg; Max-Age=86400; Expires=Sat, 27-Apr-2024 13:16:26 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22w11j7og1n35ii5s03a235dgg%22%2C%22caid%22%3A%22145f6684-c379-407a-a2eb-922622a713e1%22%7D; Max-Age=31536000; Expires=Sat, 26-Apr-2025 13:16:26 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aAgXQypabC8FOT5iT-WA3CwiQAI9s3tE6lh9LZ6hv3mxdofe6dmqpA==
X-Firefox-Spdy: h2
|
|
| moonoafy.net/pfe/current/tag.min.js?z=5968117 | 139.45.197.250 | 200 OK | 15 kB |
URL GET HTTP/2moonoafy.net/pfe/current/tag.min.js?z=5968117 IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typeJavaScript source, ASCII text, with very long lines (14612), with no line terminators Hashffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c
GET /pfe/current/tag.min.js?z=5968117 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=dc2ea7fa-7735-4798-9f01-76dccf3a4da9 | 139.45.195.254 | 200 OK | 12 B |
URL POST HTTP/1.1fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=dc2ea7fa-7735-4798-9f01-76dccf3a4da9 IP139.45.195.254:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerSectigo Limited Subjectfleraprt.com Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash6949f52318584a4b51c719a9b84a7287 9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905 72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=dc2ea7fa-7735-4798-9f01-76dccf3a4da9 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1421
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 26 Apr 2024 13:16:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://s2.dosya.tc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| cameesse.net/1?z=5968116 | 139.45.197.242 | 200 OK | 43 kB |
IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typeJavaScript source, ASCII text, with very long lines (42427) Hash14f2d95d4d48bb9c9bf51cc90028f13f 7e240afc890e2031a4ca80b9ab8ff2f3b44cc088 05b1e56b4aec334a6f74666702b94aa0976f13cbb8ac2f926f2795f43c6299c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1?z=5968116 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: a8d1b4f05556a41f2e67ad552a0031b5
access-control-expose-headers: X-Sc
x-sc: iWzETAN0Ul8_hr2hFmASAKIM2bJHJmW2hKiClrpljUE5TAimERyY61ak_SBD7qkyfYSWRDuj5ywuB4rCEaHCXB2bQuc=
set-cookie: scm=1; expires=Sat, 26 Apr 2025 13:16:25 GMT; secure; SameSite=None
OAID=04004af543374735ec24c849c5ff316d; expires=Sat, 26 Apr 2025 13:16:25 GMT; secure; SameSite=None
oaidts=1714137385; expires=Sat, 26 Apr 2025 13:16:25 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| tzegilo.com/stattag.js | 104.21.11.245 | 200 OK | 19 kB |
IP104.21.11.245:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerGoogle Trust Services LLC Subjecttzegilo.com Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1 ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT
File typeJavaScript source, ASCII text, with very long lines (18486) Hash70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3990
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PB6Tw132GcCXE7636ZaD1rZpynrWgPPJhUvV%2FBYy8f97fXmz0vLixIvtdNAz%2BwQMnbud0dQSF2paQxz1YRl%2Fco%2BHIQczGUcGhCNEuPrI6X5v1Tu%2BvnkALY4qJqkiNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6d8e56e2d56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| lkbx.me/4KqY7?uid=w11j7og1n35ii5s03a235dgg | 47.89.248.255 | 200 OK | 1.1 kB |
URL GET HTTP/2lkbx.me/4KqY7?uid=w11j7og1n35ii5s03a235dgg IP47.89.248.255:443 ASN#45102 Alibaba US Technology Co., Ltd.
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerDigiCert Inc Subjectlkbx.me Fingerprint85:1C:F3:96:31:0D:EC:E9:85:9D:6E:27:5F:AE:1D:6C:F2:9B:F5:BD ValidityMon, 27 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1129), with no line terminators Hashf12c3d87a36c7e07ce75e962dbe95e15 b201e0a2e71e856a7662cb28da21333fc9eebbbe 061c3343c97d54813db8695559c6d89a46374f5dbd4cb809e45cebe579b2f94c
GET /4KqY7?uid=w11j7og1n35ii5s03a235dgg HTTP/1.1
Host: lkbx.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:16:27 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: discuz_2132_saltkey=8hQLtnnE; expires=Sun, 26-May-2024 13:16:27 GMT; Max-Age=2592000; path=/; secure; httponly
discuz_2132_lang=en; path=/; secure
discuz_2132_lang=en; path=/; secure
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=s2.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 | 139.45.197.250 | 200 OK | 880 B |
URL GET HTTP/2moonoafy.net/zone?pub=0&zone_id=5968117&is_mobile=false&domain=s2.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 IP139.45.197.250:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectmoonoafy.net Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0 ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (977), with no line terminators Hash67afc83cfbfb20dc94c7c510eaf57599 e7af356ace3104bb7dbed4baf41dae74ad325128 d96a2da7b223ec9f5ec7189a6298b52d9d9dda7613a4515bcf5bf9fa7a0b0416
GET /zone?pub=0&zone_id=5968117&is_mobile=false&domain=s2.dosya.tc&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s2.dosya.tc/
Origin: https://s2.dosya.tc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: f13acc160523b8ae4461f4898ade828f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://s2.dosya.tc
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a | 139.45.197.242 | 200 OK | 413 kB |
URL GET HTTP/2cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP139.45.197.242:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerLet's Encrypt Subjectcameesse.net Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44 ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT
File typeJavaScript source, ASCII text, with very long lines (65523) Size413 kB (413423 bytes) Hash297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s2.dosya.tc/
Cookie: scm=1; OAID=04004af543374735ec24c849c5ff316d; oaidts=1714137385
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:16:25 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: bf35dfcbab3e52c9a31e9cac9598a7d9
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| externalde.com/out/xyhkxckud/?ctrl_id=662ba92a6d19a391700824&ctrl_ab=burp&ctrl_ts=1714137386.4469&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w11j7og1n35ii5s03a235dgg | 104.21.9.15 | 302 Found | 1.1 kB |
URL GET HTTP/2externalde.com/out/xyhkxckud/?ctrl_id=662ba92a6d19a391700824&ctrl_ab=burp&ctrl_ts=1714137386.4469&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w11j7og1n35ii5s03a235dgg IP104.21.9.15:443
Requested byhttps://s2.dosya.tc/server29/bfo0r8/assistenza_130_boost2.rar CertificateIssuerGoogle Trust Services LLC Subjectexternalde.com Fingerprint79:24:9D:C1:87:2E:2E:74:56:2B:08:78:0D:03:42:70:D2:45:87:61 ValidityWed, 28 Feb 2024 13:09:48 GMT - Tue, 28 May 2024 13:09:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /out/xyhkxckud/?ctrl_id=662ba92a6d19a391700824&ctrl_ab=burp&ctrl_ts=1714137386.4469&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w11j7og1n35ii5s03a235dgg HTTP/1.1
Host: externalde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 26 Apr 2024 13:16:26 GMT
content-type: text/html; charset=UTF-8
location: https://lkbx.me/4KqY7?uid=w11j7og1n35ii5s03a235dgg
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i1kHQ0VZZ9uMAsSf%2FgvNXGN4W7rejO%2FjnFtDwubVfDxMZ1t%2Bo5p7ECVGvwmQfnifHHf9A2wT%2F7bVwF1P%2BIuHkDq45H%2B%2Fom%2FKA5ED9vmHyPoxdmqrgNlTf%2BZptB1NWOnRXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a6d8ebbdc656cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|