dfiles.eu/files/pv8rbpffg/HitMan_ABS.exe
91.226.124.80302 Moved Temporarily 138 B URL HTTP/1.1 dfiles.eu/files/pv8rbpffg/HitMan_ABS.exe
IP 91.226.124.80:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /files/pv8rbpffg/HitMan_ABS.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 04 Feb 2023 11:17:07 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: https://dfiles.eu/files/pv8rbpffg/HitMan_ABS.exe
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18469
Expires: Sat, 04 Feb 2023 16:24:57 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e051e6e01b12b9ad6e0014603f93431a
ada9efe77054d8593f2687fb3a7eada8908ef7e8
c41be8ffe176ca674efb0588164fdfd237754c6b5b461f8f46387b96ae7d6090
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41BE8FFE176CA674EFB0588164FDFD237754C6B5B461F8F46387B96AE7D6090"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11783
Expires: Sat, 04 Feb 2023 14:33:31 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 10:43:37 GMT
content-type: application/json
age: 2011
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10221
Expires: Sat, 04 Feb 2023 14:07:29 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yFWEAdp2p/UgOTm/Ai8UIeXiYnYu8wfiWG6qizzfEANMb70zqvIfJzZiOMOpEYRHUW7pxRjM4jg=
x-amz-request-id: VBKN8FB3FV8VDHV0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 10:23:57 GMT
age: 3191
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 11:17:08 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b9bb4dde9995cd67a7be4743e74259fb
165cd76364e59aa9b3e8af01f20edfd939fd1213
524fc3deb7b409e1dd93715881a6f3a2522d2f1e830eb5402a99a116d6d6d543
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "524FC3DEB7B409E1DD93715881A6F3A2522D2F1E830EB5402A99A116D6D6D543"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19296
Expires: Sat, 04 Feb 2023 16:38:44 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
dfiles.eu/files/pv8rbpffg/HitMan_ABS.exe
91.226.124.78200 OK 9.1 kB URL HTTP/1.1 dfiles.eu/files/pv8rbpffg/HitMan_ABS.exe
IP 91.226.124.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6441), with CRLF, CR, LF line terminators
Hash 65567c04d7992d59bf0c7994f1ec0491
381a8d4117a2049ddf05c5e9343cc744ddcf4a44
0f7968d819fbf4056f92a214fefe82b022ae88773a4fd032798d75ac6e09a0b1
GET /files/pv8rbpffg/HitMan_ABS.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; path=/; domain=.dfiles.eu
last_file=pv8rbpffg; path=/; domain=.dfiles.eu
lang_current=en; expires=Sun, 04-Feb-2024 11:17:08 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 621b586028d5acaf29b8777ca0872ce1
9d2a358576d0acab58e2eacf7765b686cee9181f
a7c99a5217e394c715679780ae1e3e60202653547212b0a4fd2efab0e1a01015
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
216.58.207.228200 OK 553 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 216.58.207.228:0
File type ASCII text, with very long lines (850), with no line terminators
Hash c40fb3e99bdf4c051379206b381f995b
3cf6ce4a866abbd13ce857357061a1cfa3a27690
0c45a6582686059e9d82919355c239be284c5740680f56332419ce0516280183
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 04 Feb 2023 11:17:08 GMT
date: Sat, 04 Feb 2023 11:17:08 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 38751334597fb102e395648397eb7641
f6e96964c6432473e30b4c507f4fe4d99a563754
568ce77210c80961b8aaf4a2f337df2f53edb20af8a5f996ce2bc091d1e5c498
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "568CE77210C80961B8AAF4A2F337DF2F53EDB20AF8A5F996CE2BC091D1E5C498"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8937
Expires: Sat, 04 Feb 2023 13:46:05 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash eeb8a6e3b022e62ff5b5e377cb0f39c3
4035130e52b09a61a9c6d899be22022401ebc629
5c7f8cd701a982478a3fed47124d0bfb85022b404d5c7830b32c066cf5a1d242
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C7F8CD701A982478A3FED47124D0BFB85022B404D5C7830B32C066CF5A1D242"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17010
Expires: Sat, 04 Feb 2023 16:00:38 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash eeb8a6e3b022e62ff5b5e377cb0f39c3
4035130e52b09a61a9c6d899be22022401ebc629
5c7f8cd701a982478a3fed47124d0bfb85022b404d5c7830b32c066cf5a1d242
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C7F8CD701A982478A3FED47124D0BFB85022B404D5C7830B32C066CF5A1D242"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16970
Expires: Sat, 04 Feb 2023 15:59:58 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash eeb8a6e3b022e62ff5b5e377cb0f39c3
4035130e52b09a61a9c6d899be22022401ebc629
5c7f8cd701a982478a3fed47124d0bfb85022b404d5c7830b32c066cf5a1d242
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C7F8CD701A982478A3FED47124D0BFB85022B404D5C7830B32C066CF5A1D242"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9426
Expires: Sat, 04 Feb 2023 13:54:14 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 38751334597fb102e395648397eb7641
f6e96964c6432473e30b4c507f4fe4d99a563754
568ce77210c80961b8aaf4a2f337df2f53edb20af8a5f996ce2bc091d1e5c498
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "568CE77210C80961B8AAF4A2F337DF2F53EDB20AF8A5F996CE2BC091D1E5C498"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15051
Expires: Sat, 04 Feb 2023 15:27:59 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8176ac8bbb8fa05f36bdfa163da09e0c
b936c84c5fa7e781b12a17952c82bca546ca0575
1aa7e39fd02514a4023036a8a100d7e7898ee220063ebfb41c509264c81ed727
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.depositfiles.com/js/download_utils.js
91.226.124.77200 OK 13 kB URL HTTP/1.1 static.depositfiles.com/js/download_utils.js
IP 91.226.124.77:0
File type ASCII text, with very long lines (2250)
Hash 90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea
GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:08 GMT
Content-Type: application/javascript
Content-Length: 13383
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-3447"
Expires: Sat, 04 Feb 2023 11:22:08 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 11:07:19 GMT
age: 589
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
static.depositfiles.com/js/function.js
91.226.124.77200 OK 35 kB URL HTTP/1.1 static.depositfiles.com/js/function.js
IP 91.226.124.77:0
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:08 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-8863"
Expires: Sat, 04 Feb 2023 11:22:08 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/jquery.validate.js
91.226.124.77200 OK 38 kB URL HTTP/1.1 static.depositfiles.com/js/jquery.validate.js
IP 91.226.124.77:0
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:08 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-957d"
Expires: Sat, 04 Feb 2023 11:22:08 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/css/main.css
91.226.124.77200 OK 47 kB URL HTTP/1.1 static.depositfiles.com/css/main.css
IP 91.226.124.77:0
File type ASCII text, with very long lines (332)
Hash cea03c07a2dcdd9444f5f6de6a3f6c64
89307ec85eb1fa31aa0b0d759e13f78970b0375b
5ecd5842291f787ca0d39182e73ab7992ed55dccce2aaeb7cfc4e10ba3917634
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:08 GMT
Content-Type: text/css
Last-Modified: Thu, 28 Apr 2022 10:40:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"626a6f19-2f719"
Expires: Sat, 04 Feb 2023 11:22:08 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
static.depositfiles.com/js/gold_offer.js
91.226.124.77200 OK 9.9 kB URL HTTP/1.1 static.depositfiles.com/js/gold_offer.js
IP 91.226.124.77:0
File type HTML document text\012- HTML document, ASCII text
Hash 041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b
GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:08 GMT
Content-Type: application/javascript
Content-Length: 9887
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-269f"
Expires: Sat, 04 Feb 2023 11:22:08 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/base2.js
91.226.124.77200 OK 399 kB URL HTTP/1.1 static.depositfiles.com/js/base2.js
IP 91.226.124.77:0
File type Unicode text, UTF-8 text, with very long lines (65481)
Size 399 kB (398927 bytes)
Hash 2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:08 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-6164f"
Expires: Sat, 04 Feb 2023 11:22:08 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 53cba227a97b6edccc1a1e1b60f417fe
3cd263f0f0ebec4a15b3082f9506c6d5c975289e
cffd01187e8ae3eda0f5798217846ac1261cd6eb22ae095af61727f789662513
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFFD01187E8AE3EDA0F5798217846AC1261CD6EB22AE095AF61727F789662513"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14160
Expires: Sat, 04 Feb 2023 15:13:08 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12640
Expires: Sat, 04 Feb 2023 14:47:48 GMT
Date: Sat, 04 Feb 2023 11:17:08 GMT
Connection: keep-alive
pl16105218.highcpmrevenuenetwork.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
173.233.137.60200 OK 14 kB URL HTTP/1.1 pl16105218.highcpmrevenuenetwork.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37167), with no line terminators
Hash 1468bdd73cf0208f0728997e87c8aa39
05eb15dd63ee5c8dc14a9814ff7a9c95bade9552
3a01d0fc613eab83c8dd1d9b42809eb5a2bdffb9ec9db32c759c466ff837000e
Analyzer Verdict Alert quad9 Sinkholed
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 11:17:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a07d44664770afe3cf60397ca4086f4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/speed_small.gif
91.226.124.77200 OK 24 kB URL HTTP/1.1 static.depositfiles.com/images/speed_small.gif
IP 91.226.124.77:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991
GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/gif
Content-Length: 23980
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-5dac"
Expires: Thu, 09 Feb 2023 11:17:09 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/no.png
91.226.124.77200 OK 3.1 kB URL HTTP/1.1 static.depositfiles.com/images/no.png
IP 91.226.124.77:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79
GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/png
Content-Length: 3146
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-c4a"
Accept-Ranges: bytes
static.depositfiles.com/images/speed_small_gold.gif
91.226.124.77200 OK 14 kB URL HTTP/1.1 static.depositfiles.com/images/speed_small_gold.gif
IP 91.226.124.77:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9
GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/gif
Content-Length: 14492
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-389c"
Expires: Thu, 09 Feb 2023 11:17:09 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/yes.png
91.226.124.77200 OK 3.3 kB URL HTTP/1.1 static.depositfiles.com/images/yes.png
IP 91.226.124.77:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac
GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/png
Content-Length: 3275
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-ccb"
Accept-Ranges: bytes
static.depositfiles.com/images/upload_btn_bg.gif
91.226.124.77200 OK 9.0 kB URL HTTP/1.1 static.depositfiles.com/images/upload_btn_bg.gif
IP 91.226.124.77:0
File type GIF image data, version 89a, 209 x 75\012- data
Hash 6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b
GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/gif
Content-Length: 9010
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-2332"
Expires: Thu, 09 Feb 2023 11:17:09 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/sprite.png
91.226.124.77200 OK 37 kB URL HTTP/1.1 static.depositfiles.com/images/sprite.png
IP 91.226.124.77:0
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-8fc2"
Accept-Ranges: bytes
static.depositfiles.com/images/logo.png
91.226.124.77200 OK 3.6 kB URL HTTP/1.1 static.depositfiles.com/images/logo.png
IP 91.226.124.77:0
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-e27"
Accept-Ranges: bytes
static.depositfiles.com/images/member_menu_bg.gif
91.226.124.77200 OK 78 B URL HTTP/1.1 static.depositfiles.com/images/member_menu_bg.gif
IP 91.226.124.77:0
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-4e"
Expires: Thu, 09 Feb 2023 11:17:09 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/flags/lang24.png
91.226.124.77200 OK 9.2 kB URL HTTP/1.1 static.depositfiles.com/images/flags/lang24.png
IP 91.226.124.77:0
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-23d4"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite64.png
91.226.124.77200 OK 29 kB URL HTTP/1.1 static.depositfiles.com/images/sprite64.png
IP 91.226.124.77:0
File type PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Hash e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d
GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/png
Content-Length: 28747
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-704b"
Accept-Ranges: bytes
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b5a404b308fa06356367c560e850e1bc
62a5d88a31451b0387e6444c079b6175fa8065a0
f0896232da72586ab3db7427040e653b271df7da7f4c192f44d1b38392702598
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F0896232DA72586AB3DB7427040E653B271DF7DA7F4C192F44D1B38392702598"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18815
Expires: Sat, 04 Feb 2023 16:30:44 GMT
Date: Sat, 04 Feb 2023 11:17:09 GMT
Connection: keep-alive
static.depositfiles.com/images/sprite16.png
91.226.124.77200 OK 28 kB URL HTTP/1.1 static.depositfiles.com/images/sprite16.png
IP 91.226.124.77:0
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-6f55"
Accept-Ranges: bytes
push.services.mozilla.com/
44.227.71.100101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.227.71.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kaa9SfVuKXzuwrp6eoMkiQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: t6xOmmcQWm2cJd4+5RQKQkpqkYI=
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 51587a23f66c8249b593bdd3bc316c26
a44589aa9cf9e0a703e280f130f13783a4dce154
9d3982efed953d409b9ff9e88be9f517be1f563d0569bc8f39ca9c75be104477
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 11:17:09 GMT
Last-Modified: Sat, 04 Feb 2023 09:27:42 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ha0T9owS1ydB3vc3EcKgeoQFFcKZ0TPr-nTW2RvZ6Bn3pQBoqcuMww==
Age: 6570
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ee1642d27c91c9ead2e318a193fca042
a4bc2d1fed7135cd1bb81676e21fa9e747848622
7ac1f6edc22c83f2944157a015626af57a0f9813d923135fb9013e5f148622c1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7AC1F6EDC22C83F2944157A015626AF57A0F9813D923135FB9013E5F148622C1"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1816
Expires: Sat, 04 Feb 2023 11:47:25 GMT
Date: Sat, 04 Feb 2023 11:17:09 GMT
Connection: keep-alive
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 1fc650a517a9629f3f90ae8bea884b82
60a6c63deaa174d53b47c2402a9af19bcca8189b
7ab2fad0fbfdabc844f477f8026db3200487e23fa478fd11d402c694455c25e5
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
set-cookie: uid_id2=756ce6e2-5338-487f-b8e3-7dde2d097466:1:1; expires=Tue, 01 Feb 2033 11:17:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ef053ba9237778fc353eb660b4a08419
3330391516f18bf8cdb73ce8794d8e09c8e9e649
e1809e310079980ff4b0746a459826e8f2687830a794e314cb5b2cac53e4e1f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1809E310079980FF4B0746A459826E8F2687830A794E314CB5B2CAC53E4E1F3"
Last-Modified: Fri, 03 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21484
Expires: Sat, 04 Feb 2023 17:15:13 GMT
Date: Sat, 04 Feb 2023 11:17:09 GMT
Connection: keep-alive
adsbb.dfiles.eu//ad.php?z=56&c=NO
91.226.124.76303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=56&c=NO
IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Sun, 05-Feb-2023 11:17:09 GMT; Max-Age=86400
Location: /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
91.226.124.76303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Sun, 05-Feb-2023 11:17:09 GMT; Max-Age=86400
Location: /upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu/upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 887 B URL HTTP/1.1 adsbb.dfiles.eu/upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash c1fc9d84f106efbe528b0c57fe74c57b
013bacbcfaf12bc8fb8793a960c7924e07930971
c38f7d99dcf7a13223d89be171bf9a8dce7d5362abfd44a65fce063eb76f3258
GET /upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Sat, 04 Feb 2023 11:15:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 669 B URL HTTP/1.1 adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash f2554dd74531832e44883477fb49c55f
de1865d8218e9e33a7d17622be15ea9cfa213fc2
f7bb1ed51baa7e67671aad0cbb5b629d3de373da494df9ef6cdd26476dc0a03f
GET /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Sat, 04 Feb 2023 11:15:01 GMT
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 393bbfb575b9114ba07a7255cbef8e87
586cd8c073036c5a4445d27b753ba94fbdf8f4b2
ac6ffbc3c87461c5d92fde4c3f6df5c3bab845ddccc283f064a41cd651fda630
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC6FFBC3C87461C5D92FDE4C3F6DF5C3BAB845DDCCC283F064A41CD651FDA630"
Last-Modified: Thu, 02 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4912
Expires: Sat, 04 Feb 2023 12:39:01 GMT
Date: Sat, 04 Feb 2023 11:17:09 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b12734eba5349187a85cd41b8592d548
14a355ee724da435e481eb2f3fbdc7593ce5279d
fc891bfc32a18c2dca9c6f126d37d286079cbe1423385b359c80a57307c1ef9f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5040
Cache-Control: max-age=126089
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:09 GMT
Etag: "63dd748e-117"
Expires: Sun, 05 Feb 2023 22:18:38 GMT
Last-Modified: Fri, 03 Feb 2023 20:54:38 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 82d4cd75b5f78fa430c52f966c17f5e6
87ff62d3fa3478bb14091f1451b5c914549bfd3e
2d81207474e9c7b4aecbb13fb3442ae08cf1524ed79f9caaae41668c941f48c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D81207474E9C7B4AECBB13FB3442AE08CF1524ED79F9CAAAE41668C941F48C2"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11575
Expires: Sat, 04 Feb 2023 14:30:04 GMT
Date: Sat, 04 Feb 2023 11:17:09 GMT
Connection: keep-alive
jsc.mgid.com/d/e/depositfiles.com.7998.js
104.19.132.78200 OK 1.2 kB URL HTTP/2 jsc.mgid.com/d/e/depositfiles.com.7998.js
IP 104.19.132.78:0
File type ASCII text, with very long lines (2651), with no line terminators
Hash 4963733c79750f6129b9a78f95c93f42
e115fc62e97827cee476e29b103bb5c985d2f274
30e0aa2a0abcf77b71929d9b61872d3e1b4a8f9fec149056ad613c3656d76aeb
GET /d/e/depositfiles.com.7998.js HTTP/1.1
Host: jsc.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:09 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=2652
etag: W/"443dbf997da8fe1e8633d2db0b59feab"
last-modified: Wed, 18 Jan 2023 10:06:08 GMT
x-amz-id-2: teJuW/RwCtSaoxDCRntWMrDqtsdRhC20KVqFplE/HttghmV9jMjB2Gaoo3TIare2TnwQBB39EBA=
x-amz-request-id: RGZAP65EKA30RXYQ
x-amz-version-id: nUKWV5PsQ9PvJfD8F3v8NmYXLF3MgaCf
cf-cache-status: HIT
age: 7096
expires: Sat, 04 Feb 2023 14:17:09 GMT
cache-control: public, max-age=10800
set-cookie: __cf_bm=J7W9rGpSvxZ0FZE4UyFJ.xkLJ_pa9aLLuXR4E_7Z.b4-1675509429-0-AcBL/RNUiQvnq+0/xriQXxEWqOelcEFlZbRGAdV13kggNqAfU3taeQU+Za0OSuG/1UEh04DEuVRgHelWWPrs9zM=; path=/; expires=Sat, 04-Feb-23 11:47:09 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7942ff8e78290b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 04 Feb 2023 11:22:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76200 OK 85 kB URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
static.depositfiles.com/images/favicon.ico
91.226.124.77200 OK 318 B URL HTTP/1.1 static.depositfiles.com/images/favicon.ico
IP 91.226.124.77:0
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-13e"
Accept-Ranges: bytes
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76200 OK 85 kB URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adsbb.dfiles.eu/view.gif?c=2927&z=58&b=2708&u=63de3e3517b5a5222288442751736
91.226.124.76200 OK 43 B URL HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2927&z=58&b=2708&u=63de3e3517b5a5222288442751736
IP 91.226.124.76:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2927&z=58&b=2708&u=63de3e3517b5a5222288442751736 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en; _nf56=1; _nf58=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?test_adblock=true
142.250.74.34200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?test_adblock=true
IP 142.250.74.34:0
File type ASCII text, with very long lines (3649)
Hash f0c47537e240e7ea4b386864f4daabff
733d8fcac9a1a7cc960021abc465c671ed1d1ddf
b397869d3991a783f03c4bfae957db0428ed1a45166bc5a1664eb5c5236f8408
GET /pagead/js/adsbygoogle.js?test_adblock=true HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 04 Feb 2023 11:17:09 GMT
expires: Sat, 04 Feb 2023 11:17:09 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 9159732019018534858
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49901
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
142.250.74.35200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (633)
Size 164 kB (163841 bytes)
Hash fe98364486b3206867b17008f995646f
35a5e9aa210970f7abd718d99e629c6982a3cc02
1fd703cb16e3f6f3f7192109d19c69d6e5ac1cfa0feb5b105a86564b7970d28a
GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163841
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 08:53:11 GMT
expires: Wed, 31 Jan 2024 08:53:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
age: 354238
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adserver.adreactor.com/js/libcode3.js
46.166.179.123200 OK 7.7 kB URL HTTP/1.1 adserver.adreactor.com/js/libcode3.js
IP 46.166.179.123:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- C source, ASCII text, with very long lines (27061), with no line terminators
Hash 02a8b86bce420a8a54223b74fa0d265e
a92561d8f1c6a43e23b0301db815d1cfca1995c6
d58e205115e1054fe89459992256a3ac8264bf821550ccc60fb01623f9b91c41
GET /js/libcode3.js HTTP/1.1
Host: adserver.adreactor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=86400
Expires: Sun, 05 Feb 2023 11:17:09 GMT
Vary: Accept-Encoding, Accept-Encoding
Last-Modified: Tue, 15 Mar 2022 21:49:26 GMT
Content-Encoding: gzip
solitudearbitrary.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
192.243.59.13200 OK 29 kB URL HTTP/1.1 solitudearbitrary.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 9588337a49d8676c68e0fe13b31058e4
d29d818360b8245683eb664a130e2d30e7b06403
ec3f1070f10df2124c4828bcdf8baebd93ea389d0394d1efa5133c75d615e4be
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 58c6e212d1f062046b6bc4ccae1a1368
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
dominantroute.com/bens/vinos.js?23701&u=null&a=0.1829711769374579
193.200.64.20200 OK 43 B URL HTTP/1.1 dominantroute.com/bens/vinos.js?23701&u=null&a=0.1829711769374579
IP 193.200.64.20:0
ASN #6681 Rozetka Sp. z o.o.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /bens/vinos.js?23701&u=null&a=0.1829711769374579 HTTP/1.1
Host: dominantroute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa TIA"
Set-Cookie: uuid=16755090051532635802; expires=Mon, 03-Feb-2025 11:17:09 GMT; Max-Age=63072000; path=/; samesite=None; domain=.dominantroute.com; secure
adserver.adreactor.com/servlet/tagger/82121825/1675509465115
46.166.179.123200 OK 81 B URL HTTP/1.1 adserver.adreactor.com/servlet/tagger/82121825/1675509465115
IP 46.166.179.123:0
ASN #43350 NForce Entertainment B.V.
Hash a6b8c2e1b1e1e2289aab9518bafba81c
23170eadb97c06e3c8bc78d8b112a8a9a856a7bc
8ccd7ada4c13fc9d04d8a7b21991457e3c372dfe79cb03ac52223b3a30b08d17
GET /servlet/tagger/82121825/1675509465115 HTTP/1.1
Host: adserver.adreactor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: ADRUID=f8d328bc85d679917ec01e743eaf5d21; Expires=Sun, 04-Feb-2024 11:17:09 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 47eac246dd4caebc4eed82f772112392
dfcd672f4a7e2fb48b36af3fa6844d73cffeb0a2
c4c27f03ec80cad94d819f8918fadb043cec8db265c59d99bd9d6810147f7041
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C4C27F03EC80CAD94D819F8918FADB043CEC8DB265C59D99BD9D6810147F7041"
Last-Modified: Thu, 02 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18739
Expires: Sat, 04 Feb 2023 16:29:28 GMT
Date: Sat, 04 Feb 2023 11:17:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 0d08c1554f5529769daaa30898b8ed3b
63a00bcbf219ba1c910eb82b1daf69f5e6d22144
7d704111f31f107e780a73787e7a5536094c668e8880a583ebe60a220e2e933c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D704111F31F107E780A73787E7A5536094C668E8880A583EBE60A220E2E933C"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19893
Expires: Sat, 04 Feb 2023 16:48:42 GMT
Date: Sat, 04 Feb 2023 11:17:09 GMT
Connection: keep-alive
adserver.adreactor.com/servlet/view/banner/javascript/ajax/crossdomain/zone?zid=9&pid=8620&uuid=f8d328bc85d679917ec01e743eaf5d21&tagid=avp_1560248483863&viewable=true&txid=72886673&sver=1&pvid=67303244&resolution=728x91&random=37201662&millis=1675509465197&referrer=https%3A%2F%2Fadsbb.dfiles.eu%2Fupload%2F1906%2Fad2708292742b09a.htm%3Fcanp%3Dadv_73b411c406ca38ecadcf742fe6ade752
46.166.179.123200 OK 1.1 kB URL HTTP/1.1 adserver.adreactor.com/servlet/view/banner/javascript/ajax/crossdomain/zone?zid=9&pid=8620&uuid=f8d328bc85d679917ec01e743eaf5d21&tagid=avp_1560248483863&viewable=true&txid=72886673&sver=1&pvid=67303244&resolution=728x91&random=37201662&millis=1675509465197&referrer=https%3A%2F%2Fadsbb.dfiles.eu%2Fupload%2F1906%2Fad2708292742b09a.htm%3Fcanp%3Dadv_73b411c406ca38ecadcf742fe6ade752
IP 46.166.179.123:0
ASN #43350 NForce Entertainment B.V.
File type HTML document, ASCII text, with very long lines (1905)
Hash 8b4306dad645427bb1a589be0a023c5b
69723a699f51067b6f118ea00d25956b00b33322
0a6f430209a967e7eac06107c020faa0288fd34b430db62a03013f264f93e9f2
GET /servlet/view/banner/javascript/ajax/crossdomain/zone?zid=9&pid=8620&uuid=f8d328bc85d679917ec01e743eaf5d21&tagid=avp_1560248483863&viewable=true&txid=72886673&sver=1&pvid=67303244&resolution=728x91&random=37201662&millis=1675509465197&referrer=https%3A%2F%2Fadsbb.dfiles.eu%2Fupload%2F1906%2Fad2708292742b09a.htm%3Fcanp%3Dadv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adserver.adreactor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: ADRUID=f8d328bc85d679917ec01e743eaf5d21; Expires=Sun, 04-Feb-2024 11:17:09 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 04 Feb 2023 11:22:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
e69cf83721.56efa4d7b7.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIzOTg2NDg3ODY1NTc1NTIwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
45.133.44.25200 OK 0 B URL HTTP/2 e69cf83721.56efa4d7b7.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIzOTg2NDg3ODY1NTc1NTIwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIzOTg2NDg3ODY1NTc1NTIwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjIuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ== HTTP/1.1
Host: e69cf83721.56efa4d7b7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
adserver.adreactor.com/js/interactive2.js
46.166.179.123200 OK 2.7 kB URL HTTP/1.1 adserver.adreactor.com/js/interactive2.js
IP 46.166.179.123:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with very long lines (11195), with no line terminators
Hash 3aab9ab80248895ff925b5906764597e
0fc31983fe85d422bb46bf29e52f65eb7bc5a469
e280705d04639ecfec0dfb05b495ffbbb4138cd34c955c9925286a06b02efea3
GET /js/interactive2.js HTTP/1.1
Host: adserver.adreactor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:09 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=86400
Expires: Sun, 05 Feb 2023 11:17:09 GMT
Vary: Accept-Encoding, Accept-Encoding
Last-Modified: Tue, 15 Mar 2022 21:49:26 GMT
Content-Encoding: gzip
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
solitudearbitrary.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
192.243.59.13200 OK 3.5 kB URL HTTP/1.1 solitudearbitrary.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6075), with no line terminators
Hash a9ca86a176449e9fb8e1dcbadcddef6b
e88d6b7f8df1284c104606c43fb4eaab84315e78
0f517fd86cdbf6870ae7806a390be481f80d7a04b19a8c3ed25023592985dabb
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 11:17:10 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Sun, 05 Feb 2023 11:17:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 Feb 2023 11:17:10 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 Feb 2023 11:17:10 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 Feb 2023 11:17:10 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 Feb 2023 11:17:10 GMT; secure; SameSite=None
slec224ad4a14b4b15c1726ff705ec672ea6=[3986545]; expires=Sat, 04 Feb 2023 11:17:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 905fd5e4a2709fa5461d0498e32f1736
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
dfiles.eu/ps/QW13h0.js
91.226.124.78200 OK 48 B IP 91.226.124.78:0
Hash b215ecc0d708a2fb5464f5e8d65d2d4e
d8c0da4fd6cd8c2a3b36cb6a7d21ce620810ccc0
eb4333e919f16aa3042235966e790e430e0faecf66ee95bb387b147e168b8ee5
GET /ps/QW13h0.js HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en; u_count=%5B0%2C0%5D; sb_page_224ad4a14b4b15c1726ff705ec672ea6=1; sb_onpage_224ad4a14b4b15c1726ff705ec672ea6=1; sb_main_224ad4a14b4b15c1726ff705ec672ea6=1; sb_count_224ad4a14b4b15c1726ff705ec672ea6=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=756ce6e2-5338-487f-b8e3-7dde2d097466%3A1%3A1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:17:10 GMT
Content-Type: application/javascript
Content-Length: 48
Last-Modified: Fri, 21 Oct 2022 18:21:02 GMT
Connection: close
ETag: "6352e30e-30"
Accept-Ranges: bytes
ads.a-static.com/0/img/adv_pd_728x90.png
46.166.179.115200 OK 11 kB URL HTTP/2 ads.a-static.com/0/img/adv_pd_728x90.png
IP 46.166.179.115:0
ASN #43350 NForce Entertainment B.V.
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash 22a028765c7abab19f98a814d41ad5fb
0b1f391d8b9a8fad09c28bd77223129416fd450b
e0125430911589e28cb4d1e3203195f2476c416344117f0da405090e86283888
GET /0/img/adv_pd_728x90.png HTTP/1.1
Host: ads.a-static.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: image/png
content-length: 10700
last-modified: Tue, 03 Oct 2017 13:18:05 GMT
etag: "59d38e0d-29cc"
expires: Mon, 06 Mar 2023 11:17:10 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22287
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 11:17:10 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=13135577184481049166; Expires=Sun, 04 Feb 2024 11:17:10 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3e4acd46b234f93b8f66bddfb049e7f1
f606219397d2684ccb9fe3daa394b00145d9ac6b
4cf65578835d4adc49e92099f07b3566d6e5f8a8406acfe7dd1fa4fc45df1033
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4CF65578835D4ADC49E92099F07B3566D6E5F8A8406ACFE7DD1FA4FC45DF1033"
Last-Modified: Fri, 03 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18504
Expires: Sat, 04 Feb 2023 16:25:34 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bac267957b47b6e5b433fb161019a6ed
42cf11f3800a0ed6cfc99857433566988f81c92b
b344c7120eff663fedd67f4fe83d689b306ab26debfc476b5c5e813e27d73fc0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B344C7120EFF663FEDD67F4FE83D689B306AB26DEBFC476B5C5E813E27D73FC0"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13514
Expires: Sat, 04 Feb 2023 15:02:24 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13218
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13218
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13218
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13218
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
outdilateinterrupt.com/pixel/purst?dl=0&th=0&sc=0&rs=2090&rd=2090&fd=768&bv=22.10.v.10&tmpl=136
173.233.137.52200 OK 0 B URL HTTP/1.1 outdilateinterrupt.com/pixel/purst?dl=0&th=0&sc=0&rs=2090&rd=2090&fd=768&bv=22.10.v.10&tmpl=136
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2090&rd=2090&fd=768&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 11:17:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 47197
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 47020
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 48546
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 47209
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10c7764-f1d0-48fc-aca2-14c1d1d4a4a2.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10c7764-f1d0-48fc-aca2-14c1d1d4a4a2.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0080839b66c74b02e573ff400e4b6f0f
2667a2863ea2d39d6dc7222aa8a7362c5c0a4a12
78d6df3752f71e0e85fffcee0ea0cda113b3bc58b24d3f8df65773a17c3b0c9f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd10c7764-f1d0-48fc-aca2-14c1d1d4a4a2.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10473
x-amzn-requestid: 10aa22bf-1966-46c4-a4c9-122f4d86d323
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEVQGEaIAMFrgg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd80ee-23f533da27a000be1ff7b5de;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:47:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: e3bHMYWIQQtS9l9ouIAwh6bVZK5Gg7xKKiw72uNH4GnST1rmZThLaw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:19 GMT
age: 47031
etag: "2667a2863ea2d39d6dc7222aa8a7362c5c0a4a12"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.25200 OK 114 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Size 114 kB (113817 bytes)
Hash aa2a292ec249c9ec086432aa9feb77c4
9938c5650c95e4578f3e184db72357cfdea0455a
a7fe55b830e5a4d227337d01423e8b4c6b3593946e64cce905fa76d74bc17243
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-f96f"
content-encoding: gzip
expires: Sat, 04 Feb 2023 11:22:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/common/config.js
45.133.44.25200 OK 19 B URL HTTP/2 js.wpshsdk.com/npc/sdk/common/config.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 67fc2c9421e21f4a3707c7fabc8e9f33
0d311fbfaea3d64122b4c5e575a5c3fbea11f718
b93ed3f9c6f2c27004ef57a9fa8f11248af5bd9848cc56a1c215db36d4ecc1bb
GET /npc/sdk/common/config.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 19
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: "63d270a1-13"
expires: Sat, 04 Feb 2023 11:22:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/common/core.js
45.133.44.25200 OK 40 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/common/core.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash 6340a056801f758cf69450afada3e61c
8d4211ed98188eb745bec94b40454f01e6824bbc
3a65ea4219403a479693b396a452e4512956d6cb4b5dd7c950adff408e20008a
GET /npc/sdk/common/core.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-1bf5c"
content-encoding: gzip
expires: Sat, 04 Feb 2023 11:22:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
solitudearbitrary.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t%2F%2BTutl1Yug0HhSkEn3TM9Mxohh4xoJrkncXQl4sv71pEx1V1vVPT0JHqILsh6E8aTHzjfJBt1Fdi%2FeRJl4kRw0oyA5GE%2FeBcWzzGQg%2BKDqvVffO3zfq%2B%2BjveKMBCjo6fobZkdpTeeatcB%2FbkOlwpTOX73th0EtWPA3VNqKFvz%2B5LK9F8OgWQue91%2BTfMvM1YMwCMIg9JeVlbHpz01RqOxBJ6x1glpUr4XNCH37394VHhz1IHpn5HEoMf7%2F5g%2BPoPgIafLwunRbucleeDUpNM2NRU8cvpVupaZMkVyUsfUQp4ezaRg3JuTzSzDp4UwBTG9%2FogBMjYn3awiWHs5ogvUOzpkyDZmCiSsoeyNIPYKiI3BzB0qcEIALrK4hTe6tGlvS7XOUTtAxufzPX1DlmFz%2B7UmkyVdLWvX9W0YXuTKpQz%2BuoPojqO4IWXGEfMeDKo%2FA8w%2BhBEGaVFCimqpWagQVj6DlANR5KCZHeShiD0XmIRGnPm124iBoxyxuNOYjznmjwXlzviWaohHNxwEKPqE1QJ4NwPUA3O4is7vYUgPY4ju4zQpOeHD5mHhv7qInKpSSoHQEJSUoFUGZE5S96kBoV3fVPaFdwcJZrs9yoxqavLtHD0zelSnZy87I1ek%2B%2Fm4ZbMlTv16PqIhoGLGIhU0etuutOG4HTclb7bqkLThVQblLU6k76uSJDJk6eexpMHoEp4%2FA1VXQ4hnQctiuB6Cbw2g%2BwE76UMjMOJXHSktX4yaBMBWy%2FDLybW9Pn5Gnpjxe%2BuU9SH5MZgFuK2S2wrvqe4Kuvju8aUqyf9OUjjxay3KVqB06%2BbNbOc2l9%2BXrcrs0Vqxcd4MvrvEJMCkf3JYuv0FTodKuI%2FeXlBDSLhvLJflmxW1Itl64zaXCpkV2Y%2F2V5ZUks9I5ZdIRqBoT8sH74GpMrnjp1I%2F%2Bj10oO4ItKiTFBVdljsCzXbjsePGzT9Z%2BXxBvwxkCqy9mWOahLKqhrbOLR60ItLzoKavg5PHi%2FWd%2F%2BuOdax%2BDyeNv%2FzzH9txddK0Hmt%2BZurBnK%2FR0BaoHcMX%2Fhnlmjxd%2FbkwDTHtDpq23z7TVn54v16lTXzbjIJZBXbK4w%2BI2DUQnjjqMdkLZZk0aIndjfvby1%2F8CAAD%2F%2FwEAAP%2F%2FSkk%2FN2cEAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 solitudearbitrary.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t%2F%2BTutl1Yug0HhSkEn3TM9Mxohh4xoJrkncXQl4sv71pEx1V1vVPT0JHqILsh6E8aTHzjfJBt1Fdi%2FeRJl4kRw0oyA5GE%2FeBcWzzGQg%2BKDqvVffO3zfq%2B%2BjveKMBCjo6fobZkdpTeeatcB%2FbkOlwpTOX73th0EtWPA3VNqKFvz%2B5LK9F8OgWQue91%2BTfMvM1YMwCMIg9JeVlbHpz01RqOxBJ6x1glpUr4XNCH37394VHhz1IHpn5HEoMf7%2F5g%2BPoPgIafLwunRbucleeDUpNM2NRU8cvpVupaZMkVyUsfUQp4ezaRg3JuTzSzDp4UwBTG9%2FogBMjYn3awiWHs5ogvUOzpkyDZmCiSsoeyNIPYKiI3BzB0qcEIALrK4hTe6tGlvS7XOUTtAxufzPX1DlmFz%2B7UmkyVdLWvX9W0YXuTKpQz%2BuoPojqO4IWXGEfMeDKo%2FA8w%2BhBEGaVFCimqpWagQVj6DlANR5KCZHeShiD0XmIRGnPm124iBoxyxuNOYjznmjwXlzviWaohHNxwEKPqE1QJ4NwPUA3O4is7vYUgPY4ju4zQpOeHD5mHhv7qInKpSSoHQEJSUoFUGZE5S96kBoV3fVPaFdwcJZrs9yoxqavLtHD0zelSnZy87I1ek%2B%2Fm4ZbMlTv16PqIhoGLGIhU0etuutOG4HTclb7bqkLThVQblLU6k76uSJDJk6eexpMHoEp4%2FA1VXQ4hnQctiuB6Cbw2g%2BwE76UMjMOJXHSktX4yaBMBWy%2FDLybW9Pn5Gnpjxe%2BuU9SH5MZgFuK2S2wrvqe4Kuvju8aUqyf9OUjjxay3KVqB06%2BbNbOc2l9%2BXrcrs0Vqxcd4MvrvEJMCkf3JYuv0FTodKuI%2FeXlBDSLhvLJflmxW1Itl64zaXCpkV2Y%2F2V5ZUks9I5ZdIRqBoT8sH74GpMrnjp1I%2F%2Bj10oO4ItKiTFBVdljsCzXbjsePGzT9Z%2BXxBvwxkCqy9mWOahLKqhrbOLR60ItLzoKavg5PHi%2FWd%2F%2BuOdax%2BDyeNv%2FzzH9txddK0Hmt%2BZurBnK%2FR0BaoHcMX%2Fhnlmjxd%2FbkwDTHtDpq23z7TVn54v16lTXzbjIJZBXbK4w%2BI2DUQnjjqMdkLZZk0aIndjfvby1%2F8CAAD%2F%2FwEAAP%2F%2FSkk%2FN2cEAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t%2F%2BTutl1Yug0HhSkEn3TM9Mxohh4xoJrkncXQl4sv71pEx1V1vVPT0JHqILsh6E8aTHzjfJBt1Fdi%2FeRJl4kRw0oyA5GE%2FeBcWzzGQg%2BKDqvVffO3zfq%2B%2BjveKMBCjo6fobZkdpTeeatcB%2FbkOlwpTOX73th0EtWPA3VNqKFvz%2B5LK9F8OgWQue91%2BTfMvM1YMwCMIg9JeVlbHpz01RqOxBJ6x1glpUr4XNCH37394VHhz1IHpn5HEoMf7%2F5g%2BPoPgIafLwunRbucleeDUpNM2NRU8cvpVupaZMkVyUsfUQp4ezaRg3JuTzSzDp4UwBTG9%2FogBMjYn3awiWHs5ogvUOzpkyDZmCiSsoeyNIPYKiI3BzB0qcEIALrK4hTe6tGlvS7XOUTtAxufzPX1DlmFz%2B7UmkyVdLWvX9W0YXuTKpQz%2BuoPojqO4IWXGEfMeDKo%2FA8w%2BhBEGaVFCimqpWagQVj6DlANR5KCZHeShiD0XmIRGnPm124iBoxyxuNOYjznmjwXlzviWaohHNxwEKPqE1QJ4NwPUA3O4is7vYUgPY4ju4zQpOeHD5mHhv7qInKpSSoHQEJSUoFUGZE5S96kBoV3fVPaFdwcJZrs9yoxqavLtHD0zelSnZy87I1ek%2B%2Fm4ZbMlTv16PqIhoGLGIhU0etuutOG4HTclb7bqkLThVQblLU6k76uSJDJk6eexpMHoEp4%2FA1VXQ4hnQctiuB6Cbw2g%2BwE76UMjMOJXHSktX4yaBMBWy%2FDLybW9Pn5Gnpjxe%2BuU9SH5MZgFuK2S2wrvqe4Kuvju8aUqyf9OUjjxay3KVqB06%2BbNbOc2l9%2BXrcrs0Vqxcd4MvrvEJMCkf3JYuv0FTodKuI%2FeXlBDSLhvLJflmxW1Itl64zaXCpkV2Y%2F2V5ZUks9I5ZdIRqBoT8sH74GpMrnjp1I%2F%2Bj10oO4ItKiTFBVdljsCzXbjsePGzT9Z%2BXxBvwxkCqy9mWOahLKqhrbOLR60ItLzoKavg5PHi%2FWd%2F%2BuOdax%2BDyeNv%2FzzH9txddK0Hmt%2BZurBnK%2FR0BaoHcMX%2Fhnlmjxd%2FbkwDTHtDpq23z7TVn54v16lTXzbjIJZBXbK4w%2BI2DUQnjjqMdkLZZk0aIndjfvby1%2F8CAAD%2F%2FwEAAP%2F%2FSkk%2FN2cEAAA%3D HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 11:17:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a10b7f2428506d595b203027e25f0ba0
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6eac904305f0af9ac8425ba6638af743
6cc700dcc996020985e64492e8d9df7c498d861b
97a04042d25ff5aba9e8e6b99828405fc609275c375530f777a4a5d57e4cede3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97A04042D25FF5ABA9E8E6B99828405FC609275C375530F777A4A5D57E4CEDE3"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3277
Expires: Sat, 04 Feb 2023 12:11:47 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6eac904305f0af9ac8425ba6638af743
6cc700dcc996020985e64492e8d9df7c498d861b
97a04042d25ff5aba9e8e6b99828405fc609275c375530f777a4a5d57e4cede3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97A04042D25FF5ABA9E8E6B99828405FC609275C375530F777A4A5D57E4CEDE3"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3277
Expires: Sat, 04 Feb 2023 12:11:47 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
172.64.167.9200 OK 4.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
IP 172.64.167.9:0
File type PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced\012- data
Hash 23e9690b0e7ac26868363a6248f44467
d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f
f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395
GET /sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: image/png
content-length: 4022
last-modified: Wed, 17 Feb 2021 11:46:53 GMT
etag: "602d022d-fb6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6989141
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FhKcO4VtaQmX01AqP%2FSFpk06Mc7%2Ftw7CCK9oIRqUq72t6ySqyMTEQSK9zAunGijlpObTDCnp4qjAL1fjqt%2BnpFFK57k97iMXXEhT8TqUwmKcug9bZsYx5UY3H%2BZ6XNjHinX4odAnICr%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7942ff963e7588aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6eac904305f0af9ac8425ba6638af743
6cc700dcc996020985e64492e8d9df7c498d861b
97a04042d25ff5aba9e8e6b99828405fc609275c375530f777a4a5d57e4cede3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97A04042D25FF5ABA9E8E6B99828405FC609275C375530F777A4A5D57E4CEDE3"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3277
Expires: Sat, 04 Feb 2023 12:11:47 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:17:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 604c3cbda1f304eef93aa15329e8e7ac
d9f25abc81500d2740265d4a2b11fa7e2d251d1f
5b0938197333a46575fa5d665e649f70b3268e27d0f3cbcac04065cc70acf9c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B0938197333A46575FA5D665E649F70B3268E27D0F3CBCAC04065CC70ACF9C5"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11971
Expires: Sat, 04 Feb 2023 14:36:41 GMT
Date: Sat, 04 Feb 2023 11:17:10 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/0d/01/87/0d01878cf56694d07561db5af753a1bf/1675335150.png
45.133.44.9200 OK 5.2 kB URL HTTP/2 cdn.cloudimagesb.com/si/0d/01/87/0d01878cf56694d07561db5af753a1bf/1675335150.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash cad4a522f8b593826d15ecb99fd1927e
5fc038fb15b5be5c23598ebfb21446a0a802da81
4adfaf89c9f857fa0877236d73749fc9872523a091a589932fa6662a51b7142b
GET /si/0d/01/87/0d01878cf56694d07561db5af753a1bf/1675335150.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: image/png
content-length: 5173
server: nginx/1.17.6
last-modified: Thu, 02 Feb 2023 10:52:38 GMT
etag: "63db95f6-1435"
expires: Mon, 06 Feb 2023 11:17:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fee867d660e7db4f404f9d19666d1a06
db98da7eacd4966c62c7f688e10921fc71579bce
6d54bae814fa49d7b9f10b42371f23af095338193032f711af9eef02dd814534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D54BAE814FA49D7B9F10B42371F23AF095338193032F711AF9EEF02DD814534"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1216
Expires: Sat, 04 Feb 2023 11:37:27 GMT
Date: Sat, 04 Feb 2023 11:17:11 GMT
Connection: keep-alive
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.67200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.67:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 338885
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.67200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.67:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 479711
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=756ce6e2-5338-487f-b8e3-7dde2d097466&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=756ce6e2-5338-487f-b8e3-7dde2d097466&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=756ce6e2-5338-487f-b8e3-7dde2d097466&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 11:17:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 268d1619e66cbfde510e6608814f4557
Strict-Transport-Security: max-age=0; includeSubdomains
solitudearbitrary.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXuNpvax6ERQaTwoy6e7p%2BYkRw8Y1ElyTuLsS8GR1VfWkTHVXW9U9PQkeoguyHoTxpMfON8kG3UV2L95EmXiRHDSjIDkYT94FxbPMZGDYB1Xvvfre4ftefZ%2FsF%2BfEQ0HPNt7Su1IpOt%2Boee4LmzLlurTu2i3X92reorsp02a46PbGl%2Bm%2B7HuNmvei%2B4Zg23o%2B8HzP8z3fXZFGxLo3P0Ehs%2FsLfm3Bq4VBzW%2BE6JlHe1s4sNQB756TJyH56PGtnx5CsiHS5ME1Ybdznb30elIommuDLj96J91OdZkimZWxcRCnR9NpaDsi5MtL0OnRVAF092CsAJEcEed3H1F6NKWJqHt4wTRSECkifhlldwihhpB0CKZvQ%2FJTAjCOtXWkyd01bUq6c4HSMToic%2F%2F9A1mOyNwfTyNNvllWsufe1KrIpU4tenEF2RtCdobIimPkuw5keQyWfwzJCdKkguTVRLWUQ8h4CCX6oNZBMT7SQRE7KDIHCT9zaWMh9rxWHMX1ejtkjNXrjDXaTd7g9bAdeyjYmFYfedYHU30ws4fM7GFb9mGKH2C3KljuwOYj4ry9hy6vUAqC0hKUlKCUBGVOUHarQ65sYKu7XNki8qc5mOZ6NdB5Z58e6rwjUrKfnZMrk33829TYFmduEISUh9QPozDyG8xvBc04bnkNwZqtQNAmrKwg7aWJ1F15%2BlSGTJ4%2B8SwiegyrjsHkFdDiOdBy0Ao80K1B2Pawmz7gItNW5rFUwtaYTsB1hSyfQ77j7Ktz8syExyu%2FfQDBTsg0wEyFzFR4X%2F5I0FF3Bjd0SQ5u6NKSh%2BtZLhO5S8d%2FdjOnuXC%2BflPslNrw1Wu2%2F9VVNgbG5f1bwubXacpl2rHk3rLkXJgVbZgg363aTRFtFHZruTBpkV3feG1lNcmMsFbqdAgqR4R89CGYHJHLTjrxo%2FtzB9IMYYoKSTHjKvUxWLYHm50sffHZ%2Bp%2BL%2FF1YTWDUbCbKHJRFNTBBNHtUkkCJWU%2BjClacLN17%2Fpe%2F3rv6KSJx8v3fF9i%2BvYOOcUDz2xMXdk2FrqpAVR%2B2eGyQZ%2BZk6df6JBApZxAp4xxEyqjPL5Zr5Znb8EPRjtotxnkkGPdbQb1d97yA87C1IPwF5HbEzl%2F99n8AAAD%2F%2FwEAAP%2F%2FXkGx0WcEAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 solitudearbitrary.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXuNpvax6ERQaTwoy6e7p%2BYkRw8Y1ElyTuLsS8GR1VfWkTHVXW9U9PQkeoguyHoTxpMfON8kG3UV2L95EmXiRHDSjIDkYT94FxbPMZGDYB1Xvvfre4ftefZ%2FsF%2BfEQ0HPNt7Su1IpOt%2Boee4LmzLlurTu2i3X92reorsp02a46PbGl%2Bm%2B7HuNmvei%2B4Zg23o%2B8HzP8z3fXZFGxLo3P0Ehs%2FsLfm3Bq4VBzW%2BE6JlHe1s4sNQB756TJyH56PGtnx5CsiHS5ME1Ybdznb30elIommuDLj96J91OdZkimZWxcRCnR9NpaDsi5MtL0OnRVAF092CsAJEcEed3H1F6NKWJqHt4wTRSECkifhlldwihhpB0CKZvQ%2FJTAjCOtXWkyd01bUq6c4HSMToic%2F%2F9A1mOyNwfTyNNvllWsufe1KrIpU4tenEF2RtCdobIimPkuw5keQyWfwzJCdKkguTVRLWUQ8h4CCX6oNZBMT7SQRE7KDIHCT9zaWMh9rxWHMX1ejtkjNXrjDXaTd7g9bAdeyjYmFYfedYHU30ws4fM7GFb9mGKH2C3KljuwOYj4ry9hy6vUAqC0hKUlKCUBGVOUHarQ65sYKu7XNki8qc5mOZ6NdB5Z58e6rwjUrKfnZMrk33829TYFmduEISUh9QPozDyG8xvBc04bnkNwZqtQNAmrKwg7aWJ1F15%2BlSGTJ4%2B8SwiegyrjsHkFdDiOdBy0Ao80K1B2Pawmz7gItNW5rFUwtaYTsB1hSyfQ77j7Ktz8syExyu%2FfQDBTsg0wEyFzFR4X%2F5I0FF3Bjd0SQ5u6NKSh%2BtZLhO5S8d%2FdjOnuXC%2BflPslNrw1Wu2%2F9VVNgbG5f1bwubXacpl2rHk3rLkXJgVbZgg363aTRFtFHZruTBpkV3feG1lNcmMsFbqdAgqR4R89CGYHJHLTjrxo%2FtzB9IMYYoKSTHjKvUxWLYHm50sffHZ%2Bp%2BL%2FF1YTWDUbCbKHJRFNTBBNHtUkkCJWU%2BjClacLN17%2Fpe%2F3rv6KSJx8v3fF9i%2BvYOOcUDz2xMXdk2FrqpAVR%2B2eGyQZ%2BZk6df6JBApZxAp4xxEyqjPL5Zr5Znb8EPRjtotxnkkGPdbQb1d97yA87C1IPwF5HbEzl%2F99n8AAAD%2F%2FwEAAP%2F%2FXkGx0WcEAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXuNpvax6ERQaTwoy6e7p%2BYkRw8Y1ElyTuLsS8GR1VfWkTHVXW9U9PQkeoguyHoTxpMfON8kG3UV2L95EmXiRHDSjIDkYT94FxbPMZGDYB1Xvvfre4ftefZ%2FsF%2BfEQ0HPNt7Su1IpOt%2Boee4LmzLlurTu2i3X92reorsp02a46PbGl%2Bm%2B7HuNmvei%2B4Zg23o%2B8HzP8z3fXZFGxLo3P0Ehs%2FsLfm3Bq4VBzW%2BE6JlHe1s4sNQB756TJyH56PGtnx5CsiHS5ME1Ybdznb30elIommuDLj96J91OdZkimZWxcRCnR9NpaDsi5MtL0OnRVAF092CsAJEcEed3H1F6NKWJqHt4wTRSECkifhlldwihhpB0CKZvQ%2FJTAjCOtXWkyd01bUq6c4HSMToic%2F%2F9A1mOyNwfTyNNvllWsufe1KrIpU4tenEF2RtCdobIimPkuw5keQyWfwzJCdKkguTVRLWUQ8h4CCX6oNZBMT7SQRE7KDIHCT9zaWMh9rxWHMX1ejtkjNXrjDXaTd7g9bAdeyjYmFYfedYHU30ws4fM7GFb9mGKH2C3KljuwOYj4ry9hy6vUAqC0hKUlKCUBGVOUHarQ65sYKu7XNki8qc5mOZ6NdB5Z58e6rwjUrKfnZMrk33829TYFmduEISUh9QPozDyG8xvBc04bnkNwZqtQNAmrKwg7aWJ1F15%2BlSGTJ4%2B8SwiegyrjsHkFdDiOdBy0Ao80K1B2Pawmz7gItNW5rFUwtaYTsB1hSyfQ77j7Ktz8syExyu%2FfQDBTsg0wEyFzFR4X%2F5I0FF3Bjd0SQ5u6NKSh%2BtZLhO5S8d%2FdjOnuXC%2BflPslNrw1Wu2%2F9VVNgbG5f1bwubXacpl2rHk3rLkXJgVbZgg363aTRFtFHZruTBpkV3feG1lNcmMsFbqdAgqR4R89CGYHJHLTjrxo%2FtzB9IMYYoKSTHjKvUxWLYHm50sffHZ%2Bp%2BL%2FF1YTWDUbCbKHJRFNTBBNHtUkkCJWU%2BjClacLN17%2Fpe%2F3rv6KSJx8v3fF9i%2BvYOOcUDz2xMXdk2FrqpAVR%2B2eGyQZ%2BZk6df6JBApZxAp4xxEyqjPL5Zr5Znb8EPRjtotxnkkGPdbQb1d97yA87C1IPwF5HbEzl%2F99n8AAAD%2F%2FwEAAP%2F%2FXkGx0WcEAAA%3D HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 11:17:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cb027a4b3b68e2099fd373ecd00a3d44
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=756ce6e2-5338-487f-b8e3-7dde2d097466&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=756ce6e2-5338-487f-b8e3-7dde2d097466&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=756ce6e2-5338-487f-b8e3-7dde2d097466&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 Feb 2023 11:17:11 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0f347b02cb0055478a70c4a559264956
Strict-Transport-Security: max-age=0; includeSubdomains
solitudearbitrary.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 solitudearbitrary.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 04 Feb 2023 11:17:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bac267957b47b6e5b433fb161019a6ed
42cf11f3800a0ed6cfc99857433566988f81c92b
b344c7120eff663fedd67f4fe83d689b306ab26debfc476b5c5e813e27d73fc0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B344C7120EFF663FEDD67F4FE83D689B306AB26DEBFC476B5C5E813E27D73FC0"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13513
Expires: Sat, 04 Feb 2023 15:02:24 GMT
Date: Sat, 04 Feb 2023 11:17:11 GMT
Connection: keep-alive
dfiles.eu/ps/QW13h0.js
91.226.124.78304 Not Modified 0 B IP 91.226.124.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ps/QW13h0.js HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uprand=fa271dcaf5ae238ec215ed87c861c119; last_file=pv8rbpffg; lang_current=en; u_count=%5B0%2C0%5D; sb_page_224ad4a14b4b15c1726ff705ec672ea6=1; sb_onpage_224ad4a14b4b15c1726ff705ec672ea6=1; sb_main_224ad4a14b4b15c1726ff705ec672ea6=1; sb_count_224ad4a14b4b15c1726ff705ec672ea6=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=756ce6e2-5338-487f-b8e3-7dde2d097466%3A1%3A1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=solitudearbitrary.com; ppu_idelay_c22dc50dc2bbe4422c7f68d26ab95eb9=1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Fri, 21 Oct 2022 18:21:02 GMT
If-None-Match: "6352e30e-30"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Server: nginx
Date: Sat, 04 Feb 2023 11:17:11 GMT
Last-Modified: Fri, 21 Oct 2022 18:21:02 GMT
Connection: close
ETag: "6352e30e-30"
notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpv8rbpffg%2FHitMan_ABS.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0
94.130.197.142200 OK 0 B URL HTTP/2 notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpv8rbpffg%2FHitMan_ABS.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0
IP 94.130.197.142:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpv8rbpffg%2FHitMan_ABS.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0 HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 Feb 2023 11:17:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 11:17:10 GMT
date: Sat, 04 Feb 2023 11:17:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.unblockia.com/h.js
143.204.55.84200 OK 0 B IP 143.204.55.84:0
GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
date: Fri, 03 Feb 2023 17:15:22 GMT
last-modified: Wed, 01 Feb 2023 16:56:57 GMT
etag: W/"0298f5b07154a01756527ea50aa20b69"
x-amz-meta-codebuild-content-sha256: d2cad23c06f64c92abd687e9af25313addce67d5a9659ca62882437bd5a89900
x-amz-version-id: hY4L4iRWDT4x4HpHoBgZQ_jDylmV88m0
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:eed14b09-bf79-4256-9d87-8421f120fcea
x-amz-meta-codebuild-content-md5: cf2e8578aabfc94a9bd8e460e1034106
server: AmazonS3
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TvuDBAQmxUSkl-RcfQn5MuZrN7TIpFJGmeUyKnbACv-ot6IaQ8aD8A==
age: 64907
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.92200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.92:0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:09 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 454dc29167d805161e9409a4a43e6cd6
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 Feb 2023 11:17:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1pu81Uj6IobjmUGwrAFolHq9C9glxDP7swzw8fjJ7%2B0LCnljzVBVybdkXh%2Bxzh1Bo6h1%2FcWd%2Ff8ctPMB9tSgyiOjGnQ6NoHxJbAjheLYVUGga5gMRo1u%2BjAI9G1L%2FfnK8VFB80w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7942ff8c8f67732d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
4b4d7ffd05.e499799158.com/d54a2a06104fd194e7acc63bf35c56c0.js
45.133.44.24200 OK 0 B URL HTTP/2 4b4d7ffd05.e499799158.com/d54a2a06104fd194e7acc63bf35c56c0.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /d54a2a06104fd194e7acc63bf35c56c0.js HTTP/1.1
Host: 4b4d7ffd05.e499799158.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:09 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 02 Feb 2023 09:20:02 GMT
etag: W/"63db8042-18c39"
content-encoding: gzip
expires: Sat, 04 Feb 2023 11:22:09 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:28 GMT
etag: W/"6275e5b8-4b9"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 Feb 2023 12:17:10 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 0 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F0896232DA72586AB3DB7427040E653B271DF7DA7F4C192F44D1B38392702598"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18815
Expires: Sat, 04 Feb 2023 16:30:44 GMT
Date: Sat, 04 Feb 2023 11:17:09 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
IP 172.64.167.9:0
GET /sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:46:52 GMT
etag: W/"602d022c-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 686209
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LctpcqAuBv%2BtmQKgvOgGQcuDe3WG2JY5SZ6w4cMkGxKB1hfbpmuLNLA%2BORZaJrPTHUzmpmh0UMgVHN7oTx%2BZAnDeXe1UqNmKuA2ok%2Fe7QIfL3g1x5Pc4iP%2Bz21iy%2BLlvsnMj3ApikJft"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7942ff960e2688aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
IP 172.64.167.9:0
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 11:41:22 GMT
etag: W/"614c67e2-160c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 40299
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ln6xfPrUCgcs6CzsL%2BG9zN7MyKGy%2FTbMY1ERzmhWQjGldEYzcTVwty5jwd6pGgaCq%2FwsOYQdIXzzJ1Rwh1tPR1OpXu%2FaWbFY4H4BcTIDCN4sdmm3SzEAKVZAJd8sIqoBHCBtXfjhq024"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7942ff960e2188aa-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
45.133.44.24200 OK 0 B IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 Feb 2023 11:17:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-158c"
content-encoding: gzip
expires: Sat, 04 Feb 2023 11:22:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2