sfile.mobi/download/503061/246986/f9a1d11f3b09e2ee6f4b76ace4b08156/steam-api.dll&is=6fdb817f16697a70eb17c72e92cb58ae
172.67.69.138302 Found 0 B URL User Request GET HTTP/2 sfile.mobi/download/503061/246986/f9a1d11f3b09e2ee6f4b76ace4b08156/steam-api.dll&is=6fdb817f16697a70eb17c72e92cb58ae
IP 172.67.69.138:443
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /download/503061/246986/f9a1d11f3b09e2ee6f4b76ace4b08156/steam-api.dll&is=6fdb817f16697a70eb17c72e92cb58ae HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Tue, 02 May 2023 12:05:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 02 May 2023 13:05:25 GMT
Location: https://sfile.mobi/download/503061/246986/f9a1d11f3b09e2ee6f4b76ace4b08156/steam-api.dll&is=6fdb817f16697a70eb17c72e92cb58ae
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvrPmGi1cABb1aJG1Mr94LkUkDXZ3lWF4SSK1%2FkyFBvNKpZJ%2FouoFLPxDRnyF2kTsaGm2fywcNLqtV3j9%2Fw3vSYb8cXh3%2BYv4cUgV9TdfhlbX3aGV7OZ176BFXI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c1021e20c7d067b-OSL
alt-svc: h2=":443"; ma=60
sfile.mobi/includes/adsby.js
104.26.4.191200 OK 13 B URL GET HTTP/2 sfile.mobi/includes/adsby.js
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type ASCII text, with no line terminators
Hash c5f96fbf51ae71c2ab29237fa415bbf8
5f9cbbf13fe8e1775c3b8a99a7cc92ba5a32b81f
4b788930a60496876be01bf2dbc9e79d1ce226545438697f5333a4bf57f952d4
GET /includes/adsby.js HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 13
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=15
etag: "f-5b3f44e345d40"
expires: Mon, 08 May 2023 22:31:32 GMT
last-modified: Fri, 13 Nov 2020 03:05:49 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 48834
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2LluXPcs68E8QSS%2FWmlbh0nMCkphDOMdYwvHP%2BAMWSuXHnYkT7%2Brc1hTnCMlbvdf5IZ8nkwxfOqYHZHGO%2BcrGm7RVi85JZbIelbAkWD5XHCwqrgow7YsZJnQfso%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e78d1db505-OSL
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.24.14200 OK 5.6 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.24.14:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 64350
expires: Sun, 21 Apr 2024 12:05:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pb19OIikxva8gXJhkBlpuFR%2F0FgDFGclQqeR9nizdLV6ESP2YwnGsZYYciGrKKqjAC%2FD2vcLrCdjZ7OLyVbAW7ZMBxTyMbBRlks%2BmW1tQN8PAbVFC%2BVnvjG252orJxwm6EeeOhtL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c1021e7affc0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sfile.mobi/img/Sfile-Logo.svg
104.26.4.191200 OK 2.9 kB URL GET HTTP/2 sfile.mobi/img/Sfile-Logo.svg
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (831)
Hash 331a0c596f260fe61d54d8397b1c2bd7
13baaf09dbdabf43f2d8e998d14e1f10318840d9
9d80017b23d9adbada86f3e42a9b10391206b1d9a38debf09472a813170802e4
Analyzer Verdict Alert fortinet Malware
GET /img/Sfile-Logo.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Oct 2020 09:51:24 GMT
etag: W/"15b1-5b0e96cdf5f00-gzip"
cache-control: max-age=604800
expires: Sat, 06 May 2023 14:43:33 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 249713
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vl8aYitox1YmC1gtqwLxcuLm2h8eOr0hVbV%2FRQw62zfvCYz%2BA4jFe8rtFMT6bnspy9RMezQSZLNKzDO2xFXIR%2FNp3ccS0BXd6Y7PMQ3UIge4PREQFKk%2BbttdMTM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e78d25b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
104.26.4.191200 OK 21 kB URL GET HTTP/2 sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type Web Open Font Format (Version 2), TrueType, length 20724, version 1.0\012- data
Hash 43c849ea0258ce0d23a480e840881f16
5222f2283ff9eed9c05025b15dcca453a43cb8c3
b3287a4018a220fe4a205c68bbb34a847fe5038c5dfbe575dd538df025b0497a
GET /includes/fonts/raleway-v14-latin-regular.woff2 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-length: 20724
last-modified: Mon, 26 Aug 2019 01:13:52 GMT
etag: "50f4-590fade753400"
cache-control: max-age=604800
expires: Mon, 08 May 2023 21:39:52 GMT
x-frame-options: DENY
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 51933
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yWmdnYqEQL5gJDe1AOxw3ghex19Ocn9npkQhPhfFndaYlsL51LIG%2FOFzSwyxKwVr8dskJ3kF41%2By87FN7Wgld8XcWiffrpQz%2BTr%2BaoeY73XOM5uhC53X5WdF%2Bbk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e87e8bb505-OSL
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-XNQ10X1V2J
142.250.74.72200 OK 74 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-XNQ10X1V2J
IP 142.250.74.72:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint07:22:19:79:30:9E:4C:35:4E:21:BD:55:7D:44:2F:A9:71:9E:4C:AA
ValidityMon, 03 Apr 2023 08:16:11 GMT - Mon, 26 Jun 2023 08:16:10 GMT
File type ASCII text, with very long lines (4620)
Hash afb561ee9428a4921b9dfb05dcae82b5
e4c7084921244fcf4776092ddb2a2cc3bb469586
475eacf65a4d27c903683a587d7aedd09d539416469aeca724eb5842182b966e
GET /gtag/js?id=G-XNQ10X1V2J HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 02 May 2023 12:05:26 GMT
expires: Tue, 02 May 2023 12:05:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73454
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/ehi.svg
104.26.4.191200 OK 78 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/ehi.svg
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1428), with no line terminators
Hash 0f32bca406f5c4b135eb0453c3b28cc4
3a172ea21a53d2b142caadae7098f7299ec4603a
eb445c9561613d69be1a7c98b14c82174a5f08a26c37f5eb9bde4609538a2d61
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/ehi.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 06:12:11 GMT
etag: W/"594-554f5fa8fc4c0-gzip"
cache-control: max-age=604800
expires: Sat, 06 May 2023 03:47:22 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 289084
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CPvnaIKuQuQemfZ9RMyDujTUxXcLVBw0Y41Zyai0TxHqjyna8SPGL2MsHuJVBERkP0wz8DKM4vECHBw%2FBAJkLm9dXvK3lN0czYCyVLrsk561Q6z1t4XS7mLVV%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e79d3bb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash ef58945b8432a8774d397c36f7644046
170cc488250afd01b946cc0f6898423ddd4d2c63
135a9d83e16743300023540829d85c90464e8b44f8dd58013dace84596a89043
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sfile.mobi/icon/sfile-icon-192x192.png
104.26.4.191200 OK 10 kB URL GET HTTP/2 sfile.mobi/icon/sfile-icon-192x192.png
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c657c0b27e6a3e98ae2736eab216cdb3
2eab135276b13dc87bdd3314ad8d7462e8246d35
5c9d9f4629d28f3fda7ccf4bae7bf6c53285686854a238b9ac0f2bac00836cb3
GET /icon/sfile-icon-192x192.png HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s; _ga=GA1.1.476752180.1683029131; _gid=GA1.2.717449795.1683029131; _gat=1; _ga_XNQ10X1V2J=GS1.1.1683029131.1.0.1683029131.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/png
content-length: 10001
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11566, status=vary_header_present
etag: "2d2e-572ecea29a780"
expires: Sat, 13 May 2023 23:49:40 GMT
last-modified: Wed, 08 Aug 2018 13:59:10 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 1599346
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VBhyBuRjtioNnpunw8nNO87revQjpQgxvT1erPdej9vwHg3hMBkKLaXsVK2vpFGOls%2FeWYXZCWy9hOMQ1YRGHt4hf%2BLUx8SsDWpIoNAx5q%2BLNyjwXuiasUllNxQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e9c81eb505-OSL
X-Firefox-Spdy: h2
sfile.mobi/icon/sfile-favicon.png
104.26.4.191200 OK 1.6 kB URL GET HTTP/2 sfile.mobi/icon/sfile-favicon.png
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c95ba8563fa6c88c0a431fc97b8175b
52d10299240136ff498c6dae3847662f9953d150
3438b8c9e88b10b9ea2cd353929ab4d345d679a842313c78123b25c290bb7902
GET /icon/sfile-favicon.png HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s; _ga=GA1.1.476752180.1683029131; _gid=GA1.2.717449795.1683029131; _gat=1; _ga_XNQ10X1V2J=GS1.1.1683029131.1.0.1683029131.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/png
content-length: 1626
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2055, status=vary_header_present
etag: "807-554f42e2ce1c0"
expires: Sat, 27 May 2023 17:42:46 GMT
last-modified: Sun, 23 Jul 2017 04:03:27 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 411760
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25ALvex6ea2uZStxN80Ze1TF%2Fz9q2pEsNe2L%2F2wjbSQ6gF9Y%2Bh4mrdmrwV7wqouHwIaYStUdJoOtSIHgmZ7qEBYYAHWGujedraWgxu99CyyE%2BpZNBArKpVpilNs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e9c81fb505-OSL
X-Firefox-Spdy: h2
sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
104.26.4.191200 OK 21 kB URL GET HTTP/2 sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type Web Open Font Format (Version 2), TrueType, length 20724, version 1.0\012- data
Hash 43c849ea0258ce0d23a480e840881f16
5222f2283ff9eed9c05025b15dcca453a43cb8c3
b3287a4018a220fe4a205c68bbb34a847fe5038c5dfbe575dd538df025b0497a
GET /includes/fonts/raleway-v14-latin-regular.woff2 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s; _ga=GA1.1.476752180.1683029131; _gid=GA1.2.717449795.1683029131; _gat=1; _ga_XNQ10X1V2J=GS1.1.1683029131.1.0.1683029131.0.0.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-length: 20724
last-modified: Mon, 26 Aug 2019 01:13:52 GMT
etag: "50f4-590fade753400"
cache-control: max-age=604800
expires: Mon, 08 May 2023 21:39:52 GMT
x-frame-options: DENY
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 51933
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dayS5%2FNi8%2BJkSqa4J4JA349HLinczMEmKp1K7osfaV7drlJzBJYK6BuQI3yRkh2c%2B0dqAmccachx%2FSBfIFIz%2BXAn78XfJ%2F6DkrlVTmXGGbe%2BpRzCS7HCP7%2FIvXQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e9e84cb505-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 444e12ef207a14b2aded165f4a3118c8
210e2ea743b3ce285a27a45ef049907c44d515fe
81e4030c7aff78308f15d9f9d7d1cce06116b44d89073dc8e93bbab460398a78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 444e12ef207a14b2aded165f4a3118c8
210e2ea743b3ce285a27a45ef049907c44d515fe
81e4030c7aff78308f15d9f9d7d1cce06116b44d89073dc8e93bbab460398a78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sfile.mobi/icon/smallicon/dll.svg
104.26.4.191200 OK 48 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/dll.svg
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1149), with no line terminators
Hash e67253750cb948616978fbd168290d14
120904ca6577d6332db235b13e42c1b098ab4d71
5acbc595962bde43406fa9c8dc64de8e080390585b33a5118b6b5fe7cd41d056
GET /icon/smallicon/dll.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:46:59 GMT
etag: W/"47d-554f4c9dcd6c0-gzip"
cache-control: max-age=604800
expires: Tue, 09 May 2023 12:05:26 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSgLz7%2FwDCTkFMXOe3qkMWyHMxc3zm4yy606a7pLCeS5hOv4zB2HfWp7zlqkpkxR0nFQQWQSQavJfQg7JNurJaT15uVnUL%2F06Wu%2FKFXBA6W9vWAqtpZuuqFVuWo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e78d2ab505-OSL
content-encoding: br
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086
142.250.74.162200 OK 47 kB URL GET HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086
IP 142.250.74.162:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type ASCII text, with very long lines (3605)
Hash b53426eb84e4302d5bbec1c9c9b3e4c9
bcaef6fd945d13ac47e9d5517d2b0fd42e271162
3f1c2f18382cbb6f42db6fb5f20a1aa1c823d8b2cde5d0abc466f8a04b5d8a7c
GET /pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 02 May 2023 12:05:26 GMT
expires: Tue, 02 May 2023 12:05:26 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15675267071384733763
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47361
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 444e12ef207a14b2aded165f4a3118c8
210e2ea743b3ce285a27a45ef049907c44d515fe
81e4030c7aff78308f15d9f9d7d1cce06116b44d89073dc8e93bbab460398a78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8624516704918086&plah=sfile.mobi
142.250.74.162200 OK 122 kB URL GET HTTP/3 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8624516704918086&plah=sfile.mobi
IP 142.250.74.162:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type ASCII text, with very long lines (4405)
Size 122 kB (121999 bytes)
Hash 1738067571cb4de840003ba47ec387c0
617ba406e313508d041e8402114df7331b1cd967
c2a3eb77f601faf1b3833f4cc83acb1d7e828e9b476ad754108e3d5aa61948dd
GET /pagead/managed/js/adsense/m202304260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8624516704918086&plah=sfile.mobi HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 02 May 2023 12:05:26 GMT
expires: Tue, 02 May 2023 12:05:26 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 17241353899005347384
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 121999
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=1024&x=0&y=0
142.250.74.162204 No Content 0 B URL GET HTTP/3 pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=1024&x=0&y=0
IP 142.250.74.162:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=ach_evt&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=1024&x=0&y=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 12:05:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 5b9c682934b9342f7b93d5381eef1bd0
60ec5aca14c0c7b262acc39e93a6d0c492ec250a
d72e35eeb5ed1c88d607ece8d1a9661bb528c1ab3c9bb5f64dd92d61144991ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086
216.58.207.226200 OK 250 B URL GET HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086
IP 216.58.207.226:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.googleadservices.com
Fingerprint64:FB:54:D3:87:13:FF:E1:0B:82:AB:82:7D:DD:06:E3:5E:CB:77:C2
ValidityMon, 03 Apr 2023 08:21:53 GMT - Mon, 26 Jun 2023 08:21:52 GMT
File type ASCII text, with very long lines (387), with no line terminators
Hash ff4faf7bef768828bed4f5e3a774bc7f
824c6af04c22a4ad8ff56b0015bd2ea61509f1d7
f52fea10b623c946cb06b97506ea4fcdd3cc16c046e3689a930a2ed7f382a0c0
GET /gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 02 May 2023 12:05:27 GMT
server: cafe
cache-control: private
content-length: 250
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 6cbb9f15d1911c8b9960fa84cd46746a
5a818e7c516f66d74cc89cdc417740f76f19b325
d6f500b8a531532af0fafd55c442a163882a946d5f01c2ade121100c24e80b4c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 3f301cb8cc783db554d296f63066b59e
06ac9c5e849333806825d1eaba41aa942890abf5
e7c6bc2399c379dee3c6e38413d5127684044f62ca35c063f8de721864a27988
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=sfile.mobi
142.250.74.130200 OK 100 B URL GET HTTP/2 adservice.google.com/adsid/integrator.js?domain=sfile.mobi
IP 142.250.74.130:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 02 May 2023 12:05:27 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 5b9c682934b9342f7b93d5381eef1bd0
60ec5aca14c0c7b262acc39e93a6d0c492ec250a
d72e35eeb5ed1c88d607ece8d1a9661bb528c1ab3c9bb5f64dd92d61144991ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=sfile.mobi
142.250.74.66200 OK 100 B URL GET HTTP/2 adservice.google.no/adsid/integrator.js?domain=sfile.mobi
IP 142.250.74.66:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.google.no
FingerprintA5:D0:38:67:8E:62:86:24:29:BC:82:07:2E:29:1E:0B:C8:29:09:29
ValidityMon, 03 Apr 2023 08:27:03 GMT - Mon, 26 Jun 2023 08:27:02 GMT
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 02 May 2023 12:05:27 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 6cbb9f15d1911c8b9960fa84cd46746a
5a818e7c516f66d74cc89cdc417740f76f19b325
d6f500b8a531532af0fafd55c442a163882a946d5f01c2ade121100c24e80b4c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 3f301cb8cc783db554d296f63066b59e
06ac9c5e849333806825d1eaba41aa942890abf5
e7c6bc2399c379dee3c6e38413d5127684044f62ca35c063f8de721864a27988
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230426&st=env
142.250.74.162200 OK 11 kB URL GET HTTP/3 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230426&st=env
IP 142.250.74.162:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type JSON data\012- , ASCII text, with very long lines (14925), with no line terminators
Hash 1061a409dd7f972ffff83a8c556be5c6
446d7c64580c73281eadf65a3fd88499f7786574
8f7e2b9502e8fc0ec47ca0590dcbb7bad6969afe710a575d1a558c0812805183
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230426&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Tue, 02 May 2023 12:05:27 GMT
server: cafe
content-length: 11265
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 1d648f18efe1baa540d3e04a25df7906
4efda4bc34dee9895df2a713e3a684f1dc7586a6
83bcd79372bcc6d270ad40acb221df6f2519126b82129e4cdf64a10afc8ff57e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 02 May 2023 12:05:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.193200 OK 6.4 kB URL GET HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.193:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subjecttpc.googlesyndication.com
FingerprintFA:BE:2D:1E:F9:2F:85:0D:1C:53:23:E1:8F:CB:37:95:4E:97:B5:6F
ValidityMon, 03 Apr 2023 08:24:19 GMT - Mon, 26 Jun 2023 08:24:18 GMT
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Tue, 02 May 2023 12:05:27 GMT
expires: Tue, 02 May 2023 12:05:27 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.207.193200 OK 5.0 kB URL GET HTTP/3 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.207.193:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://sfile.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 01 May 2023 21:25:19 GMT
expires: Tue, 30 Apr 2024 21:25:19 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 52808
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
104.26.4.191200 OK 7.3 kB URL User Request GET HTTP/2 IP 104.26.4.191:443
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (557), with CRLF, LF line terminators
Hash bce869584269bf165e533c19f4905699
4d76c262fe5e412d42f547903e00a4ac4c0b976e
29f7bc66e0062f821fd24b0d44e06d3539f1b1009f52356eca60fcd1c818dd3f
Analyzer Verdict Alert fortinet Malware
GET /8qDIlsUE3CI HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _v503061=1; expires=Wed, 03-May-2023 12:05:26 GMT; Max-Age=86400; path=/8qDIlsUE3CI
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L6igvTMVb3A2dmxeszutu%2B0%2FxOjqvSIwbLpGmSaFMPd2gRtUwFsODqbNp9HGQ5oyyWXJo%2FEYPkRRq43uePlDUNGZBV7O%2FU0NgHMcoQ%2FenfZbdOT8VCksJ9ajgSY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e4d8d8b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/bg/sRhYKH_5dmvPrul9dgGb794WXhJ3dcjrskH3Px1HIuI.js
142.250.74.162 14 kB URL pagead2.googlesyndication.com/bg/sRhYKH_5dmvPrul9dgGb794WXhJ3dcjrskH3Px1HIuI.js
IP 142.250.74.162:0
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type ASCII text, with very long lines (35679)
Hash 1b796998ad4a536944065a9772ac0da6
86793895c4d858211235b6776107fde5b7bae4b8
abfb8e88707744168f8c134ebb84247efda77b6c6e160b7aa59d604fa1bf53bd
GET /bg/sRhYKH_5dmvPrul9dgGb794WXhJ3dcjrskH3Px1HIuI.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 30 Apr 2023 13:36:02 GMT
expires: Mon, 29 Apr 2024 13:36:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 09:48:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 167365
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 513 B URL GET HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC3:7C:54:CD:86:09:A4:3E:2C:6D:EC:7C:FA:65:7B:3E:64:CB:10:E0
ValidityMon, 03 Apr 2023 08:25:07 GMT - Mon, 26 Jun 2023 08:25:06 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 373baabe9e6dd13f27f262679cde46e4
67e865f13b38c5da65ae9323f849d2f091b9122d
cf8fab41b1b8fa556856b17bc19fe5661dca1bdab0e4ca7423c6939e1adf005a
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 02 May 2023 12:05:27 GMT
date: Tue, 02 May 2023 12:05:27 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-L_Jdszf6PNPOgXUbDvI8lA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230426&jk=645725597228390&rc=
142.250.74.162204 No Content 0 B URL GET HTTP/3 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230426&jk=645725597228390&rc=
IP 142.250.74.162:443
Requested by https://www.google.com/recaptcha/api2/aframe
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230426&jk=645725597228390&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 02 May 2023 12:05:27 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tpc.googlesyndication.com/generate_204?h_xKbw
216.58.207.193 0 B URL tpc.googlesyndication.com/generate_204?h_xKbw
IP 216.58.207.193:0
Certificate IssuerGoogle Trust Services LLC
Subjecttpc.googlesyndication.com
FingerprintFA:BE:2D:1E:F9:2F:85:0D:1C:53:23:E1:8F:CB:37:95:4E:97:B5:6F
ValidityMon, 03 Apr 2023 08:24:19 GMT - Mon, 26 Jun 2023 08:24:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?h_xKbw HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 12:05:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230426&jk=645725597228390&bg=!w8ClwJTNAAb9Sbh13Uk7ADkAdvg8WjHEwnYK2HOWmsRJj9602n5ZS0GYqHjcycTLU63oApXzsdW4e82SX3tUz9qGrvd1XjmL-VkCAAAAr1IAAAAEaAEHCgDgtRyGesaM9IYKhRQJf3asBT92HRhkjuJeYCcCMLGTWnmwtJv026-NnMyHTjd8XoDBeHyCz-VQ24NUI0HR4t2eW32y9xSZYhFTVpxKIzLt75liiwhESMW_ZWK1kJrMUmg5HEQn3jNRkTTS_ubPvGQUzbMJvSlmeYZxC6Cd-IRDTewjAhfdawdCR1bREyAuaQUjFp7uXA8Y8RrfFvCjvV8njloPpu2crqACH0KrOvTpBF0o13EyLUZkylrmBK4zVV0kRgP-7aN2ko7WBSqbZhHB-wCPMJuUGAM-M1jDeQkvhNeZAoKLa1d3wNWlnslkzTIiZ1ghYpglKZv3831yMbys0KMfTYFfrRa37RxJiVUEebLzeXyMaHmL9znfKafcj8VbocxkXzipczTSkHdi00IsHllDasqIq66aEuJOwPxpdfqlE5qd_y1YIDI3YjsMy5L4OCoNpT-K_0eGHBGoj6xOeCZKF3fvAQ_fnDfVz4ofGeDikFSxu0miF4OQQ2UyUBRZVu8zIicwX_faVwTxJrxI68_VFV9W77MEKZh9EIvqIlZ6hFscbIxRHS_HIaRQlkBWdVrvepj1Tg_YjW5Jt2SghSOJ85MhXWajt-W_3Td2rDXdpaPbkOs7Grg-HW7YpeX5PFymfJEpiFWYNWJSkYuHQ_RN2pXVg4y2Q_1bV66Vm-C8zX2dLzwO_Ev6YcVp8yDvHzLjjPkMbhptW2WsVSBlXLjXWfIFY8wxLnMgxgDJXgiofMsS_meWRiF-4v6f_QA2Jpg7SriS6tSbdU0GE3a1mtOrPbSLCAIOVVKe-ZQ0njZOaZ2VoOY1ufJ16D2ro5ydEWPReOeSUImWqIuA_94ayCTmMFO4CO1BLu2o0KGZFZRgur9PTFtWYXsPUs7pqys7ki2Dx8qc0DRF66Q8hQyMWaoZI5Hu6Dj5iTuIHwxZg9nDSNXNRk2aijvxbmKKkSBfiXG1tZrS7ODxgyxNOmYArJs5ThGR2OvAd2eoB-T4OWczJHlW1bEodcBoDSRovrzrUyU9DI6nwHoaPJZPU0ZAyH102uyqsDIq0FDPK6lAAPvUSWujO3HoQKvrGwRcY5H2JV8Md20VQFUkcWIh7vKFKfEK_tnULN0gYTFKkTJ26Xkip8LZKL-uBdOnJPxrNGQwvR4TYBs
142.250.74.162204 No Content 0 B URL GET HTTP/3 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230426&jk=645725597228390&bg=!w8ClwJTNAAb9Sbh13Uk7ADkAdvg8WjHEwnYK2HOWmsRJj9602n5ZS0GYqHjcycTLU63oApXzsdW4e82SX3tUz9qGrvd1XjmL-VkCAAAAr1IAAAAEaAEHCgDgtRyGesaM9IYKhRQJf3asBT92HRhkjuJeYCcCMLGTWnmwtJv026-NnMyHTjd8XoDBeHyCz-VQ24NUI0HR4t2eW32y9xSZYhFTVpxKIzLt75liiwhESMW_ZWK1kJrMUmg5HEQn3jNRkTTS_ubPvGQUzbMJvSlmeYZxC6Cd-IRDTewjAhfdawdCR1bREyAuaQUjFp7uXA8Y8RrfFvCjvV8njloPpu2crqACH0KrOvTpBF0o13EyLUZkylrmBK4zVV0kRgP-7aN2ko7WBSqbZhHB-wCPMJuUGAM-M1jDeQkvhNeZAoKLa1d3wNWlnslkzTIiZ1ghYpglKZv3831yMbys0KMfTYFfrRa37RxJiVUEebLzeXyMaHmL9znfKafcj8VbocxkXzipczTSkHdi00IsHllDasqIq66aEuJOwPxpdfqlE5qd_y1YIDI3YjsMy5L4OCoNpT-K_0eGHBGoj6xOeCZKF3fvAQ_fnDfVz4ofGeDikFSxu0miF4OQQ2UyUBRZVu8zIicwX_faVwTxJrxI68_VFV9W77MEKZh9EIvqIlZ6hFscbIxRHS_HIaRQlkBWdVrvepj1Tg_YjW5Jt2SghSOJ85MhXWajt-W_3Td2rDXdpaPbkOs7Grg-HW7YpeX5PFymfJEpiFWYNWJSkYuHQ_RN2pXVg4y2Q_1bV66Vm-C8zX2dLzwO_Ev6YcVp8yDvHzLjjPkMbhptW2WsVSBlXLjXWfIFY8wxLnMgxgDJXgiofMsS_meWRiF-4v6f_QA2Jpg7SriS6tSbdU0GE3a1mtOrPbSLCAIOVVKe-ZQ0njZOaZ2VoOY1ufJ16D2ro5ydEWPReOeSUImWqIuA_94ayCTmMFO4CO1BLu2o0KGZFZRgur9PTFtWYXsPUs7pqys7ki2Dx8qc0DRF66Q8hQyMWaoZI5Hu6Dj5iTuIHwxZg9nDSNXNRk2aijvxbmKKkSBfiXG1tZrS7ODxgyxNOmYArJs5ThGR2OvAd2eoB-T4OWczJHlW1bEodcBoDSRovrzrUyU9DI6nwHoaPJZPU0ZAyH102uyqsDIq0FDPK6lAAPvUSWujO3HoQKvrGwRcY5H2JV8Md20VQFUkcWIh7vKFKfEK_tnULN0gYTFKkTJ26Xkip8LZKL-uBdOnJPxrNGQwvR4TYBs
IP 142.250.74.162:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230426&jk=645725597228390&bg=!w8ClwJTNAAb9Sbh13Uk7ADkAdvg8WjHEwnYK2HOWmsRJj9602n5ZS0GYqHjcycTLU63oApXzsdW4e82SX3tUz9qGrvd1XjmL-VkCAAAAr1IAAAAEaAEHCgDgtRyGesaM9IYKhRQJf3asBT92HRhkjuJeYCcCMLGTWnmwtJv026-NnMyHTjd8XoDBeHyCz-VQ24NUI0HR4t2eW32y9xSZYhFTVpxKIzLt75liiwhESMW_ZWK1kJrMUmg5HEQn3jNRkTTS_ubPvGQUzbMJvSlmeYZxC6Cd-IRDTewjAhfdawdCR1bREyAuaQUjFp7uXA8Y8RrfFvCjvV8njloPpu2crqACH0KrOvTpBF0o13EyLUZkylrmBK4zVV0kRgP-7aN2ko7WBSqbZhHB-wCPMJuUGAM-M1jDeQkvhNeZAoKLa1d3wNWlnslkzTIiZ1ghYpglKZv3831yMbys0KMfTYFfrRa37RxJiVUEebLzeXyMaHmL9znfKafcj8VbocxkXzipczTSkHdi00IsHllDasqIq66aEuJOwPxpdfqlE5qd_y1YIDI3YjsMy5L4OCoNpT-K_0eGHBGoj6xOeCZKF3fvAQ_fnDfVz4ofGeDikFSxu0miF4OQQ2UyUBRZVu8zIicwX_faVwTxJrxI68_VFV9W77MEKZh9EIvqIlZ6hFscbIxRHS_HIaRQlkBWdVrvepj1Tg_YjW5Jt2SghSOJ85MhXWajt-W_3Td2rDXdpaPbkOs7Grg-HW7YpeX5PFymfJEpiFWYNWJSkYuHQ_RN2pXVg4y2Q_1bV66Vm-C8zX2dLzwO_Ev6YcVp8yDvHzLjjPkMbhptW2WsVSBlXLjXWfIFY8wxLnMgxgDJXgiofMsS_meWRiF-4v6f_QA2Jpg7SriS6tSbdU0GE3a1mtOrPbSLCAIOVVKe-ZQ0njZOaZ2VoOY1ufJ16D2ro5ydEWPReOeSUImWqIuA_94ayCTmMFO4CO1BLu2o0KGZFZRgur9PTFtWYXsPUs7pqys7ki2Dx8qc0DRF66Q8hQyMWaoZI5Hu6Dj5iTuIHwxZg9nDSNXNRk2aijvxbmKKkSBfiXG1tZrS7ODxgyxNOmYArJs5ThGR2OvAd2eoB-T4OWczJHlW1bEodcBoDSRovrzrUyU9DI6nwHoaPJZPU0ZAyH102uyqsDIq0FDPK6lAAPvUSWujO3HoQKvrGwRcY5H2JV8Md20VQFUkcWIh7vKFKfEK_tnULN0gYTFKkTJ26Xkip8LZKL-uBdOnJPxrNGQwvR4TYBs HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 02 May 2023 12:05:28 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sfile.mobi/icon/smallicon/hc.svg
104.26.4.191200 OK 1.9 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/hc.svg
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2012), with no line terminators
Hash ac183bad8a9dbea7038a83b440a985dd
eac21265d4d46cd44cd2b73efdc1c12e5af9d173
62d431a9b2d8a25f68461812168eb6a82ddc27246de49e73246d215b2a431aba
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/hc.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/svg+xml
last-modified: Mon, 07 Sep 2020 16:11:11 GMT
etag: W/"77a-5aebb7786e5c0-gzip"
cache-control: max-age=604800
expires: Fri, 05 May 2023 12:32:07 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 343999
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h6Q1Sums10HlbmPomd2pXmxoUiNvbMAJsdZHvx6b8PqeGUs6nedTFN0j5rbQ5ORYOvFTNkadzSHySkDjCwPeMfPPWZq2%2BegEN071LW1jt1CUTE3UB3nE64t1R3U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e78d2db505-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/apk.svg
104.26.4.191200 OK 2.5 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/apk.svg
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2467), with no line terminators
Hash 469674871e148e599e809ddc7572d14d
99394ad1a68c8998e3fe431110833bd7e66477bd
51b16bf6325b4773905added21bd82bfbd1f8fa9ee86039bc7b3b572f376ae99
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/apk.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 05:51:20 GMT
etag: W/"995-554f5afff0600-gzip"
cache-control: max-age=604800
expires: Mon, 08 May 2023 14:59:01 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 75985
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GLPMQk%2BJ%2B7COGNM64wLRAU%2B8rLxIXVHwi4VFz9nAlsu%2FnOFftz3RIp7RTpIarLVFN3g490GhB2DS%2Fa54E4YV9bVAnYimKwhhCRWjoDNusJgOlRGZ%2BNJptU211aM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e78d30b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
104.17.24.14200 OK 77 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.17.24.14:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 77160
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 64648
expires: Sun, 21 Apr 2024 12:05:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iHDBwDODDRtBIXohhMlkpFt7OlX7O2WIDk7O0a55IDkdiQQOP6w%2FZeclS7JFqvx7P6eY4NZcVvQZFsOiLxfPZrj0HIkWhGR6WwzlJGsONCLs5%2BhVWbE0Tu4p14JzUB8B2NAZNw%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c1021e8ab00b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
sfile.mobi/icon/smallicon/npv4.svg
104.26.4.191200 OK 1.7 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/npv4.svg
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1816), with no line terminators
Hash c22256205cc3d0d09276e1bd374f9c98
5d0bb88215bd5d666284af22f995d304e4e9e677
64e21fce1bdd5e9475b77480999e44c238ba3157349f4f2dba1033911ec52a1b
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/npv4.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Jun 2021 01:54:25 GMT
etag: W/"6a8-5c5652fa0f640-gzip"
cache-control: max-age=604800
expires: Sat, 06 May 2023 14:43:33 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 249713
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NaD4uVDvboviOeZ%2Fh3OzNMdEhfDnGLsFPxd77V4fx0%2BSdVIlO50EGovLxGnJQmeUILGejTmEy005ViK9Mpdgth%2FXAorgxpYlYfYSpeDfz5xvK6LIXmfYJaNkcjE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e79d40b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/includes/analytics.js
104.26.4.191200 OK 52 kB URL GET HTTP/2 sfile.mobi/includes/analytics.js
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type ASCII text, with very long lines (12884)
Hash 11f11a9177192e579d9f8d01b4470eb0
06363e5e8104cf124851cb6f9acf8e17ab0fa8ae
c02c34250922dff564644356dfca5559876b0e08323e4ff81f42ffcdb321cef0
GET /includes/analytics.js HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=52082
etag: W/"cb72-5faa59782b7cb-gzip"
expires: Mon, 08 May 2023 21:39:52 GMT
last-modified: Mon, 01 May 2023 18:00:02 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 51934
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JNzzOf%2FMNRjSwTsSXdmL1QqTnoIOiw7tT7c9QIMS6nkYQnDQWyrpljh281GqL2CNzj7l63uuJQawzouBJoabg3RKPxg208giRKWZ7rhy5sl%2FC1IYrq%2FbFkDZoqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e86e7cb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/includes/main-min.css
104.26.4.191200 OK 27 kB URL GET HTTP/2 sfile.mobi/includes/main-min.css
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type ASCII text, with very long lines (25590), with CRLF line terminators
Hash 986660afda6a541addaf77e7fb8a5d4f
cf4dba035df7a09f83d87839d41eb03a24903400
b85136bf0a494514ef0e4321ec8c6754b8f2520868b262811322a62c9863da40
GET /includes/main-min.css HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 05 Nov 2022 06:53:42 GMT
etag: W/"68ea-5ecb3a69a8980-gzip"
cache-control: max-age=2592000
expires: Wed, 31 May 2023 21:39:06 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 51980
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voBQSXU22ZB5kxhU88qI%2B%2BnDJHMDHXp3vYgNG7yFyM%2F0mOv7TsGLDFSdwOWbbfVje82Ji0e6ud%2BHKDB7ZaYw0S%2BMyap1bYeFoVMXQMC%2FxROJKys%2BJiO6MnOtpMc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e78d18b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/txt.svg
104.26.4.191200 OK 3.2 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/txt.svg
IP 104.26.4.191:443
Requested by https://sfile.mobi/8qDIlsUE3CI
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3461), with no line terminators
Hash 5d69bea6e596b46c47d4c48fa425cfe3
25ddd704f96d8704def4ba8faa0ca60d965ebdb4
b3355fc50d12aa158b37b16cd715a47517f45a4a521072990baf63a306e5569d
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/txt.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/8qDIlsUE3CI
Cookie: PHPSESSID=b7k5iq6pmsmjb1uubjjt2srv9s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 02 May 2023 12:05:26 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:35:21 GMT
etag: W/"c81-554f4a0423440-gzip"
cache-control: max-age=604800
expires: Fri, 05 May 2023 08:44:15 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 357671
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e92iYg17lhY2n%2BK3cLy%2BT1ti3X%2FJ2rJ7mtg31SwJQeYG%2FVk1ohY%2FBdtrzK9NPBlijKFw%2BscouK1RlgQ6UPMHgOBMIwZwbWMPMCRw%2BO5K%2FPzZQZDZ1byPkeIc%2Fx8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1021e79d3ab505-OSL
content-encoding: br
X-Firefox-Spdy: h2