dfiles.eu/ru/files/nov2502tp
91.226.124.76200 OK 6.1 kB URL User Request GET HTTP/1.1 dfiles.eu/ru/files/nov2502tp
IP 91.226.124.76:443
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (336), with CRLF, CR, LF line terminators
Hash d45169a2dca865a1a92b18aac1f1e916
ac2fba4ac2e69461ec45e5596889a33e85d432ba
d8b6ea5e381320defd921a1f72a8fe424d397767a5a19eae0b19d9c66737f06d
GET /ru/files/nov2502tp HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; path=/; domain=.dfiles.eu
last_file=nov2502tp; path=/; domain=.dfiles.eu
lang_current=ru; expires=Tue, 21-May-2024 12:57:47 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 8fe4fdacb4bc7ddc187ed527a4044d21
40d4f9abbccfecadc35e9b78d0a9af7bc39e60b2
406cd7d402626ed9e9fbf3fc35aef21d76e7b8c1b122b26c3aaf390e62bccd40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 4b606a89062b860c8b452c4c3877397c
39ba4e3efb89e39deffa0c93cb01b63cb1975e67
85c1f8e7679b507431d39f010a515ddcc840dbcbedfe06edf1ea94a8e7dd2a15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.depositfiles.com/js/jquery.validate.js
91.226.124.81200 OK 38 kB URL GET HTTP/1.1 static.depositfiles.com/js/jquery.validate.js
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-957d"
Expires: Mon, 22 May 2023 13:02:48 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/function.js
91.226.124.81200 OK 35 kB URL GET HTTP/1.1 static.depositfiles.com/js/function.js
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-8863"
Expires: Mon, 22 May 2023 13:02:48 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/css/main.css
91.226.124.81200 OK 47 kB URL GET HTTP/1.1 static.depositfiles.com/css/main.css
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type ASCII text, with very long lines (332)
Hash af57443dfa4bc2d3299321923ae1c57f
d922badb0ed1d665302cf93268e9960d0a04c065
50d446eade67c33dc4dba74f2f2b7480b5021de5a98bfedc1f10ce5c35d966f3
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: text/css
Last-Modified: Tue, 26 Apr 2022 10:45:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6267cd55-2f719"
Expires: Mon, 22 May 2023 13:02:48 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
static.depositfiles.com/js/base2.js
91.226.124.81200 OK 399 kB URL GET HTTP/1.1 static.depositfiles.com/js/base2.js
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type Unicode text, UTF-8 text, with very long lines (65481)
Size 399 kB (398927 bytes)
Hash 2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-6164f"
Expires: Mon, 22 May 2023 13:02:48 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
www.google.com/recaptcha/api.js
142.250.74.164200 OK 557 B URL GET HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint85:AD:43:66:C0:73:07:1B:B5:5D:4A:83:4B:76:3F:DA:4B:2B:E1:F8
ValidityMon, 24 Apr 2023 12:01:16 GMT - Mon, 17 Jul 2023 12:01:15 GMT
File type ASCII text, with very long lines (850), with no line terminators
Hash b7b728964630ecd7e800d650f14695c5
473f7633fea7e2f828c3df9ab19356286f10a692
f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Mon, 22 May 2023 12:57:48 GMT
date: Mon, 22 May 2023 12:57:48 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
142.250.74.72200 OK 85 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
IP 142.250.74.72:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint55:51:32:58:36:72:A1:C8:50:5E:5A:8D:CE:A5:2F:DC:D7:1E:62:03
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT
File type ASCII text, with very long lines (4509)
Hash 163239702e770c938f497b0bcceba9cf
c80b41e3b85c762f076ef379e442af495618bc26
77476cbbb99533e00fa1bb185524db403c412fc3551c0cb1d86bab4666d5384f
GET /gtag/js?id=G-BL9163LYG1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 22 May 2023 12:57:48 GMT
expires: Mon, 22 May 2023 12:57:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85378
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.pubfuture-ad.com/v2/unit/pt.js
104.26.0.97200 OK 3.0 kB URL GET HTTP/2 cdn.pubfuture-ad.com/v2/unit/pt.js
IP 104.26.0.97:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (6612), with no line terminators
Hash 682292a8592cf915768cad01e4b3222d
7cac4c7f0693fe9296ced91b9ea1c60b2475600b
74075ecdd502ca9121a9d6a11e8824771cea3c7e158726e01a2964c750766e1d
GET /v2/unit/pt.js HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:48 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-bgj: minify
access-control-allow-origin: *
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
etag: W/"19d4-fKxMfwaT/pKWztkbnqHGCyR1YAs"
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: HIT
age: 90443
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lx3shDQHoDPRL77LLNdfBXGk0eE%2FWpgo6tVwzrPsPvSJXuXO6JeUBlWyc7ZB3ZVzZwzfQh%2F4z2iTHq%2BIWo9Ln3ZTwuqwct4I2MN%2FPKx5Ehn5Xzvh3FicmZMlT7FnACRsi87hw47%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb53a1e29901c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 73d84022844c72951a56044d4bcf3039
1bb5397b6fdab7f58f63e715bdf3111708d96a2f
a86c145779bbdc93a14c8e42495d6cd431d6d820e268c66e9960244fa7ea3ecf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.wpadmngr.com/static/adManager.js
45.133.44.52200 OK 1.1 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT
File type gzip compressed data, from Unix\012- data
Hash 4237dc068ce845f1292d9163def36dd5
a5df2103b9d2f74e034dcc068559f40ec6b94696
0a21a191ec82c7b5e4c1b49d70f0a3dd94df5c698516974d61e88404765490ca
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:48 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Mon, 22 May 2023 13:02:48 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
173.233.137.36200 OK 13 kB URL GET HTTP/1.1 pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP 173.233.137.36:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
File type ASCII text, with very long lines (37179), with no line terminators
Hash cd9fbf2a2e9cf3e6ef15d6fab526f14c
3d7ce7ad1396ed1844fe444cca26bcac6de1cbc3
30e364ace5487fc6e6ca4ae64e46d60d21f2a27e92e82cc3da57cbcdf9c64369
Analyzer Verdict Alert fortinet Malware
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5db988bd3d7f00e9939d100446baa7f6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/logo.png
91.226.124.81200 OK 3.6 kB URL GET HTTP/1.1 static.depositfiles.com/images/logo.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-e27"
Accept-Ranges: bytes
static.depositfiles.com/images/member_menu_bg.gif
91.226.124.81200 OK 78 B URL GET HTTP/1.1 static.depositfiles.com/images/member_menu_bg.gif
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-4e"
Expires: Sat, 27 May 2023 12:57:49 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/timer.gif
91.226.124.81200 OK 12 kB URL GET HTTP/1.1 static.depositfiles.com/images/timer.gif
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 70 x 70\012- data
Hash fb170c2ce20d8088b7cee465689c3637
9759429c7de6921580fac900c4c6026c758bb94c
6b5c53dd4d2d07c854e019e55458ff9652a4d9b7bf1fe8848ad00ca16032e294
GET /images/timer.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/gif
Content-Length: 11607
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-2d57"
Expires: Sat, 27 May 2023 12:57:49 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/flags/lang24.png
91.226.124.81200 OK 9.2 kB URL GET HTTP/1.1 static.depositfiles.com/images/flags/lang24.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-23d4"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite.png
91.226.124.81200 OK 37 kB URL GET HTTP/1.1 static.depositfiles.com/images/sprite.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-8fc2"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite16.png
91.226.124.81200 OK 28 kB URL GET HTTP/1.1 static.depositfiles.com/images/sprite16.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-6f55"
Accept-Ranges: bytes
ocsp.r2m01.amazontrust.com/
143.204.48.16 471 B URL ocsp.r2m01.amazontrust.com/
IP 143.204.48.16:0
Hash 4fb4e14360269a777e89f1f9175622e9
1a252cc9528cd7d4a2291b23795c29708a982a9d
0426e5f6443589135ea3c7a50269889d57dcf256ddd32bc9374839cdb71612e5
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Mon, 22 May 2023 12:57:49 GMT
Last-Modified: Mon, 22 May 2023 12:12:06 GMT
Server: ECAcc (nya/1C6C)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _EhvkwRPxxOkUTM5XrgQGSYs1RmKK4iPDdXiPxUS_Htgss1jmalBLA==
Age: 2744
simplewebanalysis.com/stats
18.192.155.180200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 18.192.155.180:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash ce31f5b8d85c38a8a5960dbf08fdb063
d76d0785dddfdba73670d27bc9e5e12305c41d0f
a2029a3adc9e8733af17665d85d5babf86f2f38a3817048ac73247a24cca43c3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca:3:1; expires=Thu, 19 May 2033 12:57:49 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
adsbb.dfiles.eu//ad.php?z=7&c=NO&g=no_file&u=646b66cbe1a0a-56726135
91.226.124.80303 See Other 0 B URL GET HTTP/1.1 adsbb.dfiles.eu//ad.php?z=7&c=NO&g=no_file&u=646b66cbe1a0a-56726135
IP 91.226.124.80:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=7&c=NO&g=no_file&u=646b66cbe1a0a-56726135 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf7=1; expires=Tue, 23-May-2023 12:57:49 GMT; Max-Age=86400
Location: /upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=60&c=NO
91.226.124.80303 See Other 0 B URL GET HTTP/1.1 adsbb.dfiles.eu//ad.php?z=60&c=NO
IP 91.226.124.80:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=60&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf60=1; expires=Tue, 23-May-2023 12:57:49 GMT; Max-Age=86400
Location: /upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=no_file
91.226.124.80303 See Other 0 B URL GET HTTP/1.1 adsbb.dfiles.eu//ad.php?z=58&c=NO&g=no_file
IP 91.226.124.80:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=58&c=NO&g=no_file HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Tue, 23-May-2023 12:57:49 GMT; Max-Age=86400
Location: /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=56&c=NO
91.226.124.80303 See Other 0 B URL GET HTTP/1.1 adsbb.dfiles.eu//ad.php?z=56&c=NO
IP 91.226.124.80:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Tue, 23-May-2023 12:57:49 GMT; Max-Age=86400
Location: /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
friendshipmale.com/sfp.js
172.64.140.24200 OK 74 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP 172.64.140.24:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 8bf542db65f0ff20d510889d62e5e092
1b1b7cc04275b7641e2f07b0f4bf99b5387303bf
77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e96937981638562bbda2dad794d9c681
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 22 May 2023 12:57:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Edd8MT7VigRjYFXTFNtrzMUGmuk8M3M9xe1ISDAp71WGbpA7pyPNTqkRd8dwUOMgfsupG%2BlhrygXeXFXKOkT7ZntRoJxQY0UXqt6rdY45hQgR0TtBNthFFI1w5JCKmJbLznpZ%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a22c8958880-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.80200 OK 670 B URL GET HTTP/1.1 adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.80:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 76bdc27ed23e8861cc37b1f623a2fc38
412d6e0a67e7fc50b6d2351f3b1864b301466f20
3aec406595384aaa86ecfd3b6c29b72ddcc46414be2f9bc4e6ed6b39c86c6c95
GET /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Mon, 22 May 2023 12:55:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.80200 OK 670 B URL GET HTTP/1.1 adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.80:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash c7509bd14e0e4597d2ddaa92e4f3855e
ef498db81d3382d75a962059c374350c9b0d3614
4cb6f19c6dd7743179be310e7f1f197e89ca46834aac27c587b73cf2bc6cf85b
GET /upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Mon, 22 May 2023 12:55:01 GMT
Content-Encoding: gzip
na.nawpush.com/tags/46445?version_name=d
45.133.44.25200 OK 578 B URL GET HTTP/2 na.nawpush.com/tags/46445?version_name=d
IP 45.133.44.25:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectna.nawpush.com
Fingerprint06:8A:2E:29:09:91:41:F0:6E:1C:15:DE:41:23:FB:9C:E4:5B:47:B0
ValidityMon, 03 Apr 2023 01:01:43 GMT - Sun, 02 Jul 2023 01:01:42 GMT
File type JSON data\012- , ASCII text, with very long lines (578), with no line terminators
Hash 48cf99226e98595889e80d389697c90c
6c6f7b9047532c20c72d68b246dafe3db8ca16b5
e81d3360bc9596b20a9ea1289549039c2b4d0350a4cd9122c1578605b56f7055
GET /tags/46445?version_name=d HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/json
content-length: 578
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.80200 OK 2.4 kB URL GET HTTP/1.1 adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.80:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (879)
Hash 84a7f34786af7d3e931bb8802dead4f5
338236af2ab0737b4cfd33a0ceca659572c918e7
a705ff060fcac31c1020a33e654c505dd379c93da8a3d5e8535b7d2a46517137
GET /upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Mon, 22 May 2023 12:55:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.80200 OK 678 B URL GET HTTP/1.1 adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.80:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 63818b58463bdb287634f8579dfd9179
ac385cf361a2c977b03e62f5f68bcbddd743cca8
de38551de875cc0fc3ae6b1bc4e66967ea25f9b3f690d84ca3cc9ce290dd09ed
GET /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Mon, 22 May 2023 12:55:01 GMT
Content-Encoding: gzip
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.53200 OK 0 B URL GET HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Mon, 22 May 2023 13:02:49 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
variedpretenceclasped.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
173.233.139.164200 OK 29 kB URL GET HTTP/1.1 variedpretenceclasped.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 2353be6f557c3dc8f40d9718370df747
65c8563b35f4cc05fbd4643067251b24bab5a7ee
43eebee0857eaaeb3389acedd9b561377bd5ca4508fe444466f6e7f1e0962c94
Analyzer Verdict Alert quad9 Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9ba885bb13d03d2c0f1a729f86455f5a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ip2geo.pubfuture-ad.com/detail
172.67.70.21200 OK 33 B URL GET HTTP/2 ip2geo.pubfuture-ad.com/detail
IP 172.67.70.21:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 007af5ffed017e37943df31888ef8666
2877ed4c460ba9164b3625e32502a9d83a2a1d4a
bfb9d45766b6f87ee2c5f55862cdffe168aa7df0ff6ed0917b0fbcb035fdcdd2
GET /detail HTTP/1.1
Host: ip2geo.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/json; charset=utf-8
content-length: 33
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"21-KHftTEYLqRZLNiXjJQKp2DoqHUo"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDfxzFxF%2B%2BNmSE%2FIUGuB9LqriYYTUqnmgnjvwwXJQFdvbS%2BaWLT3G%2FuePc3v7pb1BvkUkS10zZLv0joT9BZsz7i8wff%2BCO4wbkYGnTRXvqHQGYhauITwWEr%2BNZEazs1nMxuBdReP9gPO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb53a235c910b49-OSL
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.192.155.180200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 18.192.155.180:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash ce31f5b8d85c38a8a5960dbf08fdb063
d76d0785dddfdba73670d27bc9e5e12305c41d0f
a2029a3adc9e8733af17665d85d5babf86f2f38a3817048ac73247a24cca43c3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
jsc.mgid.com/d/e/depositfiles.com.3334.js
104.19.135.78200 OK 86 kB URL GET HTTP/2 jsc.mgid.com/d/e/depositfiles.com.3334.js
IP 104.19.135.78:443
Requested by https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint44:BF:9D:AD:98:A7:1A:F2:1D:18:EF:4E:3E:BE:C0:D8:28:4D:9F:04
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (2681), with no line terminators
Hash 0fcaf139ba4779f96ff73f21e25c5fcd
d682d1547e69aeace79744c953966b136d8123fb
fa26488d3d63a885506d39afecbf0e24a120024974e51c13fbaebec607cde633
GET /d/e/depositfiles.com.3334.js HTTP/1.1
Host: jsc.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=2682
etag: W/"dc4a6a72287fc2c12d0a694c456249a5"
last-modified: Thu, 11 May 2023 07:52:34 GMT
x-amz-id-2: wf7rOHIB8wOFVPKVqSi1BYgQdLnc13saXsO5GL0HBWPwFu1o5ge2dwoXEYiwpfKxO7WOD1o0RMk=
x-amz-request-id: TDY2VSJSHQHN6445
x-amz-server-side-encryption: AES256
x-amz-version-id: gNGWYSrdgKjFIAUHdjefF0xeI2yJMdjT
cf-cache-status: HIT
age: 2927
expires: Mon, 22 May 2023 15:57:49 GMT
cache-control: public, max-age=10800
set-cookie: __cf_bm=rS1Ws8Q8eAtYDIKJM.jzbbaU.v2hifzj7_X98j463kU-1684760269-0-ATUoub/EGup6UA4ILRmhus3cjtyp1II8TaIzTrc8WS1MfdG2hK3RhhnhdiLVFZSIrD+MP6xEjZ/h7YCtMcEBahw=; path=/; expires=Mon, 22-May-23 13:27:49 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a260e980b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.80200 OK 85 kB URL GET HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.80:443
Requested by https://adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.80200 OK 85 kB URL GET HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.80:443
Requested by https://adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.80200 OK 85 kB URL GET HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.80:443
Requested by https://adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
static.depositfiles.com/images/favicon.ico
91.226.124.81200 OK 318 B URL GET HTTP/1.1 static.depositfiles.com/images/favicon.ico
IP 91.226.124.81:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-13e"
Accept-Ranges: bytes
variedpretenceclasped.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
173.233.139.164200 OK 3.1 kB URL GET HTTP/1.1 variedpretenceclasped.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
File type JSON data\012- , ASCII text, with very long lines (5415), with no line terminators
Hash c3c158803e7b101b114c2812e9f572a8
a900b5a5c7f4ba7dba7ae7a622de1b020770c98a
69aa776d444f38b77c160b7a8270d507585ae7f501e79e479b9ddb2a4a20c73f
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Tue, 23 May 2023 12:57:49 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 23 May 2023 12:57:50 GMT; secure; SameSite=None
uncs=1; expires=Tue, 23 May 2023 12:57:50 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 23 May 2023 12:57:50 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 23 May 2023 12:57:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9de0c51e2cac3ec4e6707f07a1af6112
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
142.250.74.99200 OK 167 kB URL GET HTTP/2 www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
IP 142.250.74.99:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type ASCII text, with very long lines (554)
Size 167 kB (166637 bytes)
Hash 213e1a6e418f3df36f2ec077314ef525
7a553e545a48271f3afec47b3ed5f3518cfdd7b4
ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d
GET /recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166637
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 12:27:21 GMT
expires: Tue, 21 May 2024 12:27:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 May 2023 04:00:52 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 1829
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=646b662534f1e6290753792426853
91.226.124.80 43 B URL adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=646b662534f1e6290753792426853
IP 91.226.124.80:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2685&z=56&b=2758&u=646b662534f1e6290753792426853 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ontosocietyweary.com/pixel/purst?dl=0&th=0&sc=0&rs=1948&rd=1948&fd=557&bv=22.10.v.10&tmpl=136
173.233.139.164200 OK 0 B URL GET HTTP/1.1 ontosocietyweary.com/pixel/purst?dl=0&th=0&sc=0&rs=1948&rd=1948&fd=557&bv=22.10.v.10&tmpl=136
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectontosocietyweary.com
Fingerprint23:8E:D7:B8:76:99:AB:94:CB:5E:65:42:A9:B3:CA:11:59:80:B3:5B
ValidityMon, 01 May 2023 19:23:36 GMT - Sun, 30 Jul 2023 19:23:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1948&rd=1948&fd=557&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: ontosocietyweary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
c.mgid.com/pv/?pv=5&cbuster=1684760270170812184719&lct=1683763200&jsv=es6&iframe=1&ref=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&cxurl=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&lu=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&sessionId=646b66ce-0305b&pageView=1&pvid=1884389955c854fb663&site=437&implVersion=11&dpr=1&tfre=700
104.19.135.78 0 B URL c.mgid.com/pv/?pv=5&cbuster=1684760270170812184719&lct=1683763200&jsv=es6&iframe=1&ref=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&cxurl=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&lu=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&sessionId=646b66ce-0305b&pageView=1&pvid=1884389955c854fb663&site=437&implVersion=11&dpr=1&tfre=700
IP 104.19.135.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pv/?pv=5&cbuster=1684760270170812184719&lct=1683763200&jsv=es6&iframe=1&ref=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&cxurl=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&lu=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&sessionId=646b66ce-0305b&pageView=1&pvid=1884389955c854fb663&site=437&implVersion=11&dpr=1&tfre=700 HTTP/1.1
Host: c.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=rS1Ws8Q8eAtYDIKJM.jzbbaU.v2hifzj7_X98j463kU-1684760269-0-ATUoub/EGup6UA4ILRmhus3cjtyp1II8TaIzTrc8WS1MfdG2hK3RhhnhdiLVFZSIrD+MP6xEjZ/h7YCtMcEBahw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 22 May 2023 12:57:50 GMT
content-length: 0
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cb53a29de37b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
adsbb.dfiles.eu/view.gif?c=2687&z=60&b=2759&u=646b6625353936208151743881645
91.226.124.80200 OK 43 B URL GET HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2687&z=60&b=2759&u=646b6625353936208151743881645
IP 91.226.124.80:443
Requested by https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2687&z=60&b=2759&u=646b6625353936208151743881645 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646b6625405578568791245036597
91.226.124.80 43 B URL adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646b6625405578568791245036597
IP 91.226.124.80:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2973&z=58&b=2775&u=646b6625405578568791245036597 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
simplewebanalysis.com/stats
18.192.155.180200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 18.192.155.180:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash ce31f5b8d85c38a8a5960dbf08fdb063
d76d0785dddfdba73670d27bc9e5e12305c41d0f
a2029a3adc9e8733af17665d85d5babf86f2f38a3817048ac73247a24cca43c3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:50 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
143.204.55.96200 OK 54 kB URL GET HTTP/2 cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
IP 143.204.55.96:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 160x600, components 3\012- data
Hash 5dcf47442fc7fbb8d0263bbf4869537e
2c8232ac93448bbc06b5464f1839a5cdb2ed3e07
81804a1b2b20350ec009ba6429a4f58124c16ca30683af0af255544cd98c8fa6
GET /autopromos/unicef3.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 54292
last-modified: Tue, 12 Apr 2022 08:41:27 GMT
x-amz-version-id: iA22.ytP0i4dmuIhnc0eyNVgJlt2K4fl
accept-ranges: bytes
server: AmazonS3
date: Mon, 22 May 2023 03:29:16 GMT
etag: "5dcf47442fc7fbb8d0263bbf4869537e"
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: np3ujQ_sd-7ZfdzSl5NMR2T6ASowRXH0GjuCHroJ7U6F-YmPGJJ9Fg==
age: 34115
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
143.204.55.96200 OK 37 kB URL GET HTTP/2 cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
IP 143.204.55.96:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash 58fbb6ffe72ac0c1aa468de39ee18e13
d25230f1ef89aecc6048b0ceb09dd0af609ee7b6
e8ff7f3a8926e5b5497d2ab7a1bf47c5655e287a51045f11846f426ac6c7d180
GET /autopromos/unicef2.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 36773
last-modified: Tue, 12 Apr 2022 08:41:28 GMT
x-amz-version-id: xUurxjfnscsyJn430NFsrgfbabIFowSl
accept-ranges: bytes
server: AmazonS3
date: Sun, 21 May 2023 21:12:04 GMT
etag: "58fbb6ffe72ac0c1aa468de39ee18e13"
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wX1AQssjb1OQK7wskR8WfK4E1M9iUGHnrCOgLlPO03XTFhPCqfatBA==
age: 71817
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
variedpretenceclasped.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2%2FcRBTHx6XqAbiUckECtDdAQhvb8f6iB9RQgiJCU1oQ3NB4ZrwZduyxZjzrTcQhohLqcfkPnO8mjYCoKn8ACDncKlXKcsqBHJD6ByBQz2g3KxaeZL33fd93%2BLzn%2BWbfnRMfjp6tf6R3pVJ0pdX0G29%2BHgTXG5syc6PGqNv%2Boh1db5jhO4Hfa%2FpvNT4QbKBXQj%2Fw%2FcAPGuvSiESPVoIgaPqQ%2BXEvaPb8ZhQ2g1aEkfm%2Fts6DpR748Jy8BMmnzx8%2FjCBZjSx9dFPYQaHzt99PnaKFNhjyo0%2BzQabLDOmyTIyHJDtaTEPb0%2FWfobPDOTD08N%2FBWE6J9%2FQPxNnRghLx8PACNFYQGWL%2BAsphDaFqSFqD6XuQ%2FJQAjOPWFrL0wS1tSrpz4dKZOyWXn%2F0FWU7J5d9fRpY%2BXFNy1LirlSukzixGSQU5qiH7NXJ3gmL3EmR5AlZ8DcmfkJVnm8jSgy2rNCSv5stLWUMmNZQYg1oPbvZJDy7x4HIPKT9rdFjU7fJui1PBWBgnQTeJkqhHmZ8wf7UXwrEZ3hhFPgZTYzCzh9zsYSDHMO4X2O0KlnuwxZR4H%2B9hyCuUgqC0BCUlKCVBWRCUw%2BqQKxva6gFX1sXBIoeLvFpNdNHfp4e66IuM7Ofn5Or8Ln%2B3NQbirBGGEeURDaI4ioMWCzphO0k6fkuwdicUtA0rK0h7ab7qrjy9liOXpy%2B%2BipiewKoTMHkV1L0GWk46oQ%2B6PYm6PnazR1zk2soikUrYJtMpuK6QF5dR7Hj76py8Mud44%2BnrEOwxWQSYqZCbCl%2FKXwn66v7kji7JwR1dWvLjVl7IVO7S2b%2B7W9BCXPn%2BQ7FTasM3btrxdzfYzJiVx58IW2zSjMusb8kPa5JzYda1YYL8tGE%2FE%2FFtZ7fXnMlcvnn7vfWNNDfCWqmzGlSeftUGk1Ny5cbh%2FFVe%2B7MNaWoYVyF1S1Kpa7B8DzZf9qwmMGqp49xD6aqJCeNlU0kCJZaaxhXsf3S8rPftffSNB1rcQ5ZWGJoKQ1WBqjGse25S5Obxu7%2BtzgOx8iaxMt5BrIz69uK0Vp41REe0e73Ijzrc9%2BOIh2HQEoyuRrRHwzDpoLBTPkie%2FAMAAP%2F%2FAQAA%2F%2F864yrSYgQAAA%3D%3D
173.233.139.164200 OK 7 B URL GET HTTP/1.1 variedpretenceclasped.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2%2FcRBTHx6XqAbiUckECtDdAQhvb8f6iB9RQgiJCU1oQ3NB4ZrwZduyxZjzrTcQhohLqcfkPnO8mjYCoKn8ACDncKlXKcsqBHJD6ByBQz2g3KxaeZL33fd93%2BLzn%2BWbfnRMfjp6tf6R3pVJ0pdX0G29%2BHgTXG5syc6PGqNv%2Boh1db5jhO4Hfa%2FpvNT4QbKBXQj%2Fw%2FcAPGuvSiESPVoIgaPqQ%2BXEvaPb8ZhQ2g1aEkfm%2Fts6DpR748Jy8BMmnzx8%2FjCBZjSx9dFPYQaHzt99PnaKFNhjyo0%2BzQabLDOmyTIyHJDtaTEPb0%2FWfobPDOTD08N%2FBWE6J9%2FQPxNnRghLx8PACNFYQGWL%2BAsphDaFqSFqD6XuQ%2FJQAjOPWFrL0wS1tSrpz4dKZOyWXn%2F0FWU7J5d9fRpY%2BXFNy1LirlSukzixGSQU5qiH7NXJ3gmL3EmR5AlZ8DcmfkJVnm8jSgy2rNCSv5stLWUMmNZQYg1oPbvZJDy7x4HIPKT9rdFjU7fJui1PBWBgnQTeJkqhHmZ8wf7UXwrEZ3hhFPgZTYzCzh9zsYSDHMO4X2O0KlnuwxZR4H%2B9hyCuUgqC0BCUlKCVBWRCUw%2BqQKxva6gFX1sXBIoeLvFpNdNHfp4e66IuM7Ofn5Or8Ln%2B3NQbirBGGEeURDaI4ioMWCzphO0k6fkuwdicUtA0rK0h7ab7qrjy9liOXpy%2B%2BipiewKoTMHkV1L0GWk46oQ%2B6PYm6PnazR1zk2soikUrYJtMpuK6QF5dR7Hj76py8Mud44%2BnrEOwxWQSYqZCbCl%2FKXwn66v7kji7JwR1dWvLjVl7IVO7S2b%2B7W9BCXPn%2BQ7FTasM3btrxdzfYzJiVx58IW2zSjMusb8kPa5JzYda1YYL8tGE%2FE%2FFtZ7fXnMlcvnn7vfWNNDfCWqmzGlSeftUGk1Ny5cbh%2FFVe%2B7MNaWoYVyF1S1Kpa7B8DzZf9qwmMGqp49xD6aqJCeNlU0kCJZaaxhXsf3S8rPftffSNB1rcQ5ZWGJoKQ1WBqjGse25S5Obxu7%2BtzgOx8iaxMt5BrIz69uK0Vp41REe0e73Ijzrc9%2BOIh2HQEoyuRrRHwzDpoLBTPkie%2FAMAAP%2F%2FAQAA%2F%2F864yrSYgQAAA%3D%3D
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2%2FcRBTHx6XqAbiUckECtDdAQhvb8f6iB9RQgiJCU1oQ3NB4ZrwZduyxZjzrTcQhohLqcfkPnO8mjYCoKn8ACDncKlXKcsqBHJD6ByBQz2g3KxaeZL33fd93%2BLzn%2BWbfnRMfjp6tf6R3pVJ0pdX0G29%2BHgTXG5syc6PGqNv%2Boh1db5jhO4Hfa%2FpvNT4QbKBXQj%2Fw%2FcAPGuvSiESPVoIgaPqQ%2BXEvaPb8ZhQ2g1aEkfm%2Fts6DpR748Jy8BMmnzx8%2FjCBZjSx9dFPYQaHzt99PnaKFNhjyo0%2BzQabLDOmyTIyHJDtaTEPb0%2FWfobPDOTD08N%2FBWE6J9%2FQPxNnRghLx8PACNFYQGWL%2BAsphDaFqSFqD6XuQ%2FJQAjOPWFrL0wS1tSrpz4dKZOyWXn%2F0FWU7J5d9fRpY%2BXFNy1LirlSukzixGSQU5qiH7NXJ3gmL3EmR5AlZ8DcmfkJVnm8jSgy2rNCSv5stLWUMmNZQYg1oPbvZJDy7x4HIPKT9rdFjU7fJui1PBWBgnQTeJkqhHmZ8wf7UXwrEZ3hhFPgZTYzCzh9zsYSDHMO4X2O0KlnuwxZR4H%2B9hyCuUgqC0BCUlKCVBWRCUw%2BqQKxva6gFX1sXBIoeLvFpNdNHfp4e66IuM7Ofn5Or8Ln%2B3NQbirBGGEeURDaI4ioMWCzphO0k6fkuwdicUtA0rK0h7ab7qrjy9liOXpy%2B%2BipiewKoTMHkV1L0GWk46oQ%2B6PYm6PnazR1zk2soikUrYJtMpuK6QF5dR7Hj76py8Mud44%2BnrEOwxWQSYqZCbCl%2FKXwn66v7kji7JwR1dWvLjVl7IVO7S2b%2B7W9BCXPn%2BQ7FTasM3btrxdzfYzJiVx58IW2zSjMusb8kPa5JzYda1YYL8tGE%2FE%2FFtZ7fXnMlcvnn7vfWNNDfCWqmzGlSeftUGk1Ny5cbh%2FFVe%2B7MNaWoYVyF1S1Kpa7B8DzZf9qwmMGqp49xD6aqJCeNlU0kCJZaaxhXsf3S8rPftffSNB1rcQ5ZWGJoKQ1WBqjGse25S5Obxu7%2BtzgOx8iaxMt5BrIz69uK0Vp41REe0e73Ijzrc9%2BOIh2HQEoyuRrRHwzDpoLBTPkie%2FAMAAP%2F%2FAQAA%2F%2F864yrSYgQAAA%3D%3D HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f3a141e819104c9cce38db8ae9211c6
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/notifications/software/us/norton/2/index.html
45.133.44.3200 OK 804 B URL GET HTTP/2 cdn.barscreative1.com/sb/notifications/software/us/norton/2/index.html
IP 45.133.44.3:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint0B:AE:8A:C0:29:EA:B0:86:29:66:F6:7E:76:63:66:57:38:88:FC:E6
ValidityMon, 15 May 2023 04:01:53 GMT - Sun, 13 Aug 2023 04:01:52 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 5264ee23b6803337c31a65123f58d9f0
947ec0f6c79d346800f121e2dd05e9bf185054a0
0ead8c7ce2c7377ad0864411df8851a4e8617b68d648610f9c9b1638dba048ba
GET /sb/notifications/software/us/norton/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: text/html; charset=utf-8
content-length: 804
server: nginx/1.17.6
last-modified: Wed, 17 Feb 2021 11:42:49 GMT
etag: "602d0139-324"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Mon, 22 May 2023 13:57:51 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
143.204.55.91200 OK 0 B URL POST HTTP/2 t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
IP 143.204.55.91:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?sid=140&o=3&b=2&p=1&t=1 HTTP/1.1
Host: t.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
content-type: application/json
content-length: 0
server: nginx/1.20.0
date: Mon, 22 May 2023 12:57:51 GMT
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DGeq8dqQmgEYtlo8wKxLTBjUWucJdjuPki4f1JrLPoyEdKcZLQAlvg==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Findex.html&l=804&fd=199
173.233.139.164200 OK 0 B URL GET HTTP/1.1 variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Findex.html&l=804&fd=199
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Findex.html&l=804&fd=199 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
c.mgid.com/widget-ssp-performance?time=117
104.19.135.78 43 B URL c.mgid.com/widget-ssp-performance?time=117
IP 104.19.135.78:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /widget-ssp-performance?time=117 HTTP/1.1
Host: c.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Cookie: __cf_bm=rS1Ws8Q8eAtYDIKJM.jzbbaU.v2hifzj7_X98j463kU-1684760269-0-ATUoub/EGup6UA4ILRmhus3cjtyp1II8TaIzTrc8WS1MfdG2hK3RhhnhdiLVFZSIrD+MP6xEjZ/h7YCtMcEBahw=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 22 May 2023 12:57:50 GMT
content-type: image/gif
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cb53a2af83cb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=d
88.198.136.234204 No Content 0 B URL GET HTTP/2 notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=d
IP 88.198.136.234:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tags?tag_id=46445&timezone_olson=UTC&version_name=d HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.18.0
date: Mon, 22 May 2023 12:57:51 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ontosocietyweary.com/pixel/pure
173.233.137.60204 No Content 0 B URL OPTIONS HTTP/1.1 ontosocietyweary.com/pixel/pure
IP 173.233.137.60:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectontosocietyweary.com
Fingerprint23:8E:D7:B8:76:99:AB:94:CB:5E:65:42:A9:B3:CA:11:59:80:B3:5B
ValidityMon, 01 May 2023 19:23:36 GMT - Sun, 30 Jul 2023 19:23:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: ontosocietyweary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
ontosocietyweary.com/pixel/pure
173.233.139.164204 No Content 0 B URL OPTIONS HTTP/1.1 ontosocietyweary.com/pixel/pure
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectontosocietyweary.com
Fingerprint23:8E:D7:B8:76:99:AB:94:CB:5E:65:42:A9:B3:CA:11:59:80:B3:5B
ValidityMon, 01 May 2023 19:23:36 GMT - Sun, 30 Jul 2023 19:23:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: ontosocietyweary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/img/close.png
172.64.196.23200 OK 1.8 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/2/img/close.png
IP 172.64.196.23:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash c1b8f53c3afa0fdd5be48e6bfdbbb6fa
eeb2cd8d17e3abe135865be77330b8519f6bceb2
8f5d7d0bf69b5fcb8a110dd7c79948e70c860440b6ecc803a20ababe193a1af0
GET /sb/notifications/software/us/norton/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: image/png
content-length: 1778
last-modified: Wed, 17 Feb 2021 11:45:12 GMT
etag: "602d01c8-6f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 16239196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdr3es1Sal%2BUe3iPbsRLPIm1Yhqv3WEJJo03AmQXv1O0pQou3aSitq0RPA1G44Wmi9SvjmipBA%2F5WZdSLeQtvoxrHii5GfKMMkqrdMSb2sDdCGaGEPD11DONaeZ8Gtt9%2Bozs8NV2Ak%2FY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f9829744b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/img/bg.jpg
172.64.196.23200 OK 33 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/2/img/bg.jpg
IP 172.64.196.23:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=90, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=728], progressive, precision 8, 728x90, components 3\012- data
Hash f4775713c42703127f645bd02cfaf1e9
8a6b3f5145c9f30b89075d1ef9db6f652b2ad0f0
7e4698ab34d23b2c4fdaddb6643379e37fe13c2620ff21e2ce7f6ac2812b4f60
GET /sb/notifications/software/us/norton/2/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: image/jpeg
content-length: 32917
last-modified: Wed, 17 Feb 2021 11:45:12 GMT
etag: "602d01c8-8095"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 16239196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QLFp%2F8tre2NzxDtRJspvw%2BiYvjP3GNCa4BU97UbYKCWE8wUdK%2BolTnhk4BG29Y4txFyT%2BD5gWeTj8eZVIXf5TFE4qQoak9J94NqYBpHOVphnB7sFggIRut%2Bafj8AmAPqSPqcgZAU6pLa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f9826744b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tags.h12-media.com/load2.js
154.51.131.168200 OK 76 kB URL GET HTTP/2 tags.h12-media.com/load2.js
IP 154.51.131.168:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerSectigo Limited
Subject*.h12-media.com
FingerprintC2:8B:6E:AC:62:50:2F:F7:39:39:A2:49:DD:3E:56:08:DC:6E:2E:3F
ValidityMon, 10 Oct 2022 00:00:00 GMT - Mon, 18 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 45595a0a1e2419e734b0637847c17f19
0d3bb5287010fde22f9fa763cc7bc2b6013174a3
647cdfbb012b539f5af58374f519fcd1bf9d9e5330f43026cbf3df02118ed10b
GET /load2.js HTTP/1.1
Host: tags.h12-media.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=86400
content-type: application/javascript
content-encoding: gzip
last-modified: Sat, 10 Dec 2022 17:21:25 GMT
accept-ranges: bytes
etag: "80d8a2d4bbcd91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ARR/3.0
date: Mon, 22 May 2023 12:57:51 GMT
content-length: 76315
X-Firefox-Spdy: h2
ontosocietyweary.com/pixel/pure
173.233.139.164204 No Content 0 B URL OPTIONS HTTP/1.1 ontosocietyweary.com/pixel/pure
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectontosocietyweary.com
Fingerprint23:8E:D7:B8:76:99:AB:94:CB:5E:65:42:A9:B3:CA:11:59:80:B3:5B
ValidityMon, 01 May 2023 19:23:36 GMT - Sun, 30 Jul 2023 19:23:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: ontosocietyweary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fjs%2Fscript.js&l=385&fd=172
173.233.139.164200 OK 0 B URL GET HTTP/1.1 variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fjs%2Fscript.js&l=385&fd=172
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fjs%2Fscript.js&l=385&fd=172 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/css/animate.css
172.64.196.23200 OK 5.4 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/2/css/animate.css
IP 172.64.196.23:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/notifications/software/us/norton/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:45:10 GMT
etag: W/"602d01c6-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EKhgX4N0MU28SET9jT11DjVTEgj%2FvKDzqUR1tHJh0Gm70tMam5sYy22fncg67xoURwR3fxqxUp7uBTVsNyvjv%2FfPCIOIkcYmM4jMSlQcyUzZwlnXw3fYxv5yd%2FdL%2BrvMVi4eI7KLPDCG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f2f99744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
f.h12-media.com/?init=1&rnd=0.3759241711884833
188.114.97.1200 OK 21 B URL GET HTTP/2 f.h12-media.com/?init=1&rnd=0.3759241711884833
IP 188.114.97.1:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjecth12-media.com
Fingerprint3C:CE:0B:53:1E:33:35:39:55:34:9F:B3:CC:AA:FF:F4:12:3B:E2:61
ValidityThu, 27 Apr 2023 01:23:54 GMT - Wed, 26 Jul 2023 01:23:53 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65
GET /?init=1&rnd=0.3759241711884833 HTTP/1.1
Host: f.h12-media.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: application/json; Charset=UTF-8
content-length: 21
cache-control: max-age=3600,private
access-control-allow-origin: *
x-powered-by: ARR/3.0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d2Nrhw5wxN0qrNgJ%2Bwr1KVMIt6U4F0g3wS0Do7DAC6nQ1fSl%2FSJ0whY9uw4blGdi1Hk9whGAeUdH5gH%2Bv%2BsJjTwmYGpbE6fOS7MTYHkR7VQA4Ica%2Fz2bOkir%2ByIbYCX9JmU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb53a31a8ddb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fstyle.css&l=2372&fd=184
173.233.139.164200 OK 0 B URL GET HTTP/1.1 variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fstyle.css&l=2372&fd=184
IP 173.233.139.164:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fstyle.css&l=2372&fd=184 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
4eb28a3478.403960fc42.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDY4MTgyNDQ1NTA1MzA2NjAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS45MSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
45.133.44.52200 OK 0 B URL GET HTTP/2 4eb28a3478.403960fc42.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDY4MTgyNDQ1NTA1MzA2NjAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS45MSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject4eb28a3478.403960fc42.com
FingerprintC5:76:30:5D:34:72:CE:CD:C8:E6:28:7E:7A:F3:4B:55:F8:3D:B2:ED
ValidityFri, 19 May 2023 02:50:26 GMT - Thu, 17 Aug 2023 02:50:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDY4MTgyNDQ1NTA1MzA2NjAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS45MSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ== HTTP/1.1
Host: 4eb28a3478.403960fc42.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 0 B URL POST HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Mon, 22 May 2023 12:57:51 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ntvpwpush.com/dl/cookies
157.90.84.246200 OK 924 B IP 157.90.84.246:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type gzip compressed data, from Unix\012- data
Hash 617f3f8921d07ce91d0ce98eba684495
872331433ae737997ce950dbab8e375e23dc264f
0060c16edd052639c0c3b9b742cd1e383aa08794461bb25663cc5617146ced89
GET /dl/cookies HTTP/1.1
Host: ntvpwpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 22 May 2023 12:57:51 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
tags.h12-media.com/v3/go.asp?payload=%7B%22mtoken%22%3A%2291.90.42.154%22%2C%22adtype%22%3A%22sticky%22%2C%22adformat%22%3A%22stickybottom%22%2C%22pubid%22%3A%2209c02fc89b6d8063ad17a57bcf09d10b%22%2C%22adunitid%22%3A%2229950%22%2C%22topurl%22%3A%22https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp%22%2C%22docref%22%3A%22%22%2C%22auction%22%3A%221l9up97frloh%22%2C%22pubsubid%22%3Anull%2C%22index%22%3A%221%22%2C%22ishidden%22%3Afalse%2C%22istopwindow%22%3Atrue%2C%22isscrollable%22%3Atrue%2C%22dayofweek%22%3A1%2C%22hourofday%22%3A12%2C%22clang%22%3A%22en-US%22%2C%22docdir%22%3A%22LTR%22%2C%22cdims%22%3A%5B1280%2C1024%5D%2C%22ddims%22%3A%5B1280%2C1198%5D%2C%22sbars%22%3A%5B0%2C0%5D%2C%22endpoint%22%3A%22https%3A%2F%2Ftags.h12-media.com%22%2C%22coords%22%3A%5B390%2C-12%5D%2C%22pwidth%22%3A%5B100%2C500%2C1280%5D%2C%22pheight%22%3A%5Bnull%2C0%2C1198%2C1024%5D%2C%22maxwidth%22%3A1280%2C%22maxheight%22%3A1024%7D&rnd=0.2275857179100943
154.51.131.168 589 B URL tags.h12-media.com/v3/go.asp?payload=%7B%22mtoken%22%3A%2291.90.42.154%22%2C%22adtype%22%3A%22sticky%22%2C%22adformat%22%3A%22stickybottom%22%2C%22pubid%22%3A%2209c02fc89b6d8063ad17a57bcf09d10b%22%2C%22adunitid%22%3A%2229950%22%2C%22topurl%22%3A%22https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp%22%2C%22docref%22%3A%22%22%2C%22auction%22%3A%221l9up97frloh%22%2C%22pubsubid%22%3Anull%2C%22index%22%3A%221%22%2C%22ishidden%22%3Afalse%2C%22istopwindow%22%3Atrue%2C%22isscrollable%22%3Atrue%2C%22dayofweek%22%3A1%2C%22hourofday%22%3A12%2C%22clang%22%3A%22en-US%22%2C%22docdir%22%3A%22LTR%22%2C%22cdims%22%3A%5B1280%2C1024%5D%2C%22ddims%22%3A%5B1280%2C1198%5D%2C%22sbars%22%3A%5B0%2C0%5D%2C%22endpoint%22%3A%22https%3A%2F%2Ftags.h12-media.com%22%2C%22coords%22%3A%5B390%2C-12%5D%2C%22pwidth%22%3A%5B100%2C500%2C1280%5D%2C%22pheight%22%3A%5Bnull%2C0%2C1198%2C1024%5D%2C%22maxwidth%22%3A1280%2C%22maxheight%22%3A1024%7D&rnd=0.2275857179100943
IP 154.51.131.168:0
Certificate IssuerSectigo Limited
Subject*.h12-media.com
FingerprintC2:8B:6E:AC:62:50:2F:F7:39:39:A2:49:DD:3E:56:08:DC:6E:2E:3F
ValidityMon, 10 Oct 2022 00:00:00 GMT - Mon, 18 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (576), with CRLF line terminators
Hash 7b4aa6144db4fe29d1e2e01f6f385fa0
3f0d3bc9b43637b4e8cf5b5922b6626954d09392
243fb02ea55ae0cdd584e0868d1b60d8252aa09687a32e817db973b0127b8d77
GET /v3/go.asp?payload=%7B%22mtoken%22%3A%2291.90.42.154%22%2C%22adtype%22%3A%22sticky%22%2C%22adformat%22%3A%22stickybottom%22%2C%22pubid%22%3A%2209c02fc89b6d8063ad17a57bcf09d10b%22%2C%22adunitid%22%3A%2229950%22%2C%22topurl%22%3A%22https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp%22%2C%22docref%22%3A%22%22%2C%22auction%22%3A%221l9up97frloh%22%2C%22pubsubid%22%3Anull%2C%22index%22%3A%221%22%2C%22ishidden%22%3Afalse%2C%22istopwindow%22%3Atrue%2C%22isscrollable%22%3Atrue%2C%22dayofweek%22%3A1%2C%22hourofday%22%3A12%2C%22clang%22%3A%22en-US%22%2C%22docdir%22%3A%22LTR%22%2C%22cdims%22%3A%5B1280%2C1024%5D%2C%22ddims%22%3A%5B1280%2C1198%5D%2C%22sbars%22%3A%5B0%2C0%5D%2C%22endpoint%22%3A%22https%3A%2F%2Ftags.h12-media.com%22%2C%22coords%22%3A%5B390%2C-12%5D%2C%22pwidth%22%3A%5B100%2C500%2C1280%5D%2C%22pheight%22%3A%5Bnull%2C0%2C1198%2C1024%5D%2C%22maxwidth%22%3A1280%2C%22maxheight%22%3A1024%7D&rnd=0.2275857179100943 HTTP/1.1
Host: tags.h12-media.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-store,no-cache,max-age=0,private
content-type: application/x-javascript; Charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-credentials: true
access-control-allow-origin:
srg-x: x-.175
x-powered-by: ARR/3.0
date: Mon, 22 May 2023 12:57:51 GMT
content-length: 589
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 27 B URL POST HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type JSON data\012- , ASCII text
Hash c4bea7951aaa542768f63f72d171ff83
7f57b3ce5d3a9bb0a15c32b34745b0214710e185
d4fbb24457a99cbf28127e8a416979ca0f2ab97c64a59b8d38760c40d4934756
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23167
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=14935058078340698406; Expires=Tue, 21 May 2024 12:57:51 GMT; Secure; SameSite=None
Vary: Origin
variedpretenceclasped.com/pixel/sbs?c=1
192.243.59.20200 OK 0 B URL GET HTTP/1.1 variedpretenceclasped.com/pixel/sbs?c=1
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fanimate.css&l=79249&fd=184
192.243.59.20200 OK 0 B URL GET HTTP/1.1 variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fanimate.css&l=79249&fd=184
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fanimate.css&l=79249&fd=184 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
192.243.59.12200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
IP 192.243.59.12:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e75028aa978f3adbc0c3b3752e5fdea0
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
192.243.59.12200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
IP 192.243.59.12:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c7a4a73f9fd2f27509aea1465bc12ffa
Strict-Transport-Security: max-age=0; includeSubdomains
variedpretenceclasped.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz24cRRDGe0KUA3AJ4YIEaG%2BAhNYz49k%2FJgcUE4wsTBwSENxQT3fPutie6VH3zM7a4mARCeW4vMH4WzsWYEXhAUBozS1SJC8nH%2FABKQ%2BAQDmjXVsslDSq%2Buqrw69q%2Bpu98oz5KPnp2kdmh7TmS62m33jz8yC43tigrBw2ht32F%2B3oesMO3gn8lab%2FVuMDJfpmKfQD3w%2F8oLFGViVmuBQEQdMH5UcrQXPFb0ZhM2hFGNr%2Fa1d6cNyDHJyxl0By%2BvzRwwgkJsjSRzeV6xcmf%2Fv9tNS8MBYDefhp1s9MlSFdlIn1kGSHF9Mw7mTtZ5jsYA4MM%2Fh3MKYp857%2BgTg7vKBEPDg4B401VIZYvoBqMIHSExCfQJh7IHnCACFxaxNZ%2BuCWsRXfPnf5zJ2yy8%2F%2BAlVTdvn3l5GlD1c1DRt3jS4LMpnDMKlBwwmoN0FeHqPYuQSqjiGKr0HyCVt6toEs3d902oBkPV%2BeaAJKJtBqBO48lLOPPJSJhzL3kMrTRkdE3a7stiRXQoRxEnSTKIlWuPAT4S%2BvhCjFDG%2BEIh9B6BGE3UVud9GnEWz5C9xWDSc9uGLKvI93MZA1KsVQOYaKM1TEUBUM1aA%2BkNqFrn4gtSvj4CKHF3m5Hpuit8cPTNFTGdvLz9jV%2BV3%2Bbhv01WkjDCMuIx5EcRQHLRF0wnaSdPyWEu1OqHgbjmqQuzRfdYdOruXI6eTFVxHzYzh9DEFXwcvXwKtxJ%2FTBt8ZR18dO9kiq3DgqEtLKNYVJIU2NvLiMYtvb02fslTnHG09fhxKP2UVA2Bq5rfEl%2FcrQ0%2FfHd0zF9u%2BYyrEfN%2FOCUtrhs393t%2BCFuvL9h2q7Mlau33Sj726ImTErjz5RrtjgmaSs59gPqySlsmvGCsV%2BWnefqfh26bZWS5uV%2Bcbt99bW09wq58hkE3A6%2BaoNQVN25cbB%2FFVe%2B7MNshPYskZaLkjJTCDyXbh80XOGweqFjnMPVVmPbRgvmpoYtFpoHtdw%2F9Hxot5z99GzHnhxD1laY2BrDHQNrkdw5XPjIreP3%2F1teR6ItTeOtfX2Y231t%2BendXTaEMJXPIg7gVJStZaFiNqiG7eT5aijui3ZQuGmsp88%2BQcAAP%2F%2FAQAA%2F%2F%2FFxILCYgQAAA%3D%3D
192.243.59.20200 OK 7 B URL GET HTTP/1.1 variedpretenceclasped.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz24cRRDGe0KUA3AJ4YIEaG%2BAhNYz49k%2FJgcUE4wsTBwSENxQT3fPutie6VH3zM7a4mARCeW4vMH4WzsWYEXhAUBozS1SJC8nH%2FABKQ%2BAQDmjXVsslDSq%2Buqrw69q%2Bpu98oz5KPnp2kdmh7TmS62m33jz8yC43tigrBw2ht32F%2B3oesMO3gn8lab%2FVuMDJfpmKfQD3w%2F8oLFGViVmuBQEQdMH5UcrQXPFb0ZhM2hFGNr%2Fa1d6cNyDHJyxl0By%2BvzRwwgkJsjSRzeV6xcmf%2Fv9tNS8MBYDefhp1s9MlSFdlIn1kGSHF9Mw7mTtZ5jsYA4MM%2Fh3MKYp857%2BgTg7vKBEPDg4B401VIZYvoBqMIHSExCfQJh7IHnCACFxaxNZ%2BuCWsRXfPnf5zJ2yy8%2F%2BAlVTdvn3l5GlD1c1DRt3jS4LMpnDMKlBwwmoN0FeHqPYuQSqjiGKr0HyCVt6toEs3d902oBkPV%2BeaAJKJtBqBO48lLOPPJSJhzL3kMrTRkdE3a7stiRXQoRxEnSTKIlWuPAT4S%2BvhCjFDG%2BEIh9B6BGE3UVud9GnEWz5C9xWDSc9uGLKvI93MZA1KsVQOYaKM1TEUBUM1aA%2BkNqFrn4gtSvj4CKHF3m5Hpuit8cPTNFTGdvLz9jV%2BV3%2Bbhv01WkjDCMuIx5EcRQHLRF0wnaSdPyWEu1OqHgbjmqQuzRfdYdOruXI6eTFVxHzYzh9DEFXwcvXwKtxJ%2FTBt8ZR18dO9kiq3DgqEtLKNYVJIU2NvLiMYtvb02fslTnHG09fhxKP2UVA2Bq5rfEl%2FcrQ0%2FfHd0zF9u%2BYyrEfN%2FOCUtrhs393t%2BCFuvL9h2q7Mlau33Sj726ImTErjz5RrtjgmaSs59gPqySlsmvGCsV%2BWnefqfh26bZWS5uV%2Bcbt99bW09wq58hkE3A6%2BaoNQVN25cbB%2FFVe%2B7MNshPYskZaLkjJTCDyXbh80XOGweqFjnMPVVmPbRgvmpoYtFpoHtdw%2F9Hxot5z99GzHnhxD1laY2BrDHQNrkdw5XPjIreP3%2F1teR6ItTeOtfX2Y231t%2BendXTaEMJXPIg7gVJStZaFiNqiG7eT5aijui3ZQuGmsp88%2BQcAAP%2F%2FAQAA%2F%2F%2FFxILCYgQAAA%3D%3D
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz24cRRDGe0KUA3AJ4YIEaG%2BAhNYz49k%2FJgcUE4wsTBwSENxQT3fPutie6VH3zM7a4mARCeW4vMH4WzsWYEXhAUBozS1SJC8nH%2FABKQ%2BAQDmjXVsslDSq%2Buqrw69q%2Bpu98oz5KPnp2kdmh7TmS62m33jz8yC43tigrBw2ht32F%2B3oesMO3gn8lab%2FVuMDJfpmKfQD3w%2F8oLFGViVmuBQEQdMH5UcrQXPFb0ZhM2hFGNr%2Fa1d6cNyDHJyxl0By%2BvzRwwgkJsjSRzeV6xcmf%2Fv9tNS8MBYDefhp1s9MlSFdlIn1kGSHF9Mw7mTtZ5jsYA4MM%2Fh3MKYp857%2BgTg7vKBEPDg4B401VIZYvoBqMIHSExCfQJh7IHnCACFxaxNZ%2BuCWsRXfPnf5zJ2yy8%2F%2BAlVTdvn3l5GlD1c1DRt3jS4LMpnDMKlBwwmoN0FeHqPYuQSqjiGKr0HyCVt6toEs3d902oBkPV%2BeaAJKJtBqBO48lLOPPJSJhzL3kMrTRkdE3a7stiRXQoRxEnSTKIlWuPAT4S%2BvhCjFDG%2BEIh9B6BGE3UVud9GnEWz5C9xWDSc9uGLKvI93MZA1KsVQOYaKM1TEUBUM1aA%2BkNqFrn4gtSvj4CKHF3m5Hpuit8cPTNFTGdvLz9jV%2BV3%2Bbhv01WkjDCMuIx5EcRQHLRF0wnaSdPyWEu1OqHgbjmqQuzRfdYdOruXI6eTFVxHzYzh9DEFXwcvXwKtxJ%2FTBt8ZR18dO9kiq3DgqEtLKNYVJIU2NvLiMYtvb02fslTnHG09fhxKP2UVA2Bq5rfEl%2FcrQ0%2FfHd0zF9u%2BYyrEfN%2FOCUtrhs393t%2BCFuvL9h2q7Mlau33Sj726ImTErjz5RrtjgmaSs59gPqySlsmvGCsV%2BWnefqfh26bZWS5uV%2Bcbt99bW09wq58hkE3A6%2BaoNQVN25cbB%2FFVe%2B7MNshPYskZaLkjJTCDyXbh80XOGweqFjnMPVVmPbRgvmpoYtFpoHtdw%2F9Hxot5z99GzHnhxD1laY2BrDHQNrkdw5XPjIreP3%2F1teR6ItTeOtfX2Y231t%2BendXTaEMJXPIg7gVJStZaFiNqiG7eT5aijui3ZQuGmsp88%2BQcAAP%2F%2FAQAA%2F%2F%2FFxILCYgQAAA%3D%3D HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:52 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 90436beeeee8b21124342438fe89e5f9
Strict-Transport-Security: max-age=0; includeSubdomains
jsc.mgid.com/d/e/depositfiles.com.3334.es6.js
104.19.135.78200 OK 299 kB URL GET HTTP/3 jsc.mgid.com/d/e/depositfiles.com.3334.es6.js
IP 104.19.135.78:443
Requested by https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint44:BF:9D:AD:98:A7:1A:F2:1D:18:EF:4E:3E:BE:C0:D8:28:4D:9F:04
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (28223)
Size 299 kB (299407 bytes)
Hash 97660e5839023ac7070454a69b547c84
259fe847d9edff21a1c949f2040d6db77f4d959a
f386013936fc0f58dbbbf6a5fe9317b1545712335a635adcacee40f472c5ecc0
GET /d/e/depositfiles.com.3334.es6.js HTTP/1.1
Host: jsc.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Cookie: __cf_bm=rS1Ws8Q8eAtYDIKJM.jzbbaU.v2hifzj7_X98j463kU-1684760269-0-ATUoub/EGup6UA4ILRmhus3cjtyp1II8TaIzTrc8WS1MfdG2hK3RhhnhdiLVFZSIrD+MP6xEjZ/h7YCtMcEBahw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 22 May 2023 12:57:50 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=299408
etag: W/"21dee075f363ccb5e178d032d3e4c9ef"
last-modified: Thu, 11 May 2023 07:52:34 GMT
x-amz-id-2: ZhCwkngeiCYxUCArlio+g4DFH3nwEgBo+t0+HgvyCAo8pIa8RIkhQOa+itLHc1s6VDcoeWsJPps=
x-amz-request-id: D3H9S9V8GJS8335K
x-amz-server-side-encryption: AES256
x-amz-version-id: ZRiou4PhIu1qmUsCctae6SvwJ_hznVWQ
cf-cache-status: HIT
age: 2928
expires: Mon, 22 May 2023 15:57:50 GMT
cache-control: public, max-age=10800
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a298d66b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/js/script.js
172.64.196.23200 OK 385 B URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/2/js/script.js
IP 172.64.196.23:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (399), with no line terminators
Hash 1cefc33777b8bee6b7fcc27b0ecbd6f8
019bb2f304ef537ce1764a91d5cf3aae361b1f08
a7daa6a82a2edc4563c1e9b8962007248d693996475caca0fa546266adf0ae9b
GET /sb/notifications/software/us/norton/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:45:10 GMT
etag: W/"602d01c6-181"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDRC3Nn1uyNASn%2FWWvxIr3ThQjfo%2FT3pUSaWIV529xSTYMTqM%2BFujc0KrBAAesCyKk%2BsBqOCMbCEoIry98kBfL%2BUvj5w4dJhBn%2B3KRHiHYG0Ee3263R9IcHAmw9roltzA4FTc0bgJZa3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f1f93744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.m.js
45.133.44.52200 OK 158 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT
Size 158 kB (158096 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 19 May 2023 08:16:51 GMT
etag: W/"64673073-26990"
content-encoding: gzip
expires: Mon, 22 May 2023 13:02:49 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
loader.unblockia.com/c/dfiles.eu/config.json
143.204.55.84200 OK 47 kB URL GET HTTP/2 loader.unblockia.com/c/dfiles.eu/config.json
IP 143.204.55.84:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (46747), with no line terminators
Hash f365c1e4619a90bbadadacf55598fe90
1623c939b72aecd3831e1da35e4c0a5229383e91
23e2e4d868bb2652b97e9e13d36df1dfeeba338d4e9c4d1d737fba6b2b2b2d52
GET /c/dfiles.eu/config.json HTTP/1.1
Host: loader.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 46747
last-modified: Fri, 12 May 2023 12:21:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 9pI8Ts97IpPXbRP2Kcl6CF4_Ph.rjMBr
accept-ranges: bytes
server: AmazonS3
date: Mon, 22 May 2023 01:12:28 GMT
etag: "f365c1e4619a90bbadadacf55598fe90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vJcDgsNhBsdhSkdSf0TNxr58Tnc17YyBvxfwBrcgFZWPQqOOD8DJiA==
age: 42322
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
0.0.0.0 0 B URL GET addresseepaper.com/sfp.js
IP 0.0.0.0:0
Requested by https://dfiles.eu/ru/files/nov2502tp
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L3J1L2ZpbGVzL25vdjI1MDJ0cA==
172.67.70.21200 OK 452 B URL GET HTTP/2 cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L3J1L2ZpbGVzL25vdjI1MDJ0cA==
IP 172.67.70.21:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type HTML document text\012- troff or preprocessor input, ASCII text, with very long lines (513), with no line terminators
Hash 15807b5f72ebca61bb67f7197bd14407
c4ee8958299c0598ae13031f0befff3de37199de
144fe7f43f83d7e0cd37808377416e2b2a28aec3378cf39826388b66a59b44c3
GET /v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L3J1L2ZpbGVzL25vdjI1MDJ0cA== HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: application/json; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"1c4-LpFxL73nf3KFRklydhgakDaA7tM"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OUd0rpTeqk0rLXXfmbrMo9aHBUSMOGreeN6ZCIUz4rcn%2FWXB3lAYwK9%2F1N3p2FebVnmXQie5eTfs1BHpM%2B2kbztkATqyIB56SEr2ynX5gxGQIxV94Jxldm3rQ6R71wveJYyfDflo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb53a2d7acc0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/css/style.css
172.64.196.23200 OK 2.4 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/2/css/style.css
IP 172.64.196.23:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (2538), with no line terminators
Hash b5fcf7e48c7dd63878242c0038988bf6
a9bb6985239bf8eb306691270b0d5ed343b695a2
6e2028f121f5308dd3a290b1d3c7584467ed1d91cf1abb7ae31e462206759235
GET /sb/notifications/software/us/norton/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:45:09 GMT
etag: W/"602d01c5-944"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zWPJGk5QbBYtKZ2gK04qX2izjZrRnWU8x2xtKjutNLjQkWlDrDxImmQwrvBbUiHzsto4ftGEaYYVFCnjhs4%2F1aDOeUsmnqrEoW3215qpzeuX%2Fce%2FBa4%2F4sRaS8rtNSFG9apE50%2BTWrdb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f2fa1744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.unblockia.com/h.js
143.204.55.96200 OK 166 kB IP 143.204.55.96:443
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 166 kB (166192 bytes)
Hash 3d75dc8f7c4000ccdac0fff2f09d78a8
9008e9830c5f3a690cbb6cc94ddb34b59fc12677
203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8
GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-javascript
date: Mon, 22 May 2023 09:19:59 GMT
last-modified: Mon, 22 May 2023 09:17:35 GMT
etag: W/"3d75dc8f7c4000ccdac0fff2f09d78a8"
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-content-sha256: 3b11cd91ab382736a9ba8e63029f318e3177aa77903aa4fa093a80765fac8c07
x-amz-version-id: gKayxwShEzJAnBjNaPvAM9Fj3A2ZU3Kt
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:6a48fce0-eba0-40cc-8a72-49f5d7d1abde
x-amz-meta-codebuild-content-md5: 60511405d11f9acd0880a4539ae338cb
server: AmazonS3
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VZAWypgL2NA4XVB0dayif0i2HrdLxW2bMZXse5dm3evouDgSQMLbXA==
age: 13070
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.53200 OK 67 kB URL GET HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/ru/files/nov2502tp
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 05 Apr 2023 13:10:08 GMT
etag: W/"642d7330-1054e"
content-encoding: gzip
expires: Mon, 22 May 2023 13:02:51 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2