Report - dfiles.eu/ru/files/nov2502tp

Report Overview

Submitted URL
dfiles.eu/ru/files/nov2502tp
IP
91.226.124.78
ASN
#35415 Webzilla B.V.
Submitted
2023-05-22 12:58:10
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jsc.mgid.com	7902	2001-12-30	2012-09-30	2023-05-22	1.0 kB	387 kB	104.19.135.78
f.h12-media.com	167743	2012-11-22	2020-12-24	2023-05-22	439 B	713 B	188.114.97.1
4eb28a3478.403960fc42.com	unknown	2023-04-22	2023-05-22	2023-05-22	1.3 kB	320 B	45.133.44.52
pl16105218.highrevenuegate.com	unknown	2023-03-02	2023-03-03	2023-05-18	445 B	14 kB	173.233.137.36
adsbb.dfiles.eu	unknown	unknown	2017-03-18	2023-05-18	10 kB	264 kB	91.226.124.80
dfiles.eu	434493	unknown	2012-12-23	2023-05-21	484 B	6.7 kB	91.226.124.76
js.wpadmngr.com	25762	2021-06-02	2021-06-02	2023-05-22	814 B	160 kB	45.133.44.52
friendshipmale.com	unknown	2022-10-21	2022-10-21	2023-05-22	395 B	75 kB	172.64.140.24
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-22	470 B	168 kB	142.250.74.99
loader.unblockia.com	unknown	2019-10-17	2023-01-30	2023-05-22	439 B	47 kB	143.204.55.84
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2023-05-22	463 B	1.2 kB	45.133.44.3
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2023-05-22	2.3 kB	47 kB	172.64.196.23
addresseepaper.com	18169	2021-11-01	2021-11-01	2023-05-22	397 B	0 B	0.0.0.0
static.depositfiles.com	unknown	2005-11-05	2012-05-24	2023-05-18	4.8 kB	612 kB	91.226.124.81
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-22	418 B	86 kB	142.250.74.72
ip2geo.pubfuture-ad.com	unknown	2022-09-30	2023-03-27	2023-05-22	423 B	1.2 kB	172.67.70.21
ontosocietyweary.com	unknown	2023-05-01	2023-05-02	2023-05-22	1.9 kB	1.9 kB	173.233.139.164
c.mgid.com	5843	2001-12-30	2017-01-30	2023-05-22	1.5 kB	451 B	104.19.135.78
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-22	340 B	944 B	143.204.48.16
cdn.unblockia.com	20316	2019-10-17	2019-12-02	2023-05-22	1.3 kB	259 kB	143.204.55.96
cdn.pubfuture-ad.com	unknown	2022-09-30	2022-11-16	2023-05-22	943 B	6.0 kB	104.26.0.97
simplewebanalysis.com	unknown	2022-02-15	2022-02-25	2023-05-22	1.4 kB	1.0 kB	18.192.155.180
notification.tubecup.net	8210	2008-09-26	2019-08-30	2023-05-22	469 B	309 B	88.198.136.234
tags.h12-media.com	133206	2012-11-22	2015-05-16	2023-05-22	1.7 kB	78 kB	154.51.131.168
www.google.com	7	1997-09-15	2015-05-10	2023-05-21	401 B	1.1 kB	142.250.74.164
variedpretenceclasped.com	unknown	2023-04-28	2023-04-28	2023-05-22	7.4 kB	37 kB	173.233.139.164
t.unblockia.com	unknown	2019-10-17	2023-01-30	2023-05-22	413 B	408 B	143.204.55.91
ntvpwpush.com	unknown	2020-12-15	2020-12-15	2023-05-22	507 B	1.3 kB	157.90.84.246
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-22	1.7 kB	3.5 kB	142.250.74.131
na.nawpush.com	38563	2020-12-21	2020-12-23	2023-05-22	433 B	813 B	45.133.44.25
js.wpshsdk.com	12130	2021-06-04	2021-06-04	2023-05-22	814 B	68 kB	45.133.44.53
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2023-05-22	1.0 kB	774 B	157.90.84.242
unseenreport.com	unknown	2022-03-30	2022-03-30	2023-05-22	1.5 kB	846 B	192.243.59.12

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-22	medium	pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
2023-05-22	medium	ontosocietyweary.com/pixel/pure
2023-05-22	medium	ontosocietyweary.com/pixel/pure
2023-05-22	medium	ontosocietyweary.com/pixel/pure

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	ontosocietyweary.com
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	ontosocietyweary.com
2023-05-22	medium	ontosocietyweary.com
2023-05-22	medium	ontosocietyweary.com
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	unseenreport.com
2023-05-22	medium	unseenreport.com
2023-05-22	medium	variedpretenceclasped.com
2023-05-22	medium	addresseepaper.com

ThreatFox

No alerts detected

JavaScript (70)

	URL	Size	First Seen	Last Seen
	static.depositfiles.com/js/base2.js	399 kB	2023-03-07	2024-04-25
Pretty URL static.depositfiles.com/js/base2.js IP 91.226.124.81 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:54 Last Seen2024-04-25 17:58:25 Times Seen1093 Hash 2fcae8126c3fd9a626370a701f0bd887 f3496fb7bbe122a9774d7dcfcd68da03a24dc285 d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc Loading...

	static.depositfiles.com/js/function.js	35 kB	2023-03-07	2024-04-25
Pretty URL static.depositfiles.com/js/function.js IP 91.226.124.81 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-25 17:58:25 Times Seen1124 Hash a5779d2f560cd50376dbba372b0fd15b 07b08e35b9254288c1372e37577db8b9e4da01b4 51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84 Loading...

	cdn.unblockia.com/h.js	166 kB	2023-05-22	2023-06-12
Pretty URL cdn.unblockia.com/h.js IP 143.204.55.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 12:38:11 Last Seen2023-06-12 08:45:06 Times Seen211 Hash 3d75dc8f7c4000ccdac0fff2f09d78a8 9008e9830c5f3a690cbb6cc94ddb34b59fc12677 203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8 Loading...

	dfiles.eu/ru/files/nov2502tp	154 B	2023-03-13	2024-04-25
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 20:01:53 Last Seen2024-04-25 17:58:24 Times Seen595 Hash a5d30d6e8f7d127b22036f0cba694312 48b3fda0a81aeee349d1d58c1064e6028ad01500 3535afb4b7453318c16fd30caa8ed102f9e880596bd4391c7aff5be03295cdf0 Loading...

	adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js	85 kB	2023-03-07	2024-04-25
Pretty URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:20 Last Seen2024-04-25 23:55:04 Times Seen3847 Hash b04a3bccd23ddeb7982143707a63ccf9 4a5dc1389aad050a44ee5e81408238a317ab3413 764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b Loading...

	dfiles.eu/ru/files/nov2502tp	148 B	2023-03-07	2024-04-25
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:56 Last Seen2024-04-25 17:58:24 Times Seen595 Hash 39f8fffd2249f3bb9deb92a533243df9 ee75ba64aea887c758cd24407d003bc9494237f3 62cdfe74dd5ba57340776bc53ee95b20c286efbc7c467ece9594d27e24b48dcd Loading...

	www.googletagmanager.com/gtag/js?id=G-BL9163LYG1	251 kB	2023-05-22	2023-05-22
Pretty URL www.googletagmanager.com/gtag/js?id=G-BL9163LYG1 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 14:58:13 Last Seen2023-05-22 14:58:13 Times Seen2 Hash 163239702e770c938f497b0bcceba9cf c80b41e3b85c762f076ef379e442af495618bc26 77476cbbb99533e00fa1bb185524db403c412fc3551c0cb1d86bab4666d5384f Loading...

	adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752	0 B	2023-03-07	2024-04-26
Pretty URL adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 04:16:30 Times Seen37082622 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	dfiles.eu/ru/files/nov2502tp	781 B	2023-03-10	2023-11-11
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 21:25:59 Last Seen2023-11-11 21:34:52 Times Seen10 Hash 0a4778cd907167aaeeccebc27e0ef4f4 ca34e1db41fb814a6b6882f0676fd76172e80104 6ef65262e20e32fecfb910a92a093146dd466899bac55b6dd08547912593ed66 Loading...

	pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js	37 kB	2023-05-22	2023-05-24
Pretty URL pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 14:58:13 Last Seen2023-05-24 00:29:28 Times Seen4 Hash cd9fbf2a2e9cf3e6ef15d6fab526f14c 3d7ce7ad1396ed1844fe444cca26bcac6de1cbc3 30e364ace5487fc6e6ca4ae64e46d60d21f2a27e92e82cc3da57cbcdf9c64369 Loading...

	dfiles.eu/ru/files/nov2502tp	125 B	2023-05-12	2023-05-28
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-12 04:04:52 Last Seen2023-05-28 18:34:04 Times Seen32 Hash 69f459f4a109591677c3a6f6a2bddaed 28bd2335b141b1a261aacfc369bf73512d9b58ce b8ba0b9fcbb384c36eaa76e8afa547a2b5f91516ba0e2b3b275de0570f7d1a91 Loading...

	www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js	418 kB	2023-05-18	2023-06-28
Pretty URL www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-18 01:27:56 Last Seen2023-06-28 00:20:35 Times Seen22262 Hash 213e1a6e418f3df36f2ec077314ef525 7a553e545a48271f3afec47b3ed5f3518cfdd7b4 ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d Loading...

	dfiles.eu/ru/files/nov2502tp	475 B	2023-03-07	2024-04-25
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-25 17:58:25 Times Seen595 Hash 7d5b8ae86ab79df757399336af6dc4e6 d80237486fe292a185a576578308234114e302ce bf66c6e0c4ea53d83f6c17058e513aee1ff1c1fd319fe8fca1970ccc2151fed7 Loading...

	variedpretenceclasped.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js	86 kB	2023-05-03	2023-05-22
Pretty URL variedpretenceclasped.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-03 17:46:28 Last Seen2023-05-22 14:58:13 Times Seen6 Hash 2353be6f557c3dc8f40d9718370df747 65c8563b35f4cc05fbd4643067251b24bab5a7ee 43eebee0857eaaeb3389acedd9b561377bd5ca4508fe444466f6e7f1e0962c94 Loading...

	dfiles.eu/ru/files/nov2502tp	139 B	2023-03-07	2024-04-25
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:56 Last Seen2024-04-25 17:58:25 Times Seen593 Hash 096fbc4b579acc65367920b87875c1f0 53a8d0be557838d6912339a6f684ac434f9cedc0 4a590c7532c8fdd5e2f6fe223990b525091f9412faf8b2971bfdc1e69be03cd2 Loading...

	dfiles.eu/ru/files/nov2502tp	365 B	2023-05-22	2023-05-22
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-22 14:58:13 Last Seen2023-05-22 14:58:13 Times Seen1 Hash 720e73892594fba68421fe67bdf6c847 90a379a40208b6d8fa4be9a0bf933fbbf59fade3 49521b3f01a4797f2cbc7639c3f3491faa42adba6d1d40c15efd20fd9a18b9d2 Loading...

	static.depositfiles.com/js/jquery.validate.js	38 kB	2023-04-05	2024-04-25
Pretty URL static.depositfiles.com/js/jquery.validate.js IP 91.226.124.81 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 16:56:19 Last Seen2024-04-25 17:58:25 Times Seen543 Hash f6d96c36018433b4c22c84fa072983df 3db792e82c157ffc093a3cea08e873343beb6452 df875197ee9dd42c13d717a36886997f9daa05e02641daa025c9039bb37b6126 Loading...

	friendshipmale.com/sfp.js	86 kB	2023-04-05	2023-08-25
Pretty URL friendshipmale.com/sfp.js IP 172.64.140.24 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:35:42 Last Seen2023-08-25 11:30:02 Times Seen8520 Hash 8bf542db65f0ff20d510889d62e5e092 1b1b7cc04275b7641e2f07b0f4bf99b5387303bf 77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711 Loading...

	js.wpshsdk.com/npc/sdk/push.m.js?v=1	67 kB	2023-04-05	2023-05-24
Pretty URL js.wpshsdk.com/npc/sdk/push.m.js?v=1 IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 16:56:19 Last Seen2023-05-24 12:50:30 Times Seen3968 Hash feb36403b62b67278b7e2678eadade8a d9fb0f995c7a6d93af6cc01794d60a3e4ea10220 2802e4618ec30ec53ea5296b1b832279514ea2325caae829c549aed796ce53ff Loading...

	unknown	600 B	2023-03-14	2024-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 11:05:07 Last Seen2024-01-08 08:13:29 Times Seen57 Hash 091f5fc193d59a67dc89e9044107aa33 dc4c1d8f90b31e906e153926d5249ab5b2567932 f689e10c7dbcd8b51f78ab4b82f3cf8ed0ecc30ed59f9029d4f44ace7e5b6bc1 Loading...

	js.wpadmngr.com/static/adManager.m.js	158 kB	2023-05-17	2023-05-29
Pretty URL js.wpadmngr.com/static/adManager.m.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-17 12:38:28 Last Seen2023-05-29 08:19:12 Times Seen1499 Hash dab0e6f83f75fb629b93faf638b0768c b1d129ba6836895c5025831ee1a2f13fd7694c11 032e1167d424f8908b3a76a84fe3151136ab45852d52ab951f81f5e89547c19b Loading...

	js.wpshsdk.com/npc/sdk/wp-banners.js	0 B	2023-03-07	2024-04-26
Pretty URL js.wpshsdk.com/npc/sdk/wp-banners.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 04:16:30 Times Seen37082622 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	jsc.mgid.com/d/e/depositfiles.com.3334.es6.js	299 kB	2023-05-17	2023-05-22
Pretty URL jsc.mgid.com/d/e/depositfiles.com.3334.es6.js IP 104.19.135.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-17 09:47:31 Last Seen2023-05-22 14:58:21 Times Seen6 Hash 97660e5839023ac7070454a69b547c84 259fe847d9edff21a1c949f2040d6db77f4d959a f386013936fc0f58dbbbf6a5fe9317b1545712335a635adcacee40f472c5ecc0 Loading...

	tags.h12-media.com/load2.js	267 kB	2023-03-09	2024-02-29
Pretty URL tags.h12-media.com/load2.js IP 154.51.131.168 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:58:04 Last Seen2024-02-29 22:39:28 Times Seen988 Hash 45595a0a1e2419e734b0637847c17f19 0d3bb5287010fde22f9fa763cc7bc2b6013174a3 647cdfbb012b539f5af58374f519fcd1bf9d9e5330f43026cbf3df02118ed10b Loading...

	dfiles.eu/ru/files/nov2502tp	145 B	2023-03-07	2024-04-18
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:21 Last Seen2024-04-18 04:40:14 Times Seen187 Hash 8e0bb0377b950a499dd16480355eca2c 822db1f872585dd852a5f38e9e6122d5bd9be03a 4aedd119b24a9d2c17490da75d1a3d7ee77301d780fd5bbd5e304ed57b764bb7 Loading...

	dfiles.eu/ru/files/nov2502tp	313 B	2023-03-07	2024-04-18
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:21 Last Seen2024-04-18 04:40:14 Times Seen172 Hash 64eb5b1c65942cd9115f1f07e23ef1bf c41b603bb92b894b215c529117258bf431a8e9d4 65a32bd21267edccaf887e2ca0f3b8721770bbbe8446d228c544e2aa022cd7ab Loading...

	dfiles.eu/ru/files/nov2502tp	139 B	2023-03-07	2024-04-18
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:21 Last Seen2024-04-18 04:40:14 Times Seen188 Hash d216fd9e4ad59099ae10c493bd427be0 cacbc365461a636115168dcf44664d3bef0d7ffd eb39e9be913618bba6aa1af386b20578ac614d93d8ff5425f8c6ada9330b7de6 Loading...

	unknown	80 B	2023-04-11	2024-04-22
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:41:08 Last Seen2024-04-22 14:02:33 Times Seen1512 Hash 985fc03237c0627c6917c1318eddb2dd bc7ed05f47cdccd9678eb254287fd852a315b09e 25e130b987458c7e6c8f17c8b2a170f1f53800b163b9832711eabd699a3693e9 Loading...

	dfiles.eu/ru/files/nov2502tp	26 B	2023-03-07	2024-04-25
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-25 17:58:25 Times Seen595 Hash ed91f0c19cbcd50a62fe290680800145 b42572f05f14b93093f64b146245b32b3d0cbf9e c67d0cfcd4c4e9eb4c73c9ac4c4545d5628603946d522a5fca6f3106749df1e0 Loading...

	cdn.pubfuture-ad.com/v2/unit/pt.js	6.6 kB	2023-05-08	2023-07-18
Pretty URL cdn.pubfuture-ad.com/v2/unit/pt.js IP 104.26.0.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 18:57:55 Last Seen2023-07-18 10:00:36 Times Seen253 Hash 682292a8592cf915768cad01e4b3222d 7cac4c7f0693fe9296ced91b9ea1c60b2475600b 74075ecdd502ca9121a9d6a11e8824771cea3c7e158726e01a2964c750766e1d Loading...

	www.google.com/recaptcha/api.js	850 B	2023-05-19	2023-05-26
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-19 05:24:48 Last Seen2023-05-26 00:37:24 Times Seen2423 Hash b7b728964630ecd7e800d650f14695c5 473f7633fea7e2f828c3df9ab19356286f10a692 f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217 Loading...

	dfiles.eu/ru/files/nov2502tp	107 B	2023-03-07	2024-04-18
Pretty URL dfiles.eu/ru/files/nov2502tp IP 91.226.124.76 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:29:21 Last Seen2024-04-18 04:40:14 Times Seen188 Hash fa5cbfd2df4296e8149b3d8dc839e73b 9225470d8e39272fbe2966c3133cbc4b28c0b8fb d0e6b3ab7a4acedc68c7e282dd0f0a565f4bf832a3b0acba5b3855a44a12123d Loading...

	js.wpadmngr.com/static/adManager.js	1.2 kB	2023-03-08	2023-09-14
Pretty URL js.wpadmngr.com/static/adManager.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:37:08 Last Seen2023-09-14 04:40:07 Times Seen1254 Hash 51b1a71b0add99b35a138609b191ca0a 49f6306d517f897883dcadb89fb725a3cd5f017d 902269f1228994ac73ce1a3ed21d948beb250b5c3d945b459ac6a48a097968fe Loading...

	jsc.mgid.com/d/e/depositfiles.com.3334.js	2.7 kB	2023-04-29	2023-09-02
Pretty URL jsc.mgid.com/d/e/depositfiles.com.3334.js IP 104.19.135.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-29 04:38:32 Last Seen2023-09-02 16:51:34 Times Seen26 Hash 0fcaf139ba4779f96ff73f21e25c5fcd d682d1547e69aeace79744c953966b136d8123fb fa26488d3d63a885506d39afecbf0e24a120024974e51c13fbaebec607cde633 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 3f22c207dbad59397f7a3414ecfa6587	43 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 3f22c207dbad59397f7a3414ecfa6587 8509ea5b1d728f5be0f7eae7548d3593f98c5402 0220aceb9c3413632235ce2598b94dd7a130a95558114c04ad41f9386b69777b Loading...

	#2 Eval - 77c872a879b679ddb8628ee5ac827690	26 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 77c872a879b679ddb8628ee5ac827690 895799a91a5f4cac4be6c5b5de261dccc02cf157 59d45abada49f5b514521b527330402a2d826ae3f0dab2199c58c38f1e511777 Loading...

	#3 Eval - 0e5f4da7554e493ccd00e092e4fd85ff	31 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 0e5f4da7554e493ccd00e092e4fd85ff 78f043bc3bb59baf65185e29f3fa75b5f22d024d fb71685befff6e5c6fb9e2dd5f9bea6c71a2a162b39920f3927ef5ebfcf0134d Loading...

	#4 Eval - 1fedf6baa87d9b256a83e8e3e1b65056	35 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 1fedf6baa87d9b256a83e8e3e1b65056 0263fde258ce38794a920a672a854204bd618bcc 7013ec5264e02f54f3b42e05b51fd1ad0f180fa3870b71acd2f1a384cc81d601 Loading...

	#5 Eval - 1877f709235efe3edcf15b14afba4ca2	35 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 1877f709235efe3edcf15b14afba4ca2 b2b3bc3c703e869ae5f190981b0354bbd8abbbf6 41aae560d6dd4b675e6e45d30c1572db537659e580ac434c4b89b76e4f3dc5ac Loading...

	#6 Eval - cef0b78101ef9c4812fae1e6cafda473	21 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1123 Hash cef0b78101ef9c4812fae1e6cafda473 f8fb9a7ff103d095cd4f5a80f5b6f0e2cfce4356 5f7d79033f82e1d81e2e6490b1fe43f241e2889aae35ea6d5f968ca697f5a577 Loading...

	#7 Eval - 76c4793055e5506049c3d1a3ca7c9961	39 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 76c4793055e5506049c3d1a3ca7c9961 20339a96f3b80e1543d7834aa40915986a6ecb28 aaa8c0ab87c7070701d0a29a610c65a4c1d29153c2d14623602acef3eea646dd Loading...

	#8 Eval - 4e70865b8eb7f390c3e82cb023ec718e	39 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 4e70865b8eb7f390c3e82cb023ec718e 2242a0ee3b512687bd55789854529cb4f2106e20 04f881dff1163e4e36943700ddbcf25667dfe7e0b154d21e181a771955264d60 Loading...

	#9 Eval - e116d02f42e23573c47a3e5d2a93e2e7	46 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1124 Hash e116d02f42e23573c47a3e5d2a93e2e7 34a847abb13bc8a6607d118069415661c48ffafc e218a1ac15f252350ef2646dead414bf35db450215962e63da301cb7c3f064eb Loading...

	#10 Eval - 3dd772ed2472872392d0a81700b9ccca	28 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 3dd772ed2472872392d0a81700b9ccca b070cf82068fd167e47ef731788cb29ef6f85516 fca3cd5a7ca3a44b75f81e0c169fe599fb48741835c83b5616e304b3f722522b Loading...

	#11 Eval - 6417cc1e9a41402a403a38f10e401182	41 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1124 Hash 6417cc1e9a41402a403a38f10e401182 c0ef1ed95155ccd56c01207ad2e42b9e2edbbd8e 25fde17ee6ee622be6ebf83118c8802af55f2721a375a4017d6dec6edaf3b37b Loading...

	#12 Eval - 4df9c33be035899035ba28356b2bc2c0	22 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 4df9c33be035899035ba28356b2bc2c0 e438d9658895c6c7a57a5eda1bb97d3715360ccf c624a79f9c72c617d0ed1ad3207a67a39f6243071e14c4ebeace5dcff97313a3 Loading...

	#13 Eval - cb78ba36cac064165e41253b248d1e96	36 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash cb78ba36cac064165e41253b248d1e96 1d1f956853fd2f2d7d4e291b5d615537bb96713f 2d498779a32244d72a8a7d953918ce95c00fab9d3b129b2a1c3125fb263ccb45 Loading...

	#14 Eval - aa4b04f82e6a9ea00c22ad12c62ae537	31 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash aa4b04f82e6a9ea00c22ad12c62ae537 43b5422f1f6b61b34e126bdf039b8cbc6f0d697c 0408d20a8555f96ab5cced9f89880c477f78d4ade576e5618b04094f034fb081 Loading...

	#15 Eval - c4c99d99e150fd4661e8259b8f0baac8	35 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1124 Hash c4c99d99e150fd4661e8259b8f0baac8 77772ffc0d98ada5f46c88c69fd7ba7cc1c3a96d 022ae916a59e1d7cb709a35e757c60e6626bfccd2c1e87c5ad6b432f0f1b1538 Loading...

	#16 Eval - da9b396eb92f6b099e8d0e01044e253d	19 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1124 Hash da9b396eb92f6b099e8d0e01044e253d 929359434c1f79501f2dd778c5a9a6af9034476b 631bd9a13534679ce526b007d4fc8352793377d89bcc321392b01ecf075c4101 Loading...

	#17 Eval - adcadd21e1cc9b9d64a652b7179b929a	45 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash adcadd21e1cc9b9d64a652b7179b929a d4433f6c1d1b07f13e8380cfd95c542b9c2535df e44d38f746ee1fa3b3ef03ed6ea3f298c25e173b6daea3c4505afce8bb869508 Loading...

	#18 Eval - bcfc797a1fd15c07566cb8930dde093f	41 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash bcfc797a1fd15c07566cb8930dde093f 564385b812a1c00532b2f7e6c66ddd6f8d0d4200 e9d851c02746b7bd4d9207264c143f76480b69aa3552b1cdaa79ee537d83f5ac Loading...

	#19 Eval - 308ce9eddcf87856319c6e887a328f7a	28 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 308ce9eddcf87856319c6e887a328f7a e0741915340fd264162316bc3bd1749265d0ec9b 4f6a557989f79654728dcb244539b604c5329db30b964d6e8c524c72517b9fa6 Loading...

	#20 Eval - 45ce5d15da1dc1603f56d0399b3399c6	30 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 45ce5d15da1dc1603f56d0399b3399c6 285d4d78fc31669c66f2e463ebe81cc020356b3b 7ceacb36606d6f6599d3ed5454c31152cb4417fb3c02ebb66431c4227a653726 Loading...

	#21 Eval - 88d55cacec67fdda96068949334b0499	25 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 88d55cacec67fdda96068949334b0499 78575799753ceb53d79fd7ce691b691adfbcddcd cfd8889f26f46323b63c7766e414faf4a4171cc959c4c2b2e6a64c0ec3edf13f Loading...

	#22 Eval - 4e96dc12176baffec5f6c2b824b8b037	21 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1124 Hash 4e96dc12176baffec5f6c2b824b8b037 cbffdfa5e083b9ff6d40f059aed02ad96cdcd77d 37ceb2a749341c51c7b8c25daaa71dc167b4aba7485c9b398b8ab004b685e492 Loading...

	#23 Eval - 282b4cc68a675357c3ca24fe28d8ab04	19 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 282b4cc68a675357c3ca24fe28d8ab04 c8b868fb5effed4b8596709293518ce4caf64131 67909fba812519f6eced963d195970a41923b591290d48f96704719fc6b74ec5 Loading...

	#24 Eval - b326b5062b2f0e69046810717534cb09	4 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-26 04:05:33 Times Seen23323 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	#25 Eval - 6ae367f7d7c3f08e67a16f4ad82e7dca	42 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 6ae367f7d7c3f08e67a16f4ad82e7dca 81424a630ea828a1b783bedccbe3614e2702c299 2fc752a40595d1d6681e6be3ebd8f44cdda99876ff9ee19fe654647a6a11415e Loading...

	#26 Eval - c046c71777b1d9ff147a8d04d76771e5	32 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1124 Hash c046c71777b1d9ff147a8d04d76771e5 c3c7716eab0ed9ea66365a6f9f7bac166dfaca94 a535a9a97ed5a801419c63a6e764dd3b24c8456f177155717caf9ba3411ef756 Loading...

	#27 Eval - b9c95d7df82ab576585babc9b933f844	36 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash b9c95d7df82ab576585babc9b933f844 3855cdde37780e1b763b995bfb977036917f803a a612f8985aebacd5c5fa6b17d16982a29983ae9131bae94403ff9abe1ce2ded2 Loading...

	#28 Eval - deadc7431ca60c864078c7b1b57b0382	45 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash deadc7431ca60c864078c7b1b57b0382 088b94c9b490d0454434bfafb684c6ef4c3c3d1d d7fff9897aaa9675a3652e7cac1a8c2a3427b896b5cc0ab5ffd628f9bb106e34 Loading...

	#29 Eval - 97976045385267c941449d1ba56a276e	33 B	2023-03-07	2023-10-31
Pretty Observations First Seen2023-03-07 01:06:24 Last Seen2023-10-31 22:34:33 Times Seen1125 Hash 97976045385267c941449d1ba56a276e 3ffc8cc59740faafcf3b0f0efb3f12f6b689dc90 92cc9c48ca7d897742a37b1578ba7c99e9d9c405fced233bb9a3270ef84fddfc Loading...

		Size	First Seen	Last Seen
	#1 Write - a4b4f175f26e40be71e14537803ba079	73 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:18:54 Last Seen2024-04-25 21:40:34 Times Seen448 Hash a4b4f175f26e40be71e14537803ba079 9ba9d5b82309467c816ada4bddacc415cc87768b ee5bc98c2972e91e39c490cf5f5dbedc0ad8f5043e6e444205db64675eab4aea Loading...

	#2 Write - c9268ea7bf9c06b01c428b849dbc8108	41 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:18:54 Last Seen2024-04-25 21:40:34 Times Seen443 Hash c9268ea7bf9c06b01c428b849dbc8108 4d677d34ddf4b43f584de3d283b19266e4a43efd 9ee47f40cb011b5528a36281059ed45c66626a3073a9d7db246a19ea2ece51db Loading...

	#3 Write - 82a0aecc6f792e73fa1ea7e23c13eb7e	1.1 kB	2023-05-22	2023-05-22
Pretty Observations First Seen2023-05-22 14:58:13 Last Seen2023-05-22 14:58:13 Times Seen1 Hash 82a0aecc6f792e73fa1ea7e23c13eb7e 8f91facb1550753b27b9e2d4590c96876a06fd47 ec39ed0fab5af1bd6b1aaee588b3cbbabd16d81e1ee726da9b33af00d580e770 Loading...

	#4 Write - 3da2070fe4150080f43f782f1eb4888e	14 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:18:54 Last Seen2024-04-25 21:40:34 Times Seen487 Hash 3da2070fe4150080f43f782f1eb4888e 407bba0586b78a9159c780876977a7790d012c5e 534eea26e25b4b30614a9fc9251edab2bf9f7d43fb984ad7934a9cdf90e59d57 Loading...

	#5 Write - 3bc42f03b3f1761ea9f95a335ab2bbba	77 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-25 17:58:25 Times Seen582 Hash 3bc42f03b3f1761ea9f95a335ab2bbba 4ab15b6c153a542425f02baadcc1ed4867078b8d 1f8c7edef8c37d8821755ee623f481f29d6584195b327d15ac5abe6d243d8ec0 Loading...

	#6 Write - f846a6f7f9f77ee64de243dd2e11c9ae	164 B	2023-05-06	2024-04-25
Pretty Observations First Seen2023-05-06 12:18:48 Last Seen2024-04-25 17:58:25 Times Seen475 Hash f846a6f7f9f77ee64de243dd2e11c9ae 81b65f57f43372a490c1a82b0a40c3d18b40b0bf 63f0d3c423380243710222e2b275efa59ab2ed4eec8aab35781707f6459c407d Loading...

	#7 Write - 3e931d5c0ce8a94e81104c08d67872ba	164 B	2023-03-13	2024-04-25
Pretty Observations First Seen2023-03-13 12:53:25 Last Seen2024-04-25 17:58:25 Times Seen550 Hash 3e931d5c0ce8a94e81104c08d67872ba f13674fd6a6089aee16a19b1807f2f0fd2d9a0e2 18dea144f4b37879ae8916760ee75a30bb0e4d06fc7fa341029a70593a89d669 Loading...

HTTP Transactions (87)

URL IP Response Size

dfiles.eu/ru/files/nov2502tp

91.226.124.76

200 OK

6.1 kB

URL User Request GET HTTP/1.1
dfiles.eu/ru/files/nov2502tp
IP
91.226.124.76:443
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (336), with CRLF, CR, LF line terminators
Size
6.1 kB (6133 bytes)
Hash
d45169a2dca865a1a92b18aac1f1e916
ac2fba4ac2e69461ec45e5596889a33e85d432ba
d8b6ea5e381320defd921a1f72a8fe424d397767a5a19eae0b19d9c66737f06d

HTTP Headers

GET /ru/files/nov2502tp HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; path=/; domain=.dfiles.eu
last_file=nov2502tp; path=/; domain=.dfiles.eu
lang_current=ru; expires=Tue, 21-May-2024 12:57:47 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8fe4fdacb4bc7ddc187ed527a4044d21
40d4f9abbccfecadc35e9b78d0a9af7bc39e60b2
406cd7d402626ed9e9fbf3fc35aef21d76e7b8c1b122b26c3aaf390e62bccd40

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4b606a89062b860c8b452c4c3877397c
39ba4e3efb89e39deffa0c93cb01b63cb1975e67
85c1f8e7679b507431d39f010a515ddcc840dbcbedfe06edf1ea94a8e7dd2a15

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.depositfiles.com/js/jquery.validate.js

91.226.124.81

200 OK

38 kB

URL GET HTTP/1.1
static.depositfiles.com/js/jquery.validate.js
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (1238)
Size
38 kB (38269 bytes)
Hash
d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7

HTTP Headers

GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-957d"
Expires: Mon, 22 May 2023 13:02:48 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/js/function.js

91.226.124.81

200 OK

35 kB

URL GET HTTP/1.1
static.depositfiles.com/js/function.js
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
ASCII text, with very long lines (4240)
Size
35 kB (34915 bytes)
Hash
a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84

HTTP Headers

GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-8863"
Expires: Mon, 22 May 2023 13:02:48 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/css/main.css

91.226.124.81

200 OK

47 kB

URL GET HTTP/1.1
static.depositfiles.com/css/main.css
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
ASCII text, with very long lines (332)
Size
47 kB (46819 bytes)
Hash
af57443dfa4bc2d3299321923ae1c57f
d922badb0ed1d665302cf93268e9960d0a04c065
50d446eade67c33dc4dba74f2f2b7480b5021de5a98bfedc1f10ce5c35d966f3

HTTP Headers

GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: text/css
Last-Modified: Tue, 26 Apr 2022 10:45:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6267cd55-2f719"
Expires: Mon, 22 May 2023 13:02:48 GMT
Cache-Control: max-age=300
Content-Encoding: gzip

static.depositfiles.com/js/base2.js

91.226.124.81

200 OK

399 kB

URL GET HTTP/1.1
static.depositfiles.com/js/base2.js
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (65481)
Size
399 kB (398927 bytes)
Hash
2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc

HTTP Headers

GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-6164f"
Expires: Mon, 22 May 2023 13:02:48 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

www.google.com/recaptcha/api.js

142.250.74.164

200 OK

557 B

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint85:AD:43:66:C0:73:07:1B:B5:5D:4A:83:4B:76:3F:DA:4B:2B:E1:F8
ValidityMon, 24 Apr 2023 12:01:16 GMT - Mon, 17 Jul 2023 12:01:15 GMT

File type
ASCII text, with very long lines (850), with no line terminators
Size
557 B (557 bytes)
Hash
b7b728964630ecd7e800d650f14695c5
473f7633fea7e2f828c3df9ab19356286f10a692
f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Mon, 22 May 2023 12:57:48 GMT
date: Mon, 22 May 2023 12:57:48 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-BL9163LYG1

142.250.74.72

200 OK

85 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint55:51:32:58:36:72:A1:C8:50:5E:5A:8D:CE:A5:2F:DC:D7:1E:62:03
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT

File type
ASCII text, with very long lines (4509)
Size
85 kB (85378 bytes)
Hash
163239702e770c938f497b0bcceba9cf
c80b41e3b85c762f076ef379e442af495618bc26
77476cbbb99533e00fa1bb185524db403c412fc3551c0cb1d86bab4666d5384f

HTTP Headers

GET /gtag/js?id=G-BL9163LYG1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 22 May 2023 12:57:48 GMT
expires: Mon, 22 May 2023 12:57:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85378
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.pubfuture-ad.com/v2/unit/pt.js

104.26.0.97

200 OK

3.0 kB

URL GET HTTP/2
cdn.pubfuture-ad.com/v2/unit/pt.js
IP
104.26.0.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (6612), with no line terminators
Size
3.0 kB (2989 bytes)
Hash
682292a8592cf915768cad01e4b3222d
7cac4c7f0693fe9296ced91b9ea1c60b2475600b
74075ecdd502ca9121a9d6a11e8824771cea3c7e158726e01a2964c750766e1d

HTTP Headers

GET /v2/unit/pt.js HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:48 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-bgj: minify
access-control-allow-origin: *
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
etag: W/"19d4-fKxMfwaT/pKWztkbnqHGCyR1YAs"
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: HIT
age: 90443
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lx3shDQHoDPRL77LLNdfBXGk0eE%2FWpgo6tVwzrPsPvSJXuXO6JeUBlWyc7ZB3ZVzZwzfQh%2F4z2iTHq%2BIWo9Ln3ZTwuqwct4I2MN%2FPKx5Ehn5Xzvh3FicmZMlT7FnACRsi87hw47%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb53a1e29901c16-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
73d84022844c72951a56044d4bcf3039
1bb5397b6fdab7f58f63e715bdf3111708d96a2f
a86c145779bbdc93a14c8e42495d6cd431d6d820e268c66e9960244fa7ea3ecf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

js.wpadmngr.com/static/adManager.js

45.133.44.52

200 OK

1.1 kB

URL GET HTTP/2
js.wpadmngr.com/static/adManager.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT

File type
gzip compressed data, from Unix\012- data
Size
1.1 kB (1084 bytes)
Hash
4237dc068ce845f1292d9163def36dd5
a5df2103b9d2f74e034dcc068559f40ec6b94696
0a21a191ec82c7b5e4c1b49d70f0a3dd94df5c698516974d61e88404765490ca

HTTP Headers

GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:48 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Mon, 22 May 2023 13:02:48 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js

173.233.137.36

200 OK

13 kB

URL GET HTTP/1.1
pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT

File type
ASCII text, with very long lines (37179), with no line terminators
Size
13 kB (13443 bytes)
Hash
cd9fbf2a2e9cf3e6ef15d6fab526f14c
3d7ce7ad1396ed1844fe444cca26bcac6de1cbc3
30e364ace5487fc6e6ca4ae64e46d60d21f2a27e92e82cc3da57cbcdf9c64369

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5db988bd3d7f00e9939d100446baa7f6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

static.depositfiles.com/images/logo.png

91.226.124.81

200 OK

3.6 kB

URL GET HTTP/1.1
static.depositfiles.com/images/logo.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Size
3.6 kB (3623 bytes)
Hash
c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-e27"
Accept-Ranges: bytes

static.depositfiles.com/images/member_menu_bg.gif

91.226.124.81

200 OK

78 B

URL GET HTTP/1.1
static.depositfiles.com/images/member_menu_bg.gif
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 1 x 48\012- data
Size
78 B (78 bytes)
Hash
20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df

HTTP Headers

GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-4e"
Expires: Sat, 27 May 2023 12:57:49 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/timer.gif

91.226.124.81

200 OK

12 kB

URL GET HTTP/1.1
static.depositfiles.com/images/timer.gif
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 70 x 70\012- data
Size
12 kB (11607 bytes)
Hash
fb170c2ce20d8088b7cee465689c3637
9759429c7de6921580fac900c4c6026c758bb94c
6b5c53dd4d2d07c854e019e55458ff9652a4d9b7bf1fe8848ad00ca16032e294

HTTP Headers

GET /images/timer.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/gif
Content-Length: 11607
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-2d57"
Expires: Sat, 27 May 2023 12:57:49 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/flags/lang24.png

91.226.124.81

200 OK

9.2 kB

URL GET HTTP/1.1
static.depositfiles.com/images/flags/lang24.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Size
9.2 kB (9172 bytes)
Hash
efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b

HTTP Headers

GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-23d4"
Accept-Ranges: bytes

static.depositfiles.com/images/sprite.png

91.226.124.81

200 OK

37 kB

URL GET HTTP/1.1
static.depositfiles.com/images/sprite.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Size
37 kB (36802 bytes)
Hash
2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0

HTTP Headers

GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-8fc2"
Accept-Ranges: bytes

static.depositfiles.com/images/sprite16.png

91.226.124.81

200 OK

28 kB

URL GET HTTP/1.1
static.depositfiles.com/images/sprite16.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28501 bytes)
Hash
2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1

HTTP Headers

GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-6f55"
Accept-Ranges: bytes

ocsp.r2m01.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
4fb4e14360269a777e89f1f9175622e9
1a252cc9528cd7d4a2291b23795c29708a982a9d
0426e5f6443589135ea3c7a50269889d57dcf256ddd32bc9374839cdb71612e5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Mon, 22 May 2023 12:57:49 GMT
Last-Modified: Mon, 22 May 2023 12:12:06 GMT
Server: ECAcc (nya/1C6C)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _EhvkwRPxxOkUTM5XrgQGSYs1RmKK4iPDdXiPxUS_Htgss1jmalBLA==
Age: 2744

simplewebanalysis.com/stats

18.192.155.180

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
18.192.155.180:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ce31f5b8d85c38a8a5960dbf08fdb063
d76d0785dddfdba73670d27bc9e5e12305c41d0f
a2029a3adc9e8733af17665d85d5babf86f2f38a3817048ac73247a24cca43c3

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca:3:1; expires=Thu, 19 May 2033 12:57:49 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

adsbb.dfiles.eu//ad.php?z=7&c=NO&g=no_file&u=646b66cbe1a0a-56726135

91.226.124.80

303 See Other

0 B

URL GET HTTP/1.1
adsbb.dfiles.eu//ad.php?z=7&c=NO&g=no_file&u=646b66cbe1a0a-56726135
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //ad.php?z=7&c=NO&g=no_file&u=646b66cbe1a0a-56726135 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf7=1; expires=Tue, 23-May-2023 12:57:49 GMT; Max-Age=86400
Location: /upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

adsbb.dfiles.eu//ad.php?z=60&c=NO

91.226.124.80

303 See Other

0 B

URL GET HTTP/1.1
adsbb.dfiles.eu//ad.php?z=60&c=NO
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //ad.php?z=60&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf60=1; expires=Tue, 23-May-2023 12:57:49 GMT; Max-Age=86400
Location: /upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

adsbb.dfiles.eu//ad.php?z=58&c=NO&g=no_file

91.226.124.80

303 See Other

0 B

URL GET HTTP/1.1
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=no_file
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //ad.php?z=58&c=NO&g=no_file HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Tue, 23-May-2023 12:57:49 GMT; Max-Age=86400
Location: /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

adsbb.dfiles.eu//ad.php?z=56&c=NO

91.226.124.80

303 See Other

0 B

URL GET HTTP/1.1
adsbb.dfiles.eu//ad.php?z=56&c=NO
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Tue, 23-May-2023 12:57:49 GMT; Max-Age=86400
Location: /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

friendshipmale.com/sfp.js

172.64.140.24

200 OK

74 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.140.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
74 kB (73866 bytes)
Hash
8bf542db65f0ff20d510889d62e5e092
1b1b7cc04275b7641e2f07b0f4bf99b5387303bf
77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e96937981638562bbda2dad794d9c681
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 22 May 2023 12:57:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Edd8MT7VigRjYFXTFNtrzMUGmuk8M3M9xe1ISDAp71WGbpA7pyPNTqkRd8dwUOMgfsupG%2BlhrygXeXFXKOkT7ZntRoJxQY0UXqt6rdY45hQgR0TtBNthFFI1w5JCKmJbLznpZ%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a22c8958880-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

91.226.124.80

200 OK

670 B

URL GET HTTP/1.1
adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
670 B (670 bytes)
Hash
76bdc27ed23e8861cc37b1f623a2fc38
412d6e0a67e7fc50b6d2351f3b1864b301466f20
3aec406595384aaa86ecfd3b6c29b72ddcc46414be2f9bc4e6ed6b39c86c6c95

HTTP Headers

GET /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Mon, 22 May 2023 12:55:01 GMT
Content-Encoding: gzip

adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

91.226.124.80

200 OK

670 B

URL GET HTTP/1.1
adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
670 B (670 bytes)
Hash
c7509bd14e0e4597d2ddaa92e4f3855e
ef498db81d3382d75a962059c374350c9b0d3614
4cb6f19c6dd7743179be310e7f1f197e89ca46834aac27c587b73cf2bc6cf85b

HTTP Headers

GET /upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Mon, 22 May 2023 12:55:01 GMT
Content-Encoding: gzip

na.nawpush.com/tags/46445?version_name=d

45.133.44.25

200 OK

578 B

URL GET HTTP/2
na.nawpush.com/tags/46445?version_name=d
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectna.nawpush.com
Fingerprint06:8A:2E:29:09:91:41:F0:6E:1C:15:DE:41:23:FB:9C:E4:5B:47:B0
ValidityMon, 03 Apr 2023 01:01:43 GMT - Sun, 02 Jul 2023 01:01:42 GMT

File type
JSON data\012- , ASCII text, with very long lines (578), with no line terminators
Size
578 B (578 bytes)
Hash
48cf99226e98595889e80d389697c90c
6c6f7b9047532c20c72d68b246dafe3db8ca16b5
e81d3360bc9596b20a9ea1289549039c2b4d0350a4cd9122c1578605b56f7055

HTTP Headers

GET /tags/46445?version_name=d HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/json
content-length: 578
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

91.226.124.80

200 OK

2.4 kB

URL GET HTTP/1.1
adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (879)
Size
2.4 kB (2381 bytes)
Hash
84a7f34786af7d3e931bb8802dead4f5
338236af2ab0737b4cfd33a0ceca659572c918e7
a705ff060fcac31c1020a33e654c505dd379c93da8a3d5e8535b7d2a46517137

HTTP Headers

GET /upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Mon, 22 May 2023 12:55:01 GMT
Content-Encoding: gzip

adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

91.226.124.80

200 OK

678 B

URL GET HTTP/1.1
adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
678 B (678 bytes)
Hash
63818b58463bdb287634f8579dfd9179
ac385cf361a2c977b03e62f5f68bcbddd743cca8
de38551de875cc0fc3ae6b1bc4e66967ea25f9b3f690d84ca3cc9ce290dd09ed

HTTP Headers

GET /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Mon, 22 May 2023 12:55:01 GMT
Content-Encoding: gzip

js.wpshsdk.com/npc/sdk/wp-banners.js

45.133.44.53

200 OK

0 B

URL GET HTTP/2
js.wpshsdk.com/npc/sdk/wp-banners.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Mon, 22 May 2023 13:02:49 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

variedpretenceclasped.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js

173.233.139.164

200 OK

29 kB

URL GET HTTP/1.1
variedpretenceclasped.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28767 bytes)
Hash
2353be6f557c3dc8f40d9718370df747
65c8563b35f4cc05fbd4643067251b24bab5a7ee
43eebee0857eaaeb3389acedd9b561377bd5ca4508fe444466f6e7f1e0962c94

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9ba885bb13d03d2c0f1a729f86455f5a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ip2geo.pubfuture-ad.com/detail

172.67.70.21

200 OK

33 B

URL GET HTTP/2
ip2geo.pubfuture-ad.com/detail
IP
172.67.70.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
007af5ffed017e37943df31888ef8666
2877ed4c460ba9164b3625e32502a9d83a2a1d4a
bfb9d45766b6f87ee2c5f55862cdffe168aa7df0ff6ed0917b0fbcb035fdcdd2

HTTP Headers

GET /detail HTTP/1.1
Host: ip2geo.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/json; charset=utf-8
content-length: 33
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"21-KHftTEYLqRZLNiXjJQKp2DoqHUo"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDfxzFxF%2B%2BNmSE%2FIUGuB9LqriYYTUqnmgnjvwwXJQFdvbS%2BaWLT3G%2FuePc3v7pb1BvkUkS10zZLv0joT9BZsz7i8wff%2BCO4wbkYGnTRXvqHQGYhauITwWEr%2BNZEazs1nMxuBdReP9gPO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb53a235c910b49-OSL
X-Firefox-Spdy: h2

simplewebanalysis.com/stats

18.192.155.180

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
18.192.155.180:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ce31f5b8d85c38a8a5960dbf08fdb063
d76d0785dddfdba73670d27bc9e5e12305c41d0f
a2029a3adc9e8733af17665d85d5babf86f2f38a3817048ac73247a24cca43c3

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

jsc.mgid.com/d/e/depositfiles.com.3334.js

104.19.135.78

200 OK

86 kB

URL GET HTTP/2
jsc.mgid.com/d/e/depositfiles.com.3334.js
IP
104.19.135.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint44:BF:9D:AD:98:A7:1A:F2:1D:18:EF:4E:3E:BE:C0:D8:28:4D:9F:04
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2681), with no line terminators
Size
86 kB (86235 bytes)
Hash
0fcaf139ba4779f96ff73f21e25c5fcd
d682d1547e69aeace79744c953966b136d8123fb
fa26488d3d63a885506d39afecbf0e24a120024974e51c13fbaebec607cde633

HTTP Headers

GET /d/e/depositfiles.com.3334.js HTTP/1.1
Host: jsc.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=2682
etag: W/"dc4a6a72287fc2c12d0a694c456249a5"
last-modified: Thu, 11 May 2023 07:52:34 GMT
x-amz-id-2: wf7rOHIB8wOFVPKVqSi1BYgQdLnc13saXsO5GL0HBWPwFu1o5ge2dwoXEYiwpfKxO7WOD1o0RMk=
x-amz-request-id: TDY2VSJSHQHN6445
x-amz-server-side-encryption: AES256
x-amz-version-id: gNGWYSrdgKjFIAUHdjefF0xeI2yJMdjT
cf-cache-status: HIT
age: 2927
expires: Mon, 22 May 2023 15:57:49 GMT
cache-control: public, max-age=10800
set-cookie: __cf_bm=rS1Ws8Q8eAtYDIKJM.jzbbaU.v2hifzj7_X98j463kU-1684760269-0-ATUoub/EGup6UA4ILRmhus3cjtyp1II8TaIzTrc8WS1MfdG2hK3RhhnhdiLVFZSIrD+MP6xEjZ/h7YCtMcEBahw=; path=/; expires=Mon, 22-May-23 13:27:49 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a260e980b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js

91.226.124.80

200 OK

85 kB

URL GET HTTP/1.1
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
Unicode text, UTF-8 text, with very long lines (65168)
Size
85 kB (85260 bytes)
Hash
b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

HTTP Headers

GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js

91.226.124.80

200 OK

85 kB

URL GET HTTP/1.1
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
Unicode text, UTF-8 text, with very long lines (65168)
Size
85 kB (85260 bytes)
Hash
b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

HTTP Headers

GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js

91.226.124.80

200 OK

85 kB

URL GET HTTP/1.1
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://adsbb.dfiles.eu/upload/2303/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
Unicode text, UTF-8 text, with very long lines (65168)
Size
85 kB (85260 bytes)
Hash
b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

HTTP Headers

GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:49 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

static.depositfiles.com/images/favicon.ico

91.226.124.81

200 OK

318 B

URL GET HTTP/1.1
static.depositfiles.com/images/favicon.ico
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Size
318 B (318 bytes)
Hash
0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-13e"
Accept-Ranges: bytes

variedpretenceclasped.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6

173.233.139.164

200 OK

3.1 kB

URL GET HTTP/1.1
variedpretenceclasped.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type
JSON data\012- , ASCII text, with very long lines (5415), with no line terminators
Size
3.1 kB (3071 bytes)
Hash
c3c158803e7b101b114c2812e9f572a8
a900b5a5c7f4ba7dba7ae7a622de1b020770c98a
69aa776d444f38b77c160b7a8270d507585ae7f501e79e479b9ddb2a4a20c73f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Tue, 23 May 2023 12:57:49 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 23 May 2023 12:57:50 GMT; secure; SameSite=None
uncs=1; expires=Tue, 23 May 2023 12:57:50 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 23 May 2023 12:57:50 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 23 May 2023 12:57:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9de0c51e2cac3ec4e6707f07a1af6112
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js

142.250.74.99

200 OK

167 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (554)
Size
167 kB (166637 bytes)
Hash
213e1a6e418f3df36f2ec077314ef525
7a553e545a48271f3afec47b3ed5f3518cfdd7b4
ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d

HTTP Headers

GET /recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166637
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 12:27:21 GMT
expires: Tue, 21 May 2024 12:27:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 May 2023 04:00:52 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 1829
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=646b662534f1e6290753792426853

91.226.124.80

43 B

URL
adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=646b662534f1e6290753792426853
IP
91.226.124.80:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /view.gif?c=2685&z=56&b=2758&u=646b662534f1e6290753792426853 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 12:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ontosocietyweary.com/pixel/purst?dl=0&th=0&sc=0&rs=1948&rd=1948&fd=557&bv=22.10.v.10&tmpl=136

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
ontosocietyweary.com/pixel/purst?dl=0&th=0&sc=0&rs=1948&rd=1948&fd=557&bv=22.10.v.10&tmpl=136
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectontosocietyweary.com
Fingerprint23:8E:D7:B8:76:99:AB:94:CB:5E:65:42:A9:B3:CA:11:59:80:B3:5B
ValidityMon, 01 May 2023 19:23:36 GMT - Sun, 30 Jul 2023 19:23:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1948&rd=1948&fd=557&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: ontosocietyweary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

c.mgid.com/pv/?pv=5&cbuster=1684760270170812184719&lct=1683763200&jsv=es6&iframe=1&ref=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&cxurl=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&lu=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&sessionId=646b66ce-0305b&pageView=1&pvid=1884389955c854fb663&site=437&implVersion=11&dpr=1&tfre=700

104.19.135.78

0 B

URL
c.mgid.com/pv/?pv=5&cbuster=1684760270170812184719&lct=1683763200&jsv=es6&iframe=1&ref=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&cxurl=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&lu=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&sessionId=646b66ce-0305b&pageView=1&pvid=1884389955c854fb663&site=437&implVersion=11&dpr=1&tfre=700
IP
104.19.135.78:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pv/?pv=5&cbuster=1684760270170812184719&lct=1683763200&jsv=es6&iframe=1&ref=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&cxurl=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&lu=https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp&sessionId=646b66ce-0305b&pageView=1&pvid=1884389955c854fb663&site=437&implVersion=11&dpr=1&tfre=700 HTTP/1.1
Host: c.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=rS1Ws8Q8eAtYDIKJM.jzbbaU.v2hifzj7_X98j463kU-1684760269-0-ATUoub/EGup6UA4ILRmhus3cjtyp1II8TaIzTrc8WS1MfdG2hK3RhhnhdiLVFZSIrD+MP6xEjZ/h7YCtMcEBahw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 22 May 2023 12:57:50 GMT
content-length: 0
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cb53a29de37b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

adsbb.dfiles.eu/view.gif?c=2687&z=60&b=2759&u=646b6625353936208151743881645

91.226.124.80

200 OK

43 B

URL GET HTTP/1.1
adsbb.dfiles.eu/view.gif?c=2687&z=60&b=2759&u=646b6625353936208151743881645
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /view.gif?c=2687&z=60&b=2759&u=646b6625353936208151743881645 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646b6625405578568791245036597

91.226.124.80

43 B

URL
adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646b6625405578568791245036597
IP
91.226.124.80:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /view.gif?c=2973&z=58&b=2775&u=646b6625405578568791245036597 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=6015a2c77e0b11bb266d5e2b7671575d; last_file=nov2502tp; lang_current=ru; _ga_BL9163LYG1=GS1.1.1684760268.1.0.1684760268.0.0.0; _ga=GA1.1.207159675.1684760269; _nf7=1; _nf60=1; _nf58=1; _nf56=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

simplewebanalysis.com/stats

18.192.155.180

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
18.192.155.180:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ce31f5b8d85c38a8a5960dbf08fdb063
d76d0785dddfdba73670d27bc9e5e12305c41d0f
a2029a3adc9e8733af17665d85d5babf86f2f38a3817048ac73247a24cca43c3

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:50 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true

143.204.55.96

200 OK

54 kB

URL GET HTTP/2
cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
IP
143.204.55.96:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 160x600, components 3\012- data
Size
54 kB (54292 bytes)
Hash
5dcf47442fc7fbb8d0263bbf4869537e
2c8232ac93448bbc06b5464f1839a5cdb2ed3e07
81804a1b2b20350ec009ba6429a4f58124c16ca30683af0af255544cd98c8fa6

HTTP Headers

GET /autopromos/unicef3.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 54292
last-modified: Tue, 12 Apr 2022 08:41:27 GMT
x-amz-version-id: iA22.ytP0i4dmuIhnc0eyNVgJlt2K4fl
accept-ranges: bytes
server: AmazonS3
date: Mon, 22 May 2023 03:29:16 GMT
etag: "5dcf47442fc7fbb8d0263bbf4869537e"
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: np3ujQ_sd-7ZfdzSl5NMR2T6ASowRXH0GjuCHroJ7U6F-YmPGJJ9Fg==
age: 34115
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true

143.204.55.96

200 OK

37 kB

URL GET HTTP/2
cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
IP
143.204.55.96:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Size
37 kB (36773 bytes)
Hash
58fbb6ffe72ac0c1aa468de39ee18e13
d25230f1ef89aecc6048b0ceb09dd0af609ee7b6
e8ff7f3a8926e5b5497d2ab7a1bf47c5655e287a51045f11846f426ac6c7d180

HTTP Headers

GET /autopromos/unicef2.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 36773
last-modified: Tue, 12 Apr 2022 08:41:28 GMT
x-amz-version-id: xUurxjfnscsyJn430NFsrgfbabIFowSl
accept-ranges: bytes
server: AmazonS3
date: Sun, 21 May 2023 21:12:04 GMT
etag: "58fbb6ffe72ac0c1aa468de39ee18e13"
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wX1AQssjb1OQK7wskR8WfK4E1M9iUGHnrCOgLlPO03XTFhPCqfatBA==
age: 71817
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

variedpretenceclasped.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2%2FcRBTHx6XqAbiUckECtDdAQhvb8f6iB9RQgiJCU1oQ3NB4ZrwZduyxZjzrTcQhohLqcfkPnO8mjYCoKn8ACDncKlXKcsqBHJD6ByBQz2g3KxaeZL33fd93%2BLzn%2BWbfnRMfjp6tf6R3pVJ0pdX0G29%2BHgTXG5syc6PGqNv%2Boh1db5jhO4Hfa%2FpvNT4QbKBXQj%2Fw%2FcAPGuvSiESPVoIgaPqQ%2BXEvaPb8ZhQ2g1aEkfm%2Fts6DpR748Jy8BMmnzx8%2FjCBZjSx9dFPYQaHzt99PnaKFNhjyo0%2BzQabLDOmyTIyHJDtaTEPb0%2FWfobPDOTD08N%2FBWE6J9%2FQPxNnRghLx8PACNFYQGWL%2BAsphDaFqSFqD6XuQ%2FJQAjOPWFrL0wS1tSrpz4dKZOyWXn%2F0FWU7J5d9fRpY%2BXFNy1LirlSukzixGSQU5qiH7NXJ3gmL3EmR5AlZ8DcmfkJVnm8jSgy2rNCSv5stLWUMmNZQYg1oPbvZJDy7x4HIPKT9rdFjU7fJui1PBWBgnQTeJkqhHmZ8wf7UXwrEZ3hhFPgZTYzCzh9zsYSDHMO4X2O0KlnuwxZR4H%2B9hyCuUgqC0BCUlKCVBWRCUw%2BqQKxva6gFX1sXBIoeLvFpNdNHfp4e66IuM7Ofn5Or8Ln%2B3NQbirBGGEeURDaI4ioMWCzphO0k6fkuwdicUtA0rK0h7ab7qrjy9liOXpy%2B%2BipiewKoTMHkV1L0GWk46oQ%2B6PYm6PnazR1zk2soikUrYJtMpuK6QF5dR7Hj76py8Mud44%2BnrEOwxWQSYqZCbCl%2FKXwn66v7kji7JwR1dWvLjVl7IVO7S2b%2B7W9BCXPn%2BQ7FTasM3btrxdzfYzJiVx58IW2zSjMusb8kPa5JzYda1YYL8tGE%2FE%2FFtZ7fXnMlcvnn7vfWNNDfCWqmzGlSeftUGk1Ny5cbh%2FFVe%2B7MNaWoYVyF1S1Kpa7B8DzZf9qwmMGqp49xD6aqJCeNlU0kCJZaaxhXsf3S8rPftffSNB1rcQ5ZWGJoKQ1WBqjGse25S5Obxu7%2BtzgOx8iaxMt5BrIz69uK0Vp41REe0e73Ijzrc9%2BOIh2HQEoyuRrRHwzDpoLBTPkie%2FAMAAP%2F%2FAQAA%2F%2F864yrSYgQAAA%3D%3D

173.233.139.164

200 OK

7 B

URL GET HTTP/1.1
variedpretenceclasped.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2%2FcRBTHx6XqAbiUckECtDdAQhvb8f6iB9RQgiJCU1oQ3NB4ZrwZduyxZjzrTcQhohLqcfkPnO8mjYCoKn8ACDncKlXKcsqBHJD6ByBQz2g3KxaeZL33fd93%2BLzn%2BWbfnRMfjp6tf6R3pVJ0pdX0G29%2BHgTXG5syc6PGqNv%2Boh1db5jhO4Hfa%2FpvNT4QbKBXQj%2Fw%2FcAPGuvSiESPVoIgaPqQ%2BXEvaPb8ZhQ2g1aEkfm%2Fts6DpR748Jy8BMmnzx8%2FjCBZjSx9dFPYQaHzt99PnaKFNhjyo0%2BzQabLDOmyTIyHJDtaTEPb0%2FWfobPDOTD08N%2FBWE6J9%2FQPxNnRghLx8PACNFYQGWL%2BAsphDaFqSFqD6XuQ%2FJQAjOPWFrL0wS1tSrpz4dKZOyWXn%2F0FWU7J5d9fRpY%2BXFNy1LirlSukzixGSQU5qiH7NXJ3gmL3EmR5AlZ8DcmfkJVnm8jSgy2rNCSv5stLWUMmNZQYg1oPbvZJDy7x4HIPKT9rdFjU7fJui1PBWBgnQTeJkqhHmZ8wf7UXwrEZ3hhFPgZTYzCzh9zsYSDHMO4X2O0KlnuwxZR4H%2B9hyCuUgqC0BCUlKCVBWRCUw%2BqQKxva6gFX1sXBIoeLvFpNdNHfp4e66IuM7Ofn5Or8Ln%2B3NQbirBGGEeURDaI4ioMWCzphO0k6fkuwdicUtA0rK0h7ab7qrjy9liOXpy%2B%2BipiewKoTMHkV1L0GWk46oQ%2B6PYm6PnazR1zk2soikUrYJtMpuK6QF5dR7Hj76py8Mud44%2BnrEOwxWQSYqZCbCl%2FKXwn66v7kji7JwR1dWvLjVl7IVO7S2b%2B7W9BCXPn%2BQ7FTasM3btrxdzfYzJiVx58IW2zSjMusb8kPa5JzYda1YYL8tGE%2FE%2FFtZ7fXnMlcvnn7vfWNNDfCWqmzGlSeftUGk1Ny5cbh%2FFVe%2B7MNaWoYVyF1S1Kpa7B8DzZf9qwmMGqp49xD6aqJCeNlU0kCJZaaxhXsf3S8rPftffSNB1rcQ5ZWGJoKQ1WBqjGse25S5Obxu7%2BtzgOx8iaxMt5BrIz69uK0Vp41REe0e73Ijzrc9%2BOIh2HQEoyuRrRHwzDpoLBTPkie%2FAMAAP%2F%2FAQAA%2F%2F864yrSYgQAAA%3D%3D
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2%2FcRBTHx6XqAbiUckECtDdAQhvb8f6iB9RQgiJCU1oQ3NB4ZrwZduyxZjzrTcQhohLqcfkPnO8mjYCoKn8ACDncKlXKcsqBHJD6ByBQz2g3KxaeZL33fd93%2BLzn%2BWbfnRMfjp6tf6R3pVJ0pdX0G29%2BHgTXG5syc6PGqNv%2Boh1db5jhO4Hfa%2FpvNT4QbKBXQj%2Fw%2FcAPGuvSiESPVoIgaPqQ%2BXEvaPb8ZhQ2g1aEkfm%2Fts6DpR748Jy8BMmnzx8%2FjCBZjSx9dFPYQaHzt99PnaKFNhjyo0%2BzQabLDOmyTIyHJDtaTEPb0%2FWfobPDOTD08N%2FBWE6J9%2FQPxNnRghLx8PACNFYQGWL%2BAsphDaFqSFqD6XuQ%2FJQAjOPWFrL0wS1tSrpz4dKZOyWXn%2F0FWU7J5d9fRpY%2BXFNy1LirlSukzixGSQU5qiH7NXJ3gmL3EmR5AlZ8DcmfkJVnm8jSgy2rNCSv5stLWUMmNZQYg1oPbvZJDy7x4HIPKT9rdFjU7fJui1PBWBgnQTeJkqhHmZ8wf7UXwrEZ3hhFPgZTYzCzh9zsYSDHMO4X2O0KlnuwxZR4H%2B9hyCuUgqC0BCUlKCVBWRCUw%2BqQKxva6gFX1sXBIoeLvFpNdNHfp4e66IuM7Ofn5Or8Ln%2B3NQbirBGGEeURDaI4ioMWCzphO0k6fkuwdicUtA0rK0h7ab7qrjy9liOXpy%2B%2BipiewKoTMHkV1L0GWk46oQ%2B6PYm6PnazR1zk2soikUrYJtMpuK6QF5dR7Hj76py8Mud44%2BnrEOwxWQSYqZCbCl%2FKXwn66v7kji7JwR1dWvLjVl7IVO7S2b%2B7W9BCXPn%2BQ7FTasM3btrxdzfYzJiVx58IW2zSjMusb8kPa5JzYda1YYL8tGE%2FE%2FFtZ7fXnMlcvnn7vfWNNDfCWqmzGlSeftUGk1Ny5cbh%2FFVe%2B7MNaWoYVyF1S1Kpa7B8DzZf9qwmMGqp49xD6aqJCeNlU0kCJZaaxhXsf3S8rPftffSNB1rcQ5ZWGJoKQ1WBqjGse25S5Obxu7%2BtzgOx8iaxMt5BrIz69uK0Vp41REe0e73Ijzrc9%2BOIh2HQEoyuRrRHwzDpoLBTPkie%2FAMAAP%2F%2FAQAA%2F%2F864yrSYgQAAA%3D%3D HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:50 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f3a141e819104c9cce38db8ae9211c6
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.barscreative1.com/sb/notifications/software/us/norton/2/index.html

45.133.44.3

200 OK

804 B

URL GET HTTP/2
cdn.barscreative1.com/sb/notifications/software/us/norton/2/index.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint0B:AE:8A:C0:29:EA:B0:86:29:66:F6:7E:76:63:66:57:38:88:FC:E6
ValidityMon, 15 May 2023 04:01:53 GMT - Sun, 13 Aug 2023 04:01:52 GMT

File type
HTML document text\012- HTML document, ASCII text
Size
804 B (804 bytes)
Hash
5264ee23b6803337c31a65123f58d9f0
947ec0f6c79d346800f121e2dd05e9bf185054a0
0ead8c7ce2c7377ad0864411df8851a4e8617b68d648610f9c9b1638dba048ba

HTTP Headers

GET /sb/notifications/software/us/norton/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: text/html; charset=utf-8
content-length: 804
server: nginx/1.17.6
last-modified: Wed, 17 Feb 2021 11:42:49 GMT
etag: "602d0139-324"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Mon, 22 May 2023 13:57:51 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1

143.204.55.91

200 OK

0 B

URL POST HTTP/2
t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
IP
143.204.55.91:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /?sid=140&o=3&b=2&p=1&t=1 HTTP/1.1
Host: t.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
content-type: application/json
content-length: 0
server: nginx/1.20.0
date: Mon, 22 May 2023 12:57:51 GMT
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DGeq8dqQmgEYtlo8wKxLTBjUWucJdjuPki4f1JrLPoyEdKcZLQAlvg==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2

variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Findex.html&l=804&fd=199

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Findex.html&l=804&fd=199
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Findex.html&l=804&fd=199 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

c.mgid.com/widget-ssp-performance?time=117

104.19.135.78

43 B

URL
c.mgid.com/widget-ssp-performance?time=117
IP
104.19.135.78:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

HTTP Headers

GET /widget-ssp-performance?time=117 HTTP/1.1
Host: c.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Cookie: __cf_bm=rS1Ws8Q8eAtYDIKJM.jzbbaU.v2hifzj7_X98j463kU-1684760269-0-ATUoub/EGup6UA4ILRmhus3cjtyp1II8TaIzTrc8WS1MfdG2hK3RhhnhdiLVFZSIrD+MP6xEjZ/h7YCtMcEBahw=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 22 May 2023 12:57:50 GMT
content-type: image/gif
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cb53a2af83cb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=d

88.198.136.234

204 No Content

0 B

URL GET HTTP/2
notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=d
IP
88.198.136.234:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tags?tag_id=46445&timezone_olson=UTC&version_name=d HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Mon, 22 May 2023 12:57:51 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

ontosocietyweary.com/pixel/pure

173.233.137.60

204 No Content

0 B

URL OPTIONS HTTP/1.1
ontosocietyweary.com/pixel/pure
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectontosocietyweary.com
Fingerprint23:8E:D7:B8:76:99:AB:94:CB:5E:65:42:A9:B3:CA:11:59:80:B3:5B
ValidityMon, 01 May 2023 19:23:36 GMT - Sun, 30 Jul 2023 19:23:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

OPTIONS /pixel/pure HTTP/1.1
Host: ontosocietyweary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

ontosocietyweary.com/pixel/pure

173.233.139.164

204 No Content

0 B

URL OPTIONS HTTP/1.1
ontosocietyweary.com/pixel/pure
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectontosocietyweary.com
Fingerprint23:8E:D7:B8:76:99:AB:94:CB:5E:65:42:A9:B3:CA:11:59:80:B3:5B
ValidityMon, 01 May 2023 19:23:36 GMT - Sun, 30 Jul 2023 19:23:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /pixel/pure HTTP/1.1
Host: ontosocietyweary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/notifications/software/us/norton/2/img/close.png

172.64.196.23

200 OK

1.8 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/img/close.png
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1778 bytes)
Hash
c1b8f53c3afa0fdd5be48e6bfdbbb6fa
eeb2cd8d17e3abe135865be77330b8519f6bceb2
8f5d7d0bf69b5fcb8a110dd7c79948e70c860440b6ecc803a20ababe193a1af0

HTTP Headers

GET /sb/notifications/software/us/norton/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: image/png
content-length: 1778
last-modified: Wed, 17 Feb 2021 11:45:12 GMT
etag: "602d01c8-6f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 16239196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdr3es1Sal%2BUe3iPbsRLPIm1Yhqv3WEJJo03AmQXv1O0pQou3aSitq0RPA1G44Wmi9SvjmipBA%2F5WZdSLeQtvoxrHii5GfKMMkqrdMSb2sDdCGaGEPD11DONaeZ8Gtt9%2Bozs8NV2Ak%2FY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f9829744b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/2/img/bg.jpg

172.64.196.23

200 OK

33 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/img/bg.jpg
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=90, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=728], progressive, precision 8, 728x90, components 3\012- data
Size
33 kB (32917 bytes)
Hash
f4775713c42703127f645bd02cfaf1e9
8a6b3f5145c9f30b89075d1ef9db6f652b2ad0f0
7e4698ab34d23b2c4fdaddb6643379e37fe13c2620ff21e2ce7f6ac2812b4f60

HTTP Headers

GET /sb/notifications/software/us/norton/2/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: image/jpeg
content-length: 32917
last-modified: Wed, 17 Feb 2021 11:45:12 GMT
etag: "602d01c8-8095"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 16239196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QLFp%2F8tre2NzxDtRJspvw%2BiYvjP3GNCa4BU97UbYKCWE8wUdK%2BolTnhk4BG29Y4txFyT%2BD5gWeTj8eZVIXf5TFE4qQoak9J94NqYBpHOVphnB7sFggIRut%2Bafj8AmAPqSPqcgZAU6pLa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f9826744b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

tags.h12-media.com/load2.js

154.51.131.168

200 OK

76 kB

URL GET HTTP/2
tags.h12-media.com/load2.js
IP
154.51.131.168:443
ASN
#174 COGENT-174

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerSectigo Limited
Subject*.h12-media.com
FingerprintC2:8B:6E:AC:62:50:2F:F7:39:39:A2:49:DD:3E:56:08:DC:6E:2E:3F
ValidityMon, 10 Oct 2022 00:00:00 GMT - Mon, 18 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
76 kB (76315 bytes)
Hash
45595a0a1e2419e734b0637847c17f19
0d3bb5287010fde22f9fa763cc7bc2b6013174a3
647cdfbb012b539f5af58374f519fcd1bf9d9e5330f43026cbf3df02118ed10b

HTTP Headers

GET /load2.js HTTP/1.1
Host: tags.h12-media.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=86400
content-type: application/javascript
content-encoding: gzip
last-modified: Sat, 10 Dec 2022 17:21:25 GMT
accept-ranges: bytes
etag: "80d8a2d4bbcd91:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ARR/3.0
date: Mon, 22 May 2023 12:57:51 GMT
content-length: 76315
X-Firefox-Spdy: h2

ontosocietyweary.com/pixel/pure

173.233.139.164

204 No Content

0 B

URL OPTIONS HTTP/1.1
ontosocietyweary.com/pixel/pure
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectontosocietyweary.com
Fingerprint23:8E:D7:B8:76:99:AB:94:CB:5E:65:42:A9:B3:CA:11:59:80:B3:5B
ValidityMon, 01 May 2023 19:23:36 GMT - Sun, 30 Jul 2023 19:23:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /pixel/pure HTTP/1.1
Host: ontosocietyweary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fjs%2Fscript.js&l=385&fd=172

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fjs%2Fscript.js&l=385&fd=172
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fjs%2Fscript.js&l=385&fd=172 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/notifications/software/us/norton/2/css/animate.css

172.64.196.23

200 OK

5.4 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/css/animate.css
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text
Size
5.4 kB (5350 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/notifications/software/us/norton/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:45:10 GMT
etag: W/"602d01c6-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EKhgX4N0MU28SET9jT11DjVTEgj%2FvKDzqUR1tHJh0Gm70tMam5sYy22fncg67xoURwR3fxqxUp7uBTVsNyvjv%2FfPCIOIkcYmM4jMSlQcyUzZwlnXw3fYxv5yd%2FdL%2BrvMVi4eI7KLPDCG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f2f99744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

f.h12-media.com/?init=1&rnd=0.3759241711884833

188.114.97.1

200 OK

21 B

URL GET HTTP/2
f.h12-media.com/?init=1&rnd=0.3759241711884833
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjecth12-media.com
Fingerprint3C:CE:0B:53:1E:33:35:39:55:34:9F:B3:CC:AA:FF:F4:12:3B:E2:61
ValidityThu, 27 Apr 2023 01:23:54 GMT - Wed, 26 Jul 2023 01:23:53 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?init=1&rnd=0.3759241711884833 HTTP/1.1
Host: f.h12-media.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: application/json; Charset=UTF-8
content-length: 21
cache-control: max-age=3600,private
access-control-allow-origin: *
x-powered-by: ARR/3.0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d2Nrhw5wxN0qrNgJ%2Bwr1KVMIt6U4F0g3wS0Do7DAC6nQ1fSl%2FSJ0whY9uw4blGdi1Hk9whGAeUdH5gH%2Bv%2BsJjTwmYGpbE6fOS7MTYHkR7VQA4Ica%2Fz2bOkir%2ByIbYCX9JmU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb53a31a8ddb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fstyle.css&l=2372&fd=184

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fstyle.css&l=2372&fd=184
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fstyle.css&l=2372&fd=184 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

4eb28a3478.403960fc42.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDY4MTgyNDQ1NTA1MzA2NjAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS45MSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==

45.133.44.52

200 OK

0 B

URL GET HTTP/2
4eb28a3478.403960fc42.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDY4MTgyNDQ1NTA1MzA2NjAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS45MSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject4eb28a3478.403960fc42.com
FingerprintC5:76:30:5D:34:72:CE:CD:C8:E6:28:7E:7A:F3:4B:55:F8:3D:B2:ED
ValidityFri, 19 May 2023 02:50:26 GMT - Thu, 17 Aug 2023 02:50:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDY4MTgyNDQ1NTA1MzA2NjAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS45MSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ== HTTP/1.1
Host: 4eb28a3478.403960fc42.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=46445

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=46445
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Mon, 22 May 2023 12:57:51 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

ntvpwpush.com/dl/cookies

157.90.84.246

200 OK

924 B

URL GET HTTP/2
ntvpwpush.com/dl/cookies
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type
gzip compressed data, from Unix\012- data
Size
924 B (924 bytes)
Hash
617f3f8921d07ce91d0ce98eba684495
872331433ae737997ce950dbab8e375e23dc264f
0060c16edd052639c0c3b9b742cd1e383aa08794461bb25663cc5617146ced89

HTTP Headers

GET /dl/cookies HTTP/1.1
Host: ntvpwpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 22 May 2023 12:57:51 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

tags.h12-media.com/v3/go.asp?payload=%7B%22mtoken%22%3A%2291.90.42.154%22%2C%22adtype%22%3A%22sticky%22%2C%22adformat%22%3A%22stickybottom%22%2C%22pubid%22%3A%2209c02fc89b6d8063ad17a57bcf09d10b%22%2C%22adunitid%22%3A%2229950%22%2C%22topurl%22%3A%22https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp%22%2C%22docref%22%3A%22%22%2C%22auction%22%3A%221l9up97frloh%22%2C%22pubsubid%22%3Anull%2C%22index%22%3A%221%22%2C%22ishidden%22%3Afalse%2C%22istopwindow%22%3Atrue%2C%22isscrollable%22%3Atrue%2C%22dayofweek%22%3A1%2C%22hourofday%22%3A12%2C%22clang%22%3A%22en-US%22%2C%22docdir%22%3A%22LTR%22%2C%22cdims%22%3A%5B1280%2C1024%5D%2C%22ddims%22%3A%5B1280%2C1198%5D%2C%22sbars%22%3A%5B0%2C0%5D%2C%22endpoint%22%3A%22https%3A%2F%2Ftags.h12-media.com%22%2C%22coords%22%3A%5B390%2C-12%5D%2C%22pwidth%22%3A%5B100%2C500%2C1280%5D%2C%22pheight%22%3A%5Bnull%2C0%2C1198%2C1024%5D%2C%22maxwidth%22%3A1280%2C%22maxheight%22%3A1024%7D&rnd=0.2275857179100943

154.51.131.168

589 B

URL
tags.h12-media.com/v3/go.asp?payload=%7B%22mtoken%22%3A%2291.90.42.154%22%2C%22adtype%22%3A%22sticky%22%2C%22adformat%22%3A%22stickybottom%22%2C%22pubid%22%3A%2209c02fc89b6d8063ad17a57bcf09d10b%22%2C%22adunitid%22%3A%2229950%22%2C%22topurl%22%3A%22https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp%22%2C%22docref%22%3A%22%22%2C%22auction%22%3A%221l9up97frloh%22%2C%22pubsubid%22%3Anull%2C%22index%22%3A%221%22%2C%22ishidden%22%3Afalse%2C%22istopwindow%22%3Atrue%2C%22isscrollable%22%3Atrue%2C%22dayofweek%22%3A1%2C%22hourofday%22%3A12%2C%22clang%22%3A%22en-US%22%2C%22docdir%22%3A%22LTR%22%2C%22cdims%22%3A%5B1280%2C1024%5D%2C%22ddims%22%3A%5B1280%2C1198%5D%2C%22sbars%22%3A%5B0%2C0%5D%2C%22endpoint%22%3A%22https%3A%2F%2Ftags.h12-media.com%22%2C%22coords%22%3A%5B390%2C-12%5D%2C%22pwidth%22%3A%5B100%2C500%2C1280%5D%2C%22pheight%22%3A%5Bnull%2C0%2C1198%2C1024%5D%2C%22maxwidth%22%3A1280%2C%22maxheight%22%3A1024%7D&rnd=0.2275857179100943
IP
154.51.131.168:0
ASN
#174 COGENT-174

Certificate
IssuerSectigo Limited
Subject*.h12-media.com
FingerprintC2:8B:6E:AC:62:50:2F:F7:39:39:A2:49:DD:3E:56:08:DC:6E:2E:3F
ValidityMon, 10 Oct 2022 00:00:00 GMT - Mon, 18 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (576), with CRLF line terminators
Size
589 B (589 bytes)
Hash
7b4aa6144db4fe29d1e2e01f6f385fa0
3f0d3bc9b43637b4e8cf5b5922b6626954d09392
243fb02ea55ae0cdd584e0868d1b60d8252aa09687a32e817db973b0127b8d77

HTTP Headers

GET /v3/go.asp?payload=%7B%22mtoken%22%3A%2291.90.42.154%22%2C%22adtype%22%3A%22sticky%22%2C%22adformat%22%3A%22stickybottom%22%2C%22pubid%22%3A%2209c02fc89b6d8063ad17a57bcf09d10b%22%2C%22adunitid%22%3A%2229950%22%2C%22topurl%22%3A%22https%3A%2F%2Fdfiles.eu%2Fru%2Ffiles%2Fnov2502tp%22%2C%22docref%22%3A%22%22%2C%22auction%22%3A%221l9up97frloh%22%2C%22pubsubid%22%3Anull%2C%22index%22%3A%221%22%2C%22ishidden%22%3Afalse%2C%22istopwindow%22%3Atrue%2C%22isscrollable%22%3Atrue%2C%22dayofweek%22%3A1%2C%22hourofday%22%3A12%2C%22clang%22%3A%22en-US%22%2C%22docdir%22%3A%22LTR%22%2C%22cdims%22%3A%5B1280%2C1024%5D%2C%22ddims%22%3A%5B1280%2C1198%5D%2C%22sbars%22%3A%5B0%2C0%5D%2C%22endpoint%22%3A%22https%3A%2F%2Ftags.h12-media.com%22%2C%22coords%22%3A%5B390%2C-12%5D%2C%22pwidth%22%3A%5B100%2C500%2C1280%5D%2C%22pheight%22%3A%5Bnull%2C0%2C1198%2C1024%5D%2C%22maxwidth%22%3A1280%2C%22maxheight%22%3A1024%7D&rnd=0.2275857179100943 HTTP/1.1
Host: tags.h12-media.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-store,no-cache,max-age=0,private
content-type: application/x-javascript; Charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-credentials: true
access-control-allow-origin: 
srg-x: x-.175
x-powered-by: ARR/3.0
date: Mon, 22 May 2023 12:57:51 GMT
content-length: 589
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=46445

157.90.84.242

200 OK

27 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=46445
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type
JSON data\012- , ASCII text
Size
27 B (27 bytes)
Hash
c4bea7951aaa542768f63f72d171ff83
7f57b3ce5d3a9bb0a15c32b34745b0214710e185
d4fbb24457a99cbf28127e8a416979ca0f2ab97c64a59b8d38760c40d4934756

HTTP Headers

POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23167
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=14935058078340698406; Expires=Tue, 21 May 2024 12:57:51 GMT; Secure; SameSite=None
Vary: Origin

variedpretenceclasped.com/pixel/sbs?c=1

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
variedpretenceclasped.com/pixel/sbs?c=1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fanimate.css&l=79249&fd=184

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
variedpretenceclasped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fanimate.css&l=79249&fd=184
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F2%2Fcss%2Fanimate.css&l=79249&fd=184 HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e75028aa978f3adbc0c3b3752e5fdea0
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=10c6fe0f-f0e2-4755-8fd7-ca594429b2ca&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:51 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c7a4a73f9fd2f27509aea1465bc12ffa
Strict-Transport-Security: max-age=0; includeSubdomains

variedpretenceclasped.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz24cRRDGe0KUA3AJ4YIEaG%2BAhNYz49k%2FJgcUE4wsTBwSENxQT3fPutie6VH3zM7a4mARCeW4vMH4WzsWYEXhAUBozS1SJC8nH%2FABKQ%2BAQDmjXVsslDSq%2Buqrw69q%2Bpu98oz5KPnp2kdmh7TmS62m33jz8yC43tigrBw2ht32F%2B3oesMO3gn8lab%2FVuMDJfpmKfQD3w%2F8oLFGViVmuBQEQdMH5UcrQXPFb0ZhM2hFGNr%2Fa1d6cNyDHJyxl0By%2BvzRwwgkJsjSRzeV6xcmf%2Fv9tNS8MBYDefhp1s9MlSFdlIn1kGSHF9Mw7mTtZ5jsYA4MM%2Fh3MKYp857%2BgTg7vKBEPDg4B401VIZYvoBqMIHSExCfQJh7IHnCACFxaxNZ%2BuCWsRXfPnf5zJ2yy8%2F%2BAlVTdvn3l5GlD1c1DRt3jS4LMpnDMKlBwwmoN0FeHqPYuQSqjiGKr0HyCVt6toEs3d902oBkPV%2BeaAJKJtBqBO48lLOPPJSJhzL3kMrTRkdE3a7stiRXQoRxEnSTKIlWuPAT4S%2BvhCjFDG%2BEIh9B6BGE3UVud9GnEWz5C9xWDSc9uGLKvI93MZA1KsVQOYaKM1TEUBUM1aA%2BkNqFrn4gtSvj4CKHF3m5Hpuit8cPTNFTGdvLz9jV%2BV3%2Bbhv01WkjDCMuIx5EcRQHLRF0wnaSdPyWEu1OqHgbjmqQuzRfdYdOruXI6eTFVxHzYzh9DEFXwcvXwKtxJ%2FTBt8ZR18dO9kiq3DgqEtLKNYVJIU2NvLiMYtvb02fslTnHG09fhxKP2UVA2Bq5rfEl%2FcrQ0%2FfHd0zF9u%2BYyrEfN%2FOCUtrhs393t%2BCFuvL9h2q7Mlau33Sj726ImTErjz5RrtjgmaSs59gPqySlsmvGCsV%2BWnefqfh26bZWS5uV%2Bcbt99bW09wq58hkE3A6%2BaoNQVN25cbB%2FFVe%2B7MNshPYskZaLkjJTCDyXbh80XOGweqFjnMPVVmPbRgvmpoYtFpoHtdw%2F9Hxot5z99GzHnhxD1laY2BrDHQNrkdw5XPjIreP3%2F1teR6ItTeOtfX2Y231t%2BendXTaEMJXPIg7gVJStZaFiNqiG7eT5aijui3ZQuGmsp88%2BQcAAP%2F%2FAQAA%2F%2F%2FFxILCYgQAAA%3D%3D

192.243.59.20

200 OK

7 B

URL GET HTTP/1.1
variedpretenceclasped.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz24cRRDGe0KUA3AJ4YIEaG%2BAhNYz49k%2FJgcUE4wsTBwSENxQT3fPutie6VH3zM7a4mARCeW4vMH4WzsWYEXhAUBozS1SJC8nH%2FABKQ%2BAQDmjXVsslDSq%2Buqrw69q%2Bpu98oz5KPnp2kdmh7TmS62m33jz8yC43tigrBw2ht32F%2B3oesMO3gn8lab%2FVuMDJfpmKfQD3w%2F8oLFGViVmuBQEQdMH5UcrQXPFb0ZhM2hFGNr%2Fa1d6cNyDHJyxl0By%2BvzRwwgkJsjSRzeV6xcmf%2Fv9tNS8MBYDefhp1s9MlSFdlIn1kGSHF9Mw7mTtZ5jsYA4MM%2Fh3MKYp857%2BgTg7vKBEPDg4B401VIZYvoBqMIHSExCfQJh7IHnCACFxaxNZ%2BuCWsRXfPnf5zJ2yy8%2F%2BAlVTdvn3l5GlD1c1DRt3jS4LMpnDMKlBwwmoN0FeHqPYuQSqjiGKr0HyCVt6toEs3d902oBkPV%2BeaAJKJtBqBO48lLOPPJSJhzL3kMrTRkdE3a7stiRXQoRxEnSTKIlWuPAT4S%2BvhCjFDG%2BEIh9B6BGE3UVud9GnEWz5C9xWDSc9uGLKvI93MZA1KsVQOYaKM1TEUBUM1aA%2BkNqFrn4gtSvj4CKHF3m5Hpuit8cPTNFTGdvLz9jV%2BV3%2Bbhv01WkjDCMuIx5EcRQHLRF0wnaSdPyWEu1OqHgbjmqQuzRfdYdOruXI6eTFVxHzYzh9DEFXwcvXwKtxJ%2FTBt8ZR18dO9kiq3DgqEtLKNYVJIU2NvLiMYtvb02fslTnHG09fhxKP2UVA2Bq5rfEl%2FcrQ0%2FfHd0zF9u%2BYyrEfN%2FOCUtrhs393t%2BCFuvL9h2q7Mlau33Sj726ImTErjz5RrtjgmaSs59gPqySlsmvGCsV%2BWnefqfh26bZWS5uV%2Bcbt99bW09wq58hkE3A6%2BaoNQVN25cbB%2FFVe%2B7MNshPYskZaLkjJTCDyXbh80XOGweqFjnMPVVmPbRgvmpoYtFpoHtdw%2F9Hxot5z99GzHnhxD1laY2BrDHQNrkdw5XPjIreP3%2F1teR6ItTeOtfX2Y231t%2BendXTaEMJXPIg7gVJStZaFiNqiG7eT5aijui3ZQuGmsp88%2BQcAAP%2F%2FAQAA%2F%2F%2FFxILCYgQAAA%3D%3D
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectvariedpretenceclasped.com
Fingerprint26:F6:63:63:F7:8E:F8:78:5E:BB:DE:6D:EE:90:20:BE:4B:2A:87:58
ValidityFri, 28 Apr 2023 01:21:14 GMT - Thu, 27 Jul 2023 01:21:13 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz24cRRDGe0KUA3AJ4YIEaG%2BAhNYz49k%2FJgcUE4wsTBwSENxQT3fPutie6VH3zM7a4mARCeW4vMH4WzsWYEXhAUBozS1SJC8nH%2FABKQ%2BAQDmjXVsslDSq%2Buqrw69q%2Bpu98oz5KPnp2kdmh7TmS62m33jz8yC43tigrBw2ht32F%2B3oesMO3gn8lab%2FVuMDJfpmKfQD3w%2F8oLFGViVmuBQEQdMH5UcrQXPFb0ZhM2hFGNr%2Fa1d6cNyDHJyxl0By%2BvzRwwgkJsjSRzeV6xcmf%2Fv9tNS8MBYDefhp1s9MlSFdlIn1kGSHF9Mw7mTtZ5jsYA4MM%2Fh3MKYp857%2BgTg7vKBEPDg4B401VIZYvoBqMIHSExCfQJh7IHnCACFxaxNZ%2BuCWsRXfPnf5zJ2yy8%2F%2BAlVTdvn3l5GlD1c1DRt3jS4LMpnDMKlBwwmoN0FeHqPYuQSqjiGKr0HyCVt6toEs3d902oBkPV%2BeaAJKJtBqBO48lLOPPJSJhzL3kMrTRkdE3a7stiRXQoRxEnSTKIlWuPAT4S%2BvhCjFDG%2BEIh9B6BGE3UVud9GnEWz5C9xWDSc9uGLKvI93MZA1KsVQOYaKM1TEUBUM1aA%2BkNqFrn4gtSvj4CKHF3m5Hpuit8cPTNFTGdvLz9jV%2BV3%2Bbhv01WkjDCMuIx5EcRQHLRF0wnaSdPyWEu1OqHgbjmqQuzRfdYdOruXI6eTFVxHzYzh9DEFXwcvXwKtxJ%2FTBt8ZR18dO9kiq3DgqEtLKNYVJIU2NvLiMYtvb02fslTnHG09fhxKP2UVA2Bq5rfEl%2FcrQ0%2FfHd0zF9u%2BYyrEfN%2FOCUtrhs393t%2BCFuvL9h2q7Mlau33Sj726ImTErjz5RrtjgmaSs59gPqySlsmvGCsV%2BWnefqfh26bZWS5uV%2Bcbt99bW09wq58hkE3A6%2BaoNQVN25cbB%2FFVe%2B7MNshPYskZaLkjJTCDyXbh80XOGweqFjnMPVVmPbRgvmpoYtFpoHtdw%2F9Hxot5z99GzHnhxD1laY2BrDHQNrkdw5XPjIreP3%2F1teR6ItTeOtfX2Y231t%2BendXTaEMJXPIg7gVJStZaFiNqiG7eT5aijui3ZQuGmsp88%2BQcAAP%2F%2FAQAA%2F%2F%2FFxILCYgQAAA%3D%3D HTTP/1.1
Host: variedpretenceclasped.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 22 May 2023 12:57:52 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 90436beeeee8b21124342438fe89e5f9
Strict-Transport-Security: max-age=0; includeSubdomains

jsc.mgid.com/d/e/depositfiles.com.3334.es6.js

104.19.135.78

200 OK

299 kB

URL GET HTTP/3
jsc.mgid.com/d/e/depositfiles.com.3334.es6.js
IP
104.19.135.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint44:BF:9D:AD:98:A7:1A:F2:1D:18:EF:4E:3E:BE:C0:D8:28:4D:9F:04
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (28223)
Size
299 kB (299407 bytes)
Hash
97660e5839023ac7070454a69b547c84
259fe847d9edff21a1c949f2040d6db77f4d959a
f386013936fc0f58dbbbf6a5fe9317b1545712335a635adcacee40f472c5ecc0

HTTP Headers

GET /d/e/depositfiles.com.3334.es6.js HTTP/1.1
Host: jsc.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Cookie: __cf_bm=rS1Ws8Q8eAtYDIKJM.jzbbaU.v2hifzj7_X98j463kU-1684760269-0-ATUoub/EGup6UA4ILRmhus3cjtyp1II8TaIzTrc8WS1MfdG2hK3RhhnhdiLVFZSIrD+MP6xEjZ/h7YCtMcEBahw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 22 May 2023 12:57:50 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=299408
etag: W/"21dee075f363ccb5e178d032d3e4c9ef"
last-modified: Thu, 11 May 2023 07:52:34 GMT
x-amz-id-2: ZhCwkngeiCYxUCArlio+g4DFH3nwEgBo+t0+HgvyCAo8pIa8RIkhQOa+itLHc1s6VDcoeWsJPps=
x-amz-request-id: D3H9S9V8GJS8335K
x-amz-server-side-encryption: AES256
x-amz-version-id: ZRiou4PhIu1qmUsCctae6SvwJ_hznVWQ
cf-cache-status: HIT
age: 2928
expires: Mon, 22 May 2023 15:57:50 GMT
cache-control: public, max-age=10800
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a298d66b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.creative-bars1.com/sb/notifications/software/us/norton/2/js/script.js

172.64.196.23

200 OK

385 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/js/script.js
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text, with very long lines (399), with no line terminators
Size
385 B (385 bytes)
Hash
1cefc33777b8bee6b7fcc27b0ecbd6f8
019bb2f304ef537ce1764a91d5cf3aae361b1f08
a7daa6a82a2edc4563c1e9b8962007248d693996475caca0fa546266adf0ae9b

HTTP Headers

GET /sb/notifications/software/us/norton/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:45:10 GMT
etag: W/"602d01c6-181"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDRC3Nn1uyNASn%2FWWvxIr3ThQjfo%2FT3pUSaWIV529xSTYMTqM%2BFujc0KrBAAesCyKk%2BsBqOCMbCEoIry98kBfL%2BUvj5w4dJhBn%2B3KRHiHYG0Ee3263R9IcHAmw9roltzA4FTc0bgJZa3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f1f93744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

js.wpadmngr.com/static/adManager.m.js

45.133.44.52

200 OK

158 kB

URL GET HTTP/2
js.wpadmngr.com/static/adManager.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT

File type

Size
158 kB (158096 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:49 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 19 May 2023 08:16:51 GMT
etag: W/"64673073-26990"
content-encoding: gzip
expires: Mon, 22 May 2023 13:02:49 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

loader.unblockia.com/c/dfiles.eu/config.json

143.204.55.84

200 OK

47 kB

URL GET HTTP/2
loader.unblockia.com/c/dfiles.eu/config.json
IP
143.204.55.84:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (46747), with no line terminators
Size
47 kB (46747 bytes)
Hash
f365c1e4619a90bbadadacf55598fe90
1623c939b72aecd3831e1da35e4c0a5229383e91
23e2e4d868bb2652b97e9e13d36df1dfeeba338d4e9c4d1d737fba6b2b2b2d52

HTTP Headers

GET /c/dfiles.eu/config.json HTTP/1.1
Host: loader.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 46747
last-modified: Fri, 12 May 2023 12:21:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 9pI8Ts97IpPXbRP2Kcl6CF4_Ph.rjMBr
accept-ranges: bytes
server: AmazonS3
date: Mon, 22 May 2023 01:12:28 GMT
etag: "f365c1e4619a90bbadadacf55598fe90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vJcDgsNhBsdhSkdSf0TNxr58Tnc17YyBvxfwBrcgFZWPQqOOD8DJiA==
age: 42322
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2

addresseepaper.com/sfp.js

0.0.0.0

0 B

URL GET
addresseepaper.com/sfp.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://dfiles.eu/ru/files/nov2502tp

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L3J1L2ZpbGVzL25vdjI1MDJ0cA==

172.67.70.21

200 OK

452 B

URL GET HTTP/2
cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L3J1L2ZpbGVzL25vdjI1MDJ0cA==
IP
172.67.70.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
HTML document text\012- troff or preprocessor input, ASCII text, with very long lines (513), with no line terminators
Size
452 B (452 bytes)
Hash
15807b5f72ebca61bb67f7197bd14407
c4ee8958299c0598ae13031f0befff3de37199de
144fe7f43f83d7e0cd37808377416e2b2a28aec3378cf39826388b66a59b44c3

HTTP Headers

GET /v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L3J1L2ZpbGVzL25vdjI1MDJ0cA== HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: application/json; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"1c4-LpFxL73nf3KFRklydhgakDaA7tM"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OUd0rpTeqk0rLXXfmbrMo9aHBUSMOGreeN6ZCIUz4rcn%2FWXB3lAYwK9%2F1N3p2FebVnmXQie5eTfs1BHpM%2B2kbztkATqyIB56SEr2ynX5gxGQIxV94Jxldm3rQ6R71wveJYyfDflo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cb53a2d7acc0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/2/css/style.css

172.64.196.23

200 OK

2.4 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/2/css/style.css
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text, with very long lines (2538), with no line terminators
Size
2.4 kB (2372 bytes)
Hash
b5fcf7e48c7dd63878242c0038988bf6
a9bb6985239bf8eb306691270b0d5ed343b695a2
6e2028f121f5308dd3a290b1d3c7584467ed1d91cf1abb7ae31e462206759235

HTTP Headers

GET /sb/notifications/software/us/norton/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:45:09 GMT
etag: W/"602d01c5-944"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 58034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zWPJGk5QbBYtKZ2gK04qX2izjZrRnWU8x2xtKjutNLjQkWlDrDxImmQwrvBbUiHzsto4ftGEaYYVFCnjhs4%2F1aDOeUsmnqrEoW3215qpzeuX%2Fce%2FBa4%2F4sRaS8rtNSFG9apE50%2BTWrdb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cb53a2f2fa1744b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.unblockia.com/h.js

143.204.55.96

200 OK

166 kB

URL GET HTTP/2
cdn.unblockia.com/h.js
IP
143.204.55.96:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
166 kB (166192 bytes)
Hash
3d75dc8f7c4000ccdac0fff2f09d78a8
9008e9830c5f3a690cbb6cc94ddb34b59fc12677
203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8

HTTP Headers

GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-javascript
date: Mon, 22 May 2023 09:19:59 GMT
last-modified: Mon, 22 May 2023 09:17:35 GMT
etag: W/"3d75dc8f7c4000ccdac0fff2f09d78a8"
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-content-sha256: 3b11cd91ab382736a9ba8e63029f318e3177aa77903aa4fa093a80765fac8c07
x-amz-version-id: gKayxwShEzJAnBjNaPvAM9Fj3A2ZU3Kt
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:6a48fce0-eba0-40cc-8a72-49f5d7d1abde
x-amz-meta-codebuild-content-md5: 60511405d11f9acd0880a4539ae338cb
server: AmazonS3
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VZAWypgL2NA4XVB0dayif0i2HrdLxW2bMZXse5dm3evouDgSQMLbXA==
age: 13070
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

js.wpshsdk.com/npc/sdk/push.m.js?v=1

45.133.44.53

200 OK

67 kB

URL GET HTTP/2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/ru/files/nov2502tp
Certificate
IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT

File type

Size
67 kB (66894 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 22 May 2023 12:57:51 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 05 Apr 2023 13:10:08 GMT
etag: W/"642d7330-1054e"
content-encoding: gzip
expires: Mon, 22 May 2023 13:02:51 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (70)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML