depositfiles.com/files/98urlqtpu/Total-WA.exe
91.226.124.76302 Found 0 B URL User Request GET HTTP/1.1 depositfiles.com/files/98urlqtpu/Total-WA.exe
IP 91.226.124.76:443
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /files/98urlqtpu/Total-WA.exe HTTP/1.1
Host: depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 24 May 2023 04:55:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Location: //dfiles.eu/files/98urlqtpu/Total-WA.exe
dfiles.eu/files/98urlqtpu/Total-WA.exe
91.226.124.80200 OK 6.4 kB URL User Request GET HTTP/1.1 dfiles.eu/files/98urlqtpu/Total-WA.exe
IP 91.226.124.80:443
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (662), with CRLF, CR, LF line terminators
Hash 24e133fc64ae8bd354a14d028987ac14
b09a3b0223dedd4594d067e9e66e2b4a8a733101
c7643eef0f9102544e92505a5607fcd2b269bf4a3d821bf4edb1c36ea2c9b108
GET /files/98urlqtpu/Total-WA.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; path=/; domain=.dfiles.eu
last_file=98urlqtpu; path=/; domain=.dfiles.eu
lang_current=en; expires=Thu, 23-May-2024 04:55:52 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash c74db17f871249d3df054a36ab699f09
2b363e108eb091a4d1c2b762672dd4cebd6c53a9
2a58ed6b6af2bb75f4ce077b241be5668d699c3b2f8ba328db7bf741da02d49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash b177a0b4c4732543dc622b5d30d3f29e
4291249786016059808cb395192d04186b9fe26e
e2bd71d5a4e41775ed06882a32cf1cf344d72e6a04d5b4925050bd73dcc60cba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
142.250.74.132200 OK 557 B URL GET HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.132:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint85:AD:43:66:C0:73:07:1B:B5:5D:4A:83:4B:76:3F:DA:4B:2B:E1:F8
ValidityMon, 24 Apr 2023 12:01:16 GMT - Mon, 17 Jul 2023 12:01:15 GMT
File type ASCII text, with very long lines (850), with no line terminators
Hash b7b728964630ecd7e800d650f14695c5
473f7633fea7e2f828c3df9ab19356286f10a692
f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Wed, 24 May 2023 04:55:53 GMT
date: Wed, 24 May 2023 04:55:53 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.depositfiles.com/js/gold_offer.js
91.226.124.81200 OK 9.9 kB URL GET HTTP/1.1 static.depositfiles.com/js/gold_offer.js
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b
GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 9887
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-269f"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/download_utils.js
91.226.124.81200 OK 13 kB URL GET HTTP/1.1 static.depositfiles.com/js/download_utils.js
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type ASCII text, with very long lines (2250)
Hash 90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea
GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 13383
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-3447"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
142.250.74.168200 OK 86 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
IP 142.250.74.168:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint55:51:32:58:36:72:A1:C8:50:5E:5A:8D:CE:A5:2F:DC:D7:1E:62:03
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT
File type ASCII text, with very long lines (5048)
Hash 0ad5c83f2a9dbd9df298e257bc26e655
bb0c65e4cd346b658700a20e05cbd83bada7e136
043a05b922fa8e94f942f41201abdd141ebd5c0c3f8a52825c80c569f7210756
GET /gtag/js?id=G-BL9163LYG1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 May 2023 04:55:53 GMT
expires: Wed, 24 May 2023 04:55:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.depositfiles.com/js/jquery.validate.js
91.226.124.81200 OK 38 kB URL GET HTTP/1.1 static.depositfiles.com/js/jquery.validate.js
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-957d"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/function.js
91.226.124.81200 OK 35 kB URL GET HTTP/1.1 static.depositfiles.com/js/function.js
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-8863"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/css/main.css
91.226.124.81200 OK 47 kB URL GET HTTP/1.1 static.depositfiles.com/css/main.css
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type ASCII text, with very long lines (332)
Hash af57443dfa4bc2d3299321923ae1c57f
d922badb0ed1d665302cf93268e9960d0a04c065
50d446eade67c33dc4dba74f2f2b7480b5021de5a98bfedc1f10ce5c35d966f3
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: text/css
Last-Modified: Tue, 26 Apr 2022 10:45:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6267cd55-2f719"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
static.depositfiles.com/js/base2.js
91.226.124.81200 OK 399 kB URL GET HTTP/1.1 static.depositfiles.com/js/base2.js
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type Unicode text, UTF-8 text, with very long lines (65481)
Size 399 kB (398927 bytes)
Hash 2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-6164f"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash c74db17f871249d3df054a36ab699f09
2b363e108eb091a4d1c2b762672dd4cebd6c53a9
2a58ed6b6af2bb75f4ce077b241be5668d699c3b2f8ba328db7bf741da02d49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 430d419c6ea6e18afe2b0a88c95427e2
06d04d98d858c0e59d9ade936cbe30b163ace637
d22ecf4f72f3e51345778a5e96d6febf31b2f0ec206ff4e50f4a995418c78540
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
173.233.137.52200 OK 13 kB URL GET HTTP/1.1 pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
File type ASCII text, with very long lines (37164), with no line terminators
Hash ddd6f4ad0d9679db509cc3e44c2b430c
6a9e51dd2cf5227c850a6f8d6ead7b6a56cb7561
55a4c6991087c898fefdb29dc560b36032373817484421abf643fd478e88dfc9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cdd801ca67e962745300e1902be1426c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/speed_small.gif
91.226.124.81200 OK 24 kB URL GET HTTP/1.1 static.depositfiles.com/images/speed_small.gif
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 200 x 200\012- data
Hash 5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991
GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/gif
Content-Length: 23980
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-5dac"
Expires: Mon, 29 May 2023 04:55:53 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/speed_small_gold.gif
91.226.124.81200 OK 14 kB URL GET HTTP/1.1 static.depositfiles.com/images/speed_small_gold.gif
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 200 x 200\012- data
Hash c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9
GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/gif
Content-Length: 14492
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-389c"
Expires: Mon, 29 May 2023 04:55:53 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/yes.png
91.226.124.81200 OK 3.3 kB URL GET HTTP/1.1 static.depositfiles.com/images/yes.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac
GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 3275
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-ccb"
Accept-Ranges: bytes
static.depositfiles.com/images/no.png
91.226.124.81200 OK 3.1 kB URL GET HTTP/1.1 static.depositfiles.com/images/no.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79
GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 3146
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-c4a"
Accept-Ranges: bytes
static.depositfiles.com/images/logo.png
91.226.124.81200 OK 3.6 kB URL GET HTTP/1.1 static.depositfiles.com/images/logo.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-e27"
Accept-Ranges: bytes
static.depositfiles.com/images/member_menu_bg.gif
91.226.124.81200 OK 78 B URL GET HTTP/1.1 static.depositfiles.com/images/member_menu_bg.gif
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-4e"
Expires: Mon, 29 May 2023 04:55:53 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
js.wpadmngr.com/static/adManager.js
45.133.44.53200 OK 9.8 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.js
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT
File type gzip compressed data, from Unix\012- data
Hash 2fe5f3c0aa8662d227137b95805cbb8d
326b83bc343184551bac9dca8bdf2aef7e95c269
e93a6ba1f4aa9929ced2e34853e248eb509eb2637e978f2c7ee2eeac2f15366b
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:53 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Wed, 24 May 2023 05:00:53 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
static.depositfiles.com/images/upload_btn_bg.gif
91.226.124.81200 OK 9.0 kB URL GET HTTP/1.1 static.depositfiles.com/images/upload_btn_bg.gif
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 209 x 75\012- data
Hash 6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b
GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/gif
Content-Length: 9010
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-2332"
Expires: Mon, 29 May 2023 04:55:53 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/sprite.png
91.226.124.81200 OK 37 kB URL GET HTTP/1.1 static.depositfiles.com/images/sprite.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-8fc2"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite64.png
91.226.124.81200 OK 29 kB URL GET HTTP/1.1 static.depositfiles.com/images/sprite64.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Hash e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d
GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 28747
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-704b"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite16.png
91.226.124.81200 OK 28 kB URL GET HTTP/1.1 static.depositfiles.com/images/sprite16.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-6f55"
Accept-Ranges: bytes
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 86c316e2d89a407be1c179a66e808d0c
f3bb320bf5441b6a4759e1d7e0675650dd9b90ec
ba0f3accd8e1400e1a7ca7d562238541719decb97c3bffc257811a162ff0d210
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Wed, 24 May 2023 04:55:53 GMT
Last-Modified: Wed, 24 May 2023 04:05:38 GMT
Server: ECAcc (bsa/EB26)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DyWotMY06Lv20fnG3qvkoSEDMob6QF4aZPrrxFiYpjmcu2aAZeWbJQ==
Age: 3015
simplewebanalysis.com/stats
52.58.93.188200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 52.58.93.188:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 630576afab8fedc4c2e5c5aa7e26b437
21f3b5a7382d3f7a029ad655f3cb8cb1a4b8bc7e
2d9db0dac01aea40b4bea481f146e65721e11377e16877aa98ece27d22089fc0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=2c59d3ef-8c85-4182-ba05-c8a1082a7615:2:1; expires=Sat, 21 May 2033 04:55:54 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
loader.unblockia.com/c/dfiles.eu/config.json
54.230.111.2200 OK 47 kB URL GET HTTP/2 loader.unblockia.com/c/dfiles.eu/config.json
IP 54.230.111.2:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (46747), with no line terminators
Hash f365c1e4619a90bbadadacf55598fe90
1623c939b72aecd3831e1da35e4c0a5229383e91
23e2e4d868bb2652b97e9e13d36df1dfeeba338d4e9c4d1d737fba6b2b2b2d52
GET /c/dfiles.eu/config.json HTTP/1.1
Host: loader.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 46747
last-modified: Fri, 12 May 2023 12:21:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 9pI8Ts97IpPXbRP2Kcl6CF4_Ph.rjMBr
accept-ranges: bytes
server: AmazonS3
date: Wed, 24 May 2023 04:35:46 GMT
etag: "f365c1e4619a90bbadadacf55598fe90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I0pT2zPvNmvvz2iY2Xv6dHuICpjXW12GySLB1iVbf4EIPlhuZx3cuA==
age: 2448
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
adsbb.dfiles.eu//ad.php?z=56&c=NO
91.226.124.76303 See Other 0 B URL GET HTTP/1.1 adsbb.dfiles.eu//ad.php?z=56&c=NO
IP 91.226.124.76:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Thu, 25-May-2023 04:55:53 GMT; Max-Age=86400
Location: /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
91.226.124.76303 See Other 0 B URL GET HTTP/1.1 adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP 91.226.124.76:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Thu, 25-May-2023 04:55:53 GMT; Max-Age=86400
Location: /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
na.nawpush.com/tags/46445?version_name=c
45.133.44.25200 OK 578 B URL GET HTTP/2 na.nawpush.com/tags/46445?version_name=c
IP 45.133.44.25:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectna.nawpush.com
Fingerprint06:8A:2E:29:09:91:41:F0:6E:1C:15:DE:41:23:FB:9C:E4:5B:47:B0
ValidityMon, 03 Apr 2023 01:01:43 GMT - Sun, 02 Jul 2023 01:01:42 GMT
File type JSON data\012- , ASCII text, with very long lines (578), with no line terminators
Hash 48cf99226e98595889e80d389697c90c
6c6f7b9047532c20c72d68b246dafe3db8ca16b5
e81d3360bc9596b20a9ea1289549039c2b4d0350a4cd9122c1578605b56f7055
GET /tags/46445?version_name=c HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: application/json
content-length: 578
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.53200 OK 0 B URL GET HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Wed, 24 May 2023 05:00:54 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 678 B URL GET HTTP/1.1 adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 4087c9bd646dde8dc6df88bc4f20a814
19287743dcb1c746c3456a3810b46d43c1fcfb85
02eee499ca3b1b315d5524f99983da7901c01f9a4f2236bfd1fec897935fb563
GET /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 24 May 2023 04:55:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 677 B URL GET HTTP/1.1 adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash df757cbb5e9114cf42662499cf10b64f
6f6ae6251e75cef168bb19c8a98b565c5c322670
9a039e52d3e6a213d1a14b7d58d5afc881f1b352c35155247ffc94a5973b8c41
GET /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 24 May 2023 04:55:01 GMT
Content-Encoding: gzip
ip2geo.pubfuture-ad.com/detail
104.26.0.97200 OK 33 B URL GET HTTP/2 ip2geo.pubfuture-ad.com/detail
IP 104.26.0.97:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 007af5ffed017e37943df31888ef8666
2877ed4c460ba9164b3625e32502a9d83a2a1d4a
bfb9d45766b6f87ee2c5f55862cdffe168aa7df0ff6ed0917b0fbcb035fdcdd2
GET /detail HTTP/1.1
Host: ip2geo.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: application/json; charset=utf-8
content-length: 33
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"21-KHftTEYLqRZLNiXjJQKp2DoqHUo"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=To6FWoh74lRSS3nOY5CjKm%2BZ0dY46o22wUsiIWCIL9MRZImNHv2xLWwmP77RR0BX0YNn2cUlTovnRVzfQAZ462GPc6Uj%2BQwo7XjP23JceXDd5GEJt1%2Bc%2BA3J59JbfOMLjgJq7wVgMSjr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc2f2f26a21b52d-OSL
X-Firefox-Spdy: h2
illuminatedusing.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
173.233.137.44200 OK 29 kB URL GET HTTP/1.1 illuminatedusing.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP 173.233.137.44:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 657daa112dc743df7794b021b3b57105
74fe2bb7a0a7d89a6c45a7183c5cab7ba1d16684
686e26adaebcdda55871e9edc61fee90bc36b8654111ff139f79a4787d91ecde
Analyzer Verdict Alert quad9 Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b3f62f9cc82bfb10a88bb422b5c80ae2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
52.58.93.188200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 52.58.93.188:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 630576afab8fedc4c2e5c5aa7e26b437
21f3b5a7382d3f7a029ad655f3cb8cb1a4b8bc7e
2d9db0dac01aea40b4bea481f146e65721e11377e16877aa98ece27d22089fc0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=2c59d3ef-8c85-4182-ba05-c8a1082a7615:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76 85 kB URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76 85 kB URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
static.depositfiles.com/images/favicon.ico
91.226.124.81200 OK 318 B URL GET HTTP/1.1 static.depositfiles.com/images/favicon.ico
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-13e"
Accept-Ranges: bytes
adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646d98a5754056438005837364893
91.226.124.76 43 B URL adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646d98a5754056438005837364893
IP 91.226.124.76:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2973&z=58&b=2775&u=646d98a5754056438005837364893 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 0e2a51fc0a704370c246690b8e25c332
28b056e0210c4e5139982c887bbd5b416a7c888e
639b72f46177c45cf6faed4c59c70f988ba038216aceeb1a9734de3364da854d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adsbb.dfiles.eu/view.gif?c=2963&z=56&b=2760&u=646d98a5723999607590445167333
91.226.124.76 43 B URL adsbb.dfiles.eu/view.gif?c=2963&z=56&b=2760&u=646d98a5723999607590445167333
IP 91.226.124.76:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2963&z=56&b=2760&u=646d98a5723999607590445167333 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
142.250.74.35200 OK 167 kB URL GET HTTP/2 www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
IP 142.250.74.35:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type ASCII text, with very long lines (554)
Size 167 kB (166637 bytes)
Hash 213e1a6e418f3df36f2ec077314ef525
7a553e545a48271f3afec47b3ed5f3518cfdd7b4
ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d
GET /recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166637
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 19:21:59 GMT
expires: Wed, 22 May 2024 19:21:59 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 May 2023 04:00:52 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 34435
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
illuminatedusing.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
173.233.137.52200 OK 3.0 kB URL GET HTTP/1.1 illuminatedusing.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
File type JSON data\012- , ASCII text, with very long lines (5439), with no line terminators
Hash 7215f43b7d95fea66ed597221b0458d3
f45525418810b9845679d98bb05d8f933ee81e9a
af7f245b6d63f94c94aa62da2350f0e2c5200c58301c3576cdadae8e9ed0231c
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
uncs=1; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 08177ee95efdca0264cc25f65e15e4e1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 0e2a51fc0a704370c246690b8e25c332
28b056e0210c4e5139982c887bbd5b416a7c888e
639b72f46177c45cf6faed4c59c70f988ba038216aceeb1a9734de3364da854d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dolphinabberantleaflet.com/pixel/purst?dl=0&th=0&sc=0&rs=2580&rd=2580&fd=726&bv=22.10.v.10&tmpl=136
173.233.137.52200 OK 0 B URL GET HTTP/1.1 dolphinabberantleaflet.com/pixel/purst?dl=0&th=0&sc=0&rs=2580&rd=2580&fd=726&bv=22.10.v.10&tmpl=136
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdolphinabberantleaflet.com
Fingerprint96:DD:F7:B8:BA:04:7B:75:A4:F6:43:5C:B9:8E:6A:DE:79:0D:1E:BE
ValiditySat, 29 Apr 2023 06:15:54 GMT - Fri, 28 Jul 2023 06:15:53 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2580&rd=2580&fd=726&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: dolphinabberantleaflet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
simplewebanalysis.com/stats
52.58.93.188200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 52.58.93.188:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 630576afab8fedc4c2e5c5aa7e26b437
21f3b5a7382d3f7a029ad655f3cb8cb1a4b8bc7e
2d9db0dac01aea40b4bea481f146e65721e11377e16877aa98ece27d22089fc0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=2c59d3ef-8c85-4182-ba05-c8a1082a7615:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
54.230.111.117200 OK 37 kB URL GET HTTP/2 cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
IP 54.230.111.117:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash 58fbb6ffe72ac0c1aa468de39ee18e13
d25230f1ef89aecc6048b0ceb09dd0af609ee7b6
e8ff7f3a8926e5b5497d2ab7a1bf47c5655e287a51045f11846f426ac6c7d180
GET /autopromos/unicef2.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 36773
last-modified: Tue, 12 Apr 2022 08:41:28 GMT
x-amz-version-id: xUurxjfnscsyJn430NFsrgfbabIFowSl
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 May 2023 17:02:15 GMT
etag: "58fbb6ffe72ac0c1aa468de39ee18e13"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j615ixBjnuGEailqrloTgQfp43_I8ibsG7tkUNnN8ZkQpJg4pXMAuw==
age: 42899
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
54.230.111.117200 OK 54 kB URL GET HTTP/2 cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
IP 54.230.111.117:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 160x600, components 3\012- data
Hash 5dcf47442fc7fbb8d0263bbf4869537e
2c8232ac93448bbc06b5464f1839a5cdb2ed3e07
81804a1b2b20350ec009ba6429a4f58124c16ca30683af0af255544cd98c8fa6
GET /autopromos/unicef3.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 54292
last-modified: Tue, 12 Apr 2022 08:41:27 GMT
x-amz-version-id: iA22.ytP0i4dmuIhnc0eyNVgJlt2K4fl
accept-ranges: bytes
server: AmazonS3
date: Wed, 24 May 2023 04:35:47 GMT
etag: "5dcf47442fc7fbb8d0263bbf4869537e"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1NCek7BSOW49geXhLiM6aAGJFjzvquKS-OMnVvg8iOKAcF902Hqr0g==
age: 5048
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
illuminatedusing.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BeXe5CNayQYN%2BuuojeprqqelKnuaqq6pifBQ3BB9jjePHa%2Bk2xQw7L%2BAYp0vC0IGU8RzEHYP0CUPctMgqMPmve%2B7%2FsOn%2Fe6vtxzZySAo6er7%2BsdqRRdarcC%2F7VPwvC6vy5zN%2FJHvc6nnfi6b4ZvhkG%2FFbzuvyvYll6KgjAIwiD0V6URqR4thWHYCiCLo37Y6getOGqF7Rgj839tnQdLPfDhGXkBkk%2BfPXoYQ7IGefboprBbpS7eeCdzipbaYMgPP8q3cl3lyBZlajyk%2BeHFNLQ9Wf0ROj%2BYA0MP%2Fx1M5JR4T%2F5Akh9eUCIZHpyDJgoiR8KfQzVsIFQDSRswfQ%2BSnxCAcdzaQJ49uKVNRbfPXTpzp%2BTy078gqym5%2FPuLyLOHK0qO%2FLtauVLq3GKU1pCjBnLQoHDHKHcuQVbHYOUXkPwXsvR0HXm2v2GVhuT1fHkpG8i0gRJjUOvBzT7pwaUeXOEh46d%2Bl8W9Hu%2B1ORWMRUka9tI4jfuUBSkLlvsRHJvhjVEWYzA1BjO7KMwutuQYxv0Eu1nDcg%2B2nBLvg10MeY1KEFSWoKIElSSoSoJqWB9wZSNbP%2BDKuiS8yNFFXq4nuhzs0QNdDkRO9oozcnV%2Bl787Glvi1I%2BimPKYhnESJ2Gbhd2ok6bdoC1YpxsJ2oGVNaS9NF91R55cK1DIk%2BdfRkKPYdUxmLwK6l4BrSbdKADdnMS9ADv5Iy4KbWWZSiVsi%2BkMXNcoyssot709dUZemnO8%2BsSHYI%2FJRYCZGoWp8Zn8mWCg7k%2Fu6Irs39GVJd9vFKXM5A6d%2Fbu7JS3FlW%2FfE9uVNnztph1%2Fc4PNjFl59KGw5TrNucwHlny3IjkXZlUbJsgPa%2FZjkdx2dnPFmdwV67ffXl3LCiOslTpvQOXJ5x0wOSVXbhzMX%2BW1P3uQpoFxNTK3IJW6ASt2YYtFz2oCoxY6KTxUrp6YKFk0lSRQYqFpUsP%2BRyeLes%2Fex8B4oOU95FmNoakxVDWoGsO6ZyZlYR6%2F9evyPJAob5Io4%2B0nyqivzk9r5akvuqLT78dB3OVBkMQ8isK2YHQ5pn0aRWkXpZ3y7Ovf%2FgEAAP%2F%2FAQAA%2F%2F%2FXjah1YgQAAA%3D%3D
173.233.137.44200 OK 7 B URL GET HTTP/1.1 illuminatedusing.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BeXe5CNayQYN%2BuuojeprqqelKnuaqq6pifBQ3BB9jjePHa%2Bk2xQw7L%2BAYp0vC0IGU8RzEHYP0CUPctMgqMPmve%2B7%2FsOn%2Fe6vtxzZySAo6er7%2BsdqRRdarcC%2F7VPwvC6vy5zN%2FJHvc6nnfi6b4ZvhkG%2FFbzuvyvYll6KgjAIwiD0V6URqR4thWHYCiCLo37Y6getOGqF7Rgj839tnQdLPfDhGXkBkk%2BfPXoYQ7IGefboprBbpS7eeCdzipbaYMgPP8q3cl3lyBZlajyk%2BeHFNLQ9Wf0ROj%2BYA0MP%2Fx1M5JR4T%2F5Akh9eUCIZHpyDJgoiR8KfQzVsIFQDSRswfQ%2BSnxCAcdzaQJ49uKVNRbfPXTpzp%2BTy078gqym5%2FPuLyLOHK0qO%2FLtauVLq3GKU1pCjBnLQoHDHKHcuQVbHYOUXkPwXsvR0HXm2v2GVhuT1fHkpG8i0gRJjUOvBzT7pwaUeXOEh46d%2Bl8W9Hu%2B1ORWMRUka9tI4jfuUBSkLlvsRHJvhjVEWYzA1BjO7KMwutuQYxv0Eu1nDcg%2B2nBLvg10MeY1KEFSWoKIElSSoSoJqWB9wZSNbP%2BDKuiS8yNFFXq4nuhzs0QNdDkRO9oozcnV%2Bl787Glvi1I%2BimPKYhnESJ2Gbhd2ok6bdoC1YpxsJ2oGVNaS9NF91R55cK1DIk%2BdfRkKPYdUxmLwK6l4BrSbdKADdnMS9ADv5Iy4KbWWZSiVsi%2BkMXNcoyssot709dUZemnO8%2BsSHYI%2FJRYCZGoWp8Zn8mWCg7k%2Fu6Irs39GVJd9vFKXM5A6d%2Fbu7JS3FlW%2FfE9uVNnztph1%2Fc4PNjFl59KGw5TrNucwHlny3IjkXZlUbJsgPa%2FZjkdx2dnPFmdwV67ffXl3LCiOslTpvQOXJ5x0wOSVXbhzMX%2BW1P3uQpoFxNTK3IJW6ASt2YYtFz2oCoxY6KTxUrp6YKFk0lSRQYqFpUsP%2BRyeLes%2Fex8B4oOU95FmNoakxVDWoGsO6ZyZlYR6%2F9evyPJAob5Io4%2B0nyqivzk9r5akvuqLT78dB3OVBkMQ8isK2YHQ5pn0aRWkXpZ3y7Ovf%2FgEAAP%2F%2FAQAA%2F%2F%2FXjah1YgQAAA%3D%3D
IP 173.233.137.44:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BeXe5CNayQYN%2BuuojeprqqelKnuaqq6pifBQ3BB9jjePHa%2Bk2xQw7L%2BAYp0vC0IGU8RzEHYP0CUPctMgqMPmve%2B7%2FsOn%2Fe6vtxzZySAo6er7%2BsdqRRdarcC%2F7VPwvC6vy5zN%2FJHvc6nnfi6b4ZvhkG%2FFbzuvyvYll6KgjAIwiD0V6URqR4thWHYCiCLo37Y6getOGqF7Rgj839tnQdLPfDhGXkBkk%2BfPXoYQ7IGefboprBbpS7eeCdzipbaYMgPP8q3cl3lyBZlajyk%2BeHFNLQ9Wf0ROj%2BYA0MP%2Fx1M5JR4T%2F5Akh9eUCIZHpyDJgoiR8KfQzVsIFQDSRswfQ%2BSnxCAcdzaQJ49uKVNRbfPXTpzp%2BTy078gqym5%2FPuLyLOHK0qO%2FLtauVLq3GKU1pCjBnLQoHDHKHcuQVbHYOUXkPwXsvR0HXm2v2GVhuT1fHkpG8i0gRJjUOvBzT7pwaUeXOEh46d%2Bl8W9Hu%2B1ORWMRUka9tI4jfuUBSkLlvsRHJvhjVEWYzA1BjO7KMwutuQYxv0Eu1nDcg%2B2nBLvg10MeY1KEFSWoKIElSSoSoJqWB9wZSNbP%2BDKuiS8yNFFXq4nuhzs0QNdDkRO9oozcnV%2Bl787Glvi1I%2BimPKYhnESJ2Gbhd2ok6bdoC1YpxsJ2oGVNaS9NF91R55cK1DIk%2BdfRkKPYdUxmLwK6l4BrSbdKADdnMS9ADv5Iy4KbWWZSiVsi%2BkMXNcoyssot709dUZemnO8%2BsSHYI%2FJRYCZGoWp8Zn8mWCg7k%2Fu6Irs39GVJd9vFKXM5A6d%2Fbu7JS3FlW%2FfE9uVNnztph1%2Fc4PNjFl59KGw5TrNucwHlny3IjkXZlUbJsgPa%2FZjkdx2dnPFmdwV67ffXl3LCiOslTpvQOXJ5x0wOSVXbhzMX%2BW1P3uQpoFxNTK3IJW6ASt2YYtFz2oCoxY6KTxUrp6YKFk0lSRQYqFpUsP%2BRyeLes%2Fex8B4oOU95FmNoakxVDWoGsO6ZyZlYR6%2F9evyPJAob5Io4%2B0nyqivzk9r5akvuqLT78dB3OVBkMQ8isK2YHQ5pn0aRWkXpZ3y7Ovf%2FgEAAP%2F%2FAQAA%2F%2F%2FXjah1YgQAAA%3D%3D HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 496981ba94adacdef6dbc601f1cbc5d6
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/notifications/software/us/norton/1/index.html
45.133.44.4200 OK 804 B URL GET HTTP/2 cdn.barscreative1.com/sb/notifications/software/us/norton/1/index.html
IP 45.133.44.4:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint0B:AE:8A:C0:29:EA:B0:86:29:66:F6:7E:76:63:66:57:38:88:FC:E6
ValidityMon, 15 May 2023 04:01:53 GMT - Sun, 13 Aug 2023 04:01:52 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 3be2a223ed1b1c36a153f54be2c83f27
ec1a98749afdd4b466d1834239572161f4483f56
a3ae56824eb2005ad2daea5baa21fe6f0fa44891f59c34aed64b7232f59354c6
GET /sb/notifications/software/us/norton/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: text/html; charset=utf-8
content-length: 804
server: nginx/1.17.6
last-modified: Wed, 17 Feb 2021 11:42:48 GMT
etag: "602d0138-324"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Wed, 24 May 2023 05:55:55 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
54.230.111.104200 OK 0 B URL POST HTTP/2 t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
IP 54.230.111.104:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?sid=140&o=3&b=2&p=1&t=1 HTTP/1.1
Host: t.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
content-type: application/json
content-length: 0
server: nginx/1.20.0
date: Wed, 24 May 2023 04:55:55 GMT
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SDSZ-B_5M3yxzEgI0dOQ3wTcMIP58Iaku_i3d0ao8HNgxznKSNPgYA==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=c
94.130.197.136204 No Content 0 B URL GET HTTP/2 notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=c
IP 94.130.197.136:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tags?tag_id=46445&timezone_olson=UTC&version_name=c HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.18.0
date: Wed, 24 May 2023 04:55:55 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=210
173.233.137.44200 OK 0 B URL GET HTTP/1.1 illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=210
IP 173.233.137.44:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=210 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/bg.jpg
172.64.196.23200 OK 58 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/bg.jpg
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=250, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=970], progressive, precision 8, 970x250, components 3\012- data
Hash 93db86920aaf5aa1cb2f1b727b06dfe8
bce81c9da296929263f7ec1e606616a97ab42b9d
d67bdc40107fb5f7db687092375adbce71dcf6faec40d1c5c9c50c3c9e6d5ca7
GET /sb/notifications/software/us/norton/1/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: image/jpeg
content-length: 58368
last-modified: Wed, 17 Feb 2021 11:45:02 GMT
etag: "602d01be-e400"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7397614
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mevwqWzhBLATaSc4XdekG2Scf1J3Nn9m9%2FbokBFgDs4Okf045hUtwS5OzIdGJDw7I%2FcuF8t%2FKQrBi2%2BG3yRs9W%2FnXO1Q%2B3ZJAoIaGGdSRp6JZhRRVqom9CNow2XAebstQck2%2B%2F8Tl9BK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd2dcc491f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/close.png
172.64.196.23200 OK 1.8 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/close.png
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash c1b8f53c3afa0fdd5be48e6bfdbbb6fa
eeb2cd8d17e3abe135865be77330b8519f6bceb2
8f5d7d0bf69b5fcb8a110dd7c79948e70c860440b6ecc803a20ababe193a1af0
GET /sb/notifications/software/us/norton/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: image/png
content-length: 1778
last-modified: Wed, 17 Feb 2021 11:45:01 GMT
etag: "602d01bd-6f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7402551
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMtMIxfm6yy8jSRXDVGd95WpoWcDTUUtwGq5Cajo8ZJrMUDLVAKZxidbQmMhSzdfqatng8lmh1TxVVxlbCeXDvt47w9lfEB9%2F8LbvUbdPoEChn85saljPzAuxFyF8R77649WRcwqgohf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd3dd8491f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=274
173.233.137.44200 OK 0 B URL GET HTTP/1.1 illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=274
IP 173.233.137.44:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=274 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=270
173.233.137.52200 OK 0 B URL GET HTTP/1.1 illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=270
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=270 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.r2m02.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash df5448af909add73de2baea893efd38f
a2b82648ffe2205bf8eb8f0629408c451e0788b2
c5c7223d75ef78e8dced6c409b21242499fa418aa5bf9c89dc878bd9ad6b1138
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Wed, 24 May 2023 04:55:56 GMT
Last-Modified: Wed, 24 May 2023 03:29:08 GMT
Server: ECAcc (bsa/EA9D)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EZzmCDZ11QVGRIsZZIBTTO06BsClWLtfs8PodGn6t9KzNhk2lpxGEQ==
Age: 5208
ocsp.r2m02.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash df5448af909add73de2baea893efd38f
a2b82648ffe2205bf8eb8f0629408c451e0788b2
c5c7223d75ef78e8dced6c409b21242499fa418aa5bf9c89dc878bd9ad6b1138
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Wed, 24 May 2023 04:55:56 GMT
Last-Modified: Wed, 24 May 2023 03:47:21 GMT
Server: ECAcc (nya/7919)
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: K6hJtlkwx6GLpguBuyBL_sNM8HJl-SnEqDkKWkLp_t4ATGcfREhMqg==
Age: 4115
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.53200 OK 27 kB URL GET HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT
File type gzip compressed data, from Unix\012- data
Hash dfec4288f4b68df6e5d35ab3bbf67440
6a5b6edfed360b8f04a39410158ba5dba7cb79e6
680a9f1144dea0ce20527d751d03146eaf95e055af7b9c8cd5e1717730e6c7b5
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 05 Apr 2023 13:10:08 GMT
etag: W/"642d7330-1054e"
content-encoding: gzip
expires: Wed, 24 May 2023 05:00:55 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
illuminatedusing.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL GET HTTP/1.1 illuminatedusing.com/pixel/sbs?c=1
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fe16743433.1c9ca7ac71.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0NDc0NjQxNDkyMTE1NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
45.133.44.52200 OK 0 B URL GET HTTP/2 fe16743433.1c9ca7ac71.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0NDc0NjQxNDkyMTE1NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectfe16743433.1c9ca7ac71.com
FingerprintEC:CA:80:E9:10:8A:EB:57:D2:AE:2D:31:38:B9:2F:C1:F0:85:27:A8
ValiditySun, 21 May 2023 02:50:32 GMT - Sat, 19 Aug 2023 02:50:31 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0NDc0NjQxNDkyMTE1NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ== HTTP/1.1
Host: fe16743433.1c9ca7ac71.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:56 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 0 B URL POST HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 24 May 2023 04:55:56 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 27 B URL POST HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type JSON data\012- , ASCII text
Hash c4bea7951aaa542768f63f72d171ff83
7f57b3ce5d3a9bb0a15c32b34745b0214710e185
d4fbb24457a99cbf28127e8a416979ca0f2ab97c64a59b8d38760c40d4934756
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23168
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=12580505317823954241; Expires=Thu, 23 May 2024 04:55:56 GMT; Secure; SameSite=None
Vary: Origin
illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=282
173.233.137.52200 OK 0 B URL GET HTTP/1.1 illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=282
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=282 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
192.243.59.13200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
IP 192.243.59.13:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7b408a2a70de86b87cc1ed9b7a9eb121
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
192.243.59.13200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
IP 192.243.59.13:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 466c9e0317b58c76e44de3b38f4c0447
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash c02ea2eb31eb1af30ad378cddf6f94b5
f6190e85f669f8282ec9c4a36cf7f552c82f4989
e218cdd31cbdc6f9019a3ba5dbcd1451c74d4c9704bb0187b0b2dcc7481a4daa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Lato&display=swap
142.250.74.106200 OK 826 B URL GET HTTP/3 fonts.googleapis.com/css?family=Lato&display=swap
IP 142.250.74.106:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type gzip compressed data, max compression\012- data
Hash 695c4dd832ba475513c6bb83e2343213
4a80f743ce20f23ecbc40158e4d29f1582fd9470
b9057496d9560a51aa9cc6c045430b12174874db8dce3bb6a1e4667fbceecc50
GET /css?family=Lato&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 May 2023 04:55:57 GMT
date: Wed, 24 May 2023 04:55:57 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
script.4dex.io/localstore.js
172.67.75.241 268 B URL script.4dex.io/localstore.js
IP 172.67.75.241:0
File type ASCII text, with very long lines (482)
Hash 922cffdd75f7192f75231d92684885aa
48ae21017844de388e0a32206a2691fa4c109669
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
GET /localstore.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 May 2023 04:55:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=1800
ETag: W/"922cffdd75f7192f75231d92684885aa"
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 1327198
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJhqHe13uC29nVWwRJadSFG6dqIuSQViimiJIZ8w7bn5HNxg9INeexPTTYnlsxBRiDHp2eabuwZWOKQvMiQE3Am71tsBkWkOjfguIVDO0R02I%2BHX%2BcqlH3NVIrtbNFsz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7cc2f309c84bb523-OSL
Content-Encoding: br
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.227200 OK 24 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.227:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 May 2023 04:04:41 GMT
expires: Fri, 17 May 2024 04:04:41 GMT
cache-control: public, max-age=31536000
age: 521476
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prebid.a-mo.net/a/c
147.75.84.158 0 B IP 147.75.84.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /a/c HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1349
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://dfiles.eu
cache-control: max-age=0, private, must-revalidate
date: Wed, 24 May 2023 04:55:57 GMT
server: envoy
vary: origin, Accept-Encoding
x-nbr: 1
x-envoy-upstream-service-time: 0
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
151.101.130.133 939 B URL ocsp.globalsign.com/gseccovsslca2018
IP 151.101.130.133:0
Hash 5d05d65b8f4b2949a6655cbccbeebed9
ce0cc0ded189139c53314a9cb025c33a356b79ee
419ed9e043732a65e3f45f2de96b5f74c33fe8c30f6bb1bbb2f42b92d202c605
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Sun, 28 May 2023 04:23:24 GMT
ETag: "ce0cc0ded189139c53314a9cb025c33a356b79ee"
Last-Modified: Wed, 24 May 2023 04:23:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 24 May 2023 04:55:57 GMT
Age: 409
X-Served-By: cache-qpg1239-QPG, cache-bma1674-BMA
X-Cache: MISS, HIT
X-Cache-Hits: 0, 12
X-Timer: S1684904158.886311,VS0,VE0
script.4dex.io/adagio.js
172.67.75.241 23 kB IP 172.67.75.241:0
File type ASCII text, with very long lines (65354)
Hash c56b6332dacf72f135afcd153ae22448
78efc5939cc29a3e9ca16fadfbd26e7057fd27fd
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf
GET /adagio.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 May 2023 04:55:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Last-Modified: Wed, 23 Nov 2022 15:43:17 GMT
Vary: Origin, Accept-Encoding
Access-Control-Expose-Headers:
CF-Cache-Status: HIT
Age: 86645
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F0YpfMYI5axofy0UjrQZ%2BIcXkfiw1Dyfe1p6yyH%2BuNtaItu7618em1bBu%2F825Aw%2FGaHZZ2VXZPCt4I2yqD3MZMIL0GFifl3kEZpOaf2lV51B3WDAIymY6uAbKuS6MpiG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7cc2f30acbe30b02-OSL
Content-Encoding: br
ex.ingage.tech/v1/openrtb
172.67.41.84 0 B URL ex.ingage.tech/v1/openrtb
IP 172.67.41.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /v1/openrtb HTTP/1.1
Host: ex.ingage.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Wed, 24 May 2023 04:55:57 GMT
content-length: 0
vary: Origin, Access-Control-Request-Headers
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers: content-type
access-control-max-age: 3600
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cc2f309ffcdb4f9-OSL
X-Firefox-Spdy: h2
bs.yandex.ru/metadsp/2360912?imp-id=1&target-ref=dfiles.eu&ssp-id=10500
77.88.21.90 0 B URL bs.yandex.ru/metadsp/2360912?imp-id=1&target-ref=dfiles.eu&ssp-id=10500
IP 77.88.21.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /metadsp/2360912?imp-id=1&target-ref=dfiles.eu&ssp-id=10500 HTTP/1.1
Host: bs.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 205
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
content-length: 0
timing-allow-origin: *
uniformat: true
date: Wed, 24 May 2023 04:55:58 GMT
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
pragma: no-cache
uniformat-product-type: None
x-xss-protection: 1; mode=block
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
expires: Wed, 24 May 2023 04:55:58 GMT
last-modified: Wed, 24 May 2023 04:55:58 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzk4dXJscXRwdS9Ub3RhbC1XQS5leGU=
104.26.0.97200 OK 380 B URL GET HTTP/2 cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzk4dXJscXRwdS9Ub3RhbC1XQS5leGU=
IP 104.26.0.97:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type JSON data\012- HTML document, ASCII text, with very long lines (466), with no line terminators
Hash 35782e397b3b5cfc7576ad94eba9b923
dc5fced987d30921f3c1a04e3ba888230e821446
b967349f7186f514e1d05fbcc7af4d685f688aea654a81e4763e6bb4c0057b5a
GET /v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzk4dXJscXRwdS9Ub3RhbC1XQS5leGU= HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: application/json; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"1d2-3F/O2YfTCSHzwaBOO6iIIw6CFEY"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzUV%2Bvk35jEn28BEygC4YNTL9EJBDIA6bXbw48O3Y7NBzcffvIVXgE0g9FO7AoqnbweT60qONptMtuRy7%2BJNZ2u4d7C5r5KRQw3gwGv2KVAOgHyNsmNLVXTUSXWRNIBu9%2FqjWGwn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc2f2fa49a1b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.227200 OK 24 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.227:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 May 2023 04:04:41 GMT
expires: Fri, 17 May 2024 04:04:41 GMT
cache-control: public, max-age=31536000
age: 521478
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
images.outbrainimg.com/transform/v3/eyJpdSI6IjYzZTA1YmNjZjdiZGU0ZmI5MWNiYzY4NzVmNTYwZmJmZjk0MGQ4MzU5ODZiZmY4MGU4ZjVjMTE1NmJjMjUxNjEiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
23.38.201.176200 OK 12 kB URL GET HTTP/2 images.outbrainimg.com/transform/v3/eyJpdSI6IjYzZTA1YmNjZjdiZGU0ZmI5MWNiYzY4NzVmNTYwZmJmZjk0MGQ4MzU5ODZiZmY4MGU4ZjVjMTE1NmJjMjUxNjEiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
IP 23.38.201.176:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint4F:05:15:71:93:78:ED:64:53:30:81:ED:DA:9C:FE:4F:7B:F9:41:BE
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sat, 02 Mar 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 270x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 381813ed1c8a6f1705b621585b605054
6992e1183afd04c1529bfe128964e2109713cce5
09d2e03f19ba0b368b245b44d487d7ea4eabd930cd3a5a4d3d098ae29efddf32
GET /transform/v3/eyJpdSI6IjYzZTA1YmNjZjdiZGU0ZmI5MWNiYzY4NzVmNTYwZmJmZjk0MGQ4MzU5ODZiZmY4MGU4ZjVjMTE1NmJjMjUxNjEiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp HTTP/1.1
Host: images.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/webp
content-length: 11934
last-modified: Sun, 21 May 2023 02:01:31 GMT
x-traceid: 3af7fcdc66242d3579f179e92650ee72
cache-control: max-age=2194876
date: Wed, 24 May 2023 04:55:59 GMT
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
timing-allow-origin: *, *
X-Firefox-Spdy: h2
api.purpleads.io/x/a/20439424fc2daf1ccceb08514c96e983:1a160841438f2325780d89ffe2cb7043a5f4c5e751050eb17b3040b860e9abfd31996f229cc1d8f5578b09114d9fd6a1c320e2dca8483b5ca4af879b47ad908eaebc7d9bb692c526bd4f4ffea7ec0bd5ce6a765a028bed8f08ed390f893b6fc5/i?id=b0ed679f-565a-439a-a699-10fd583ae9c3
75.101.220.184204 No Content 0 B URL GET HTTP/2 api.purpleads.io/x/a/20439424fc2daf1ccceb08514c96e983:1a160841438f2325780d89ffe2cb7043a5f4c5e751050eb17b3040b860e9abfd31996f229cc1d8f5578b09114d9fd6a1c320e2dca8483b5ca4af879b47ad908eaebc7d9bb692c526bd4f4ffea7ec0bd5ce6a765a028bed8f08ed390f893b6fc5/i?id=b0ed679f-565a-439a-a699-10fd583ae9c3
IP 75.101.220.184:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x/a/20439424fc2daf1ccceb08514c96e983:1a160841438f2325780d89ffe2cb7043a5f4c5e751050eb17b3040b860e9abfd31996f229cc1d8f5578b09114d9fd6a1c320e2dca8483b5ca4af879b47ad908eaebc7d9bb692c526bd4f4ffea7ec0bd5ce6a765a028bed8f08ed390f893b6fc5/i?id=b0ed679f-565a-439a-a699-10fd583ae9c3 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 24 May 2023 04:55:59 GMT
access-control-allow-origin: api.purpleads.io
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
X-Firefox-Spdy: h2
mp.4dex.io/prebid
104.18.3.114 600 B IP 104.18.3.114:0
File type gzip compressed data, from Unix\012- data
Hash 0afe8142168ae4ce80d7c2728621a370
3e5b314c9a33a5610bd83b3b40f866bb9b7c759d
3265864b26d86ec6748ece6f8282e940af907328ddf39d116df7893526b2f55b
POST /prebid HTTP/1.1
Host: mp.4dex.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2093
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:57 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://dfiles.eu
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin, Accept-Encoding
x-err: Shapings: no adunits with size and seat and mapping
x-version: 3.0.0-gcp-ams
x-warn: Process Seats Booster. unable to get the seat booster engine for organization: 1263
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cc2f30a494eb52d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=17c993f058982669b3486410ec49e0f2&pvId=17c993f058982669b3486410ec49e0f2&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
70.42.32.255200 OK 4 B URL GET HTTP/1.1 log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=17c993f058982669b3486410ec49e0f2&pvId=17c993f058982669b3486410ec49e0f2&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
IP 70.42.32.255:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /loggerServices/widgetGlobalEvent?rId=17c993f058982669b3486410ec49e0f2&pvId=17c993f058982669b3486410ec49e0f2&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 May 2023 04:56:00 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: e2c511f5b4d5abc04f614ca9aca0e45a
log.outbrainimg.com/loggerServices/log-viewability?requestId=17c993f058982669b3486410ec49e0f2&position=0
70.42.32.255200 OK 4 B URL GET HTTP/1.1 log.outbrainimg.com/loggerServices/log-viewability?requestId=17c993f058982669b3486410ec49e0f2&position=0
IP 70.42.32.255:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /loggerServices/log-viewability?requestId=17c993f058982669b3486410ec49e0f2&position=0 HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 May 2023 04:56:00 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: ad118fd44afbc2903965c1d20bd94e65
cdn.pubfuture-ad.com/v2/unit/pt.js
104.26.0.97200 OK 6.6 kB URL GET HTTP/2 cdn.pubfuture-ad.com/v2/unit/pt.js
IP 104.26.0.97:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (6778), with no line terminators
Hash 0111fa8d579e88268584595c79ad05d8
557bd8adf0625893e0ede25162f2cee913ae702c
0e2968fc4d954021c6a483bf6195122c7934c97b6bc495e2c46e4382b2ee0ae4
GET /v2/unit/pt.js HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:53 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-bgj: minify
access-control-allow-origin: *
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
etag: W/"19d4-fKxMfwaT/pKWztkbnqHGCyR1YAs"
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: HIT
age: 61524
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l74waFLnLgrsyELIJUQV9ajM8BTrfpzipuNpIewTiRFngEtaPt1ptn3EkDM6JIWpdbTGpQoI%2FvctslRTlVkox1xx24%2FlNE4jISvLmv2smOkBlF58fHczIa8jLsf4bRFM4Guu55t5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc2f2ed7e86b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989
75.101.220.184200 OK 1.4 kB URL GET HTTP/2 api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989
IP 75.101.220.184:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (1462), with no line terminators
Hash d09399fabe77f1860fc872a519a19f72
b6b5b017953d78825e29ce97d6710ce00f55d180
4e8c48ba30baa845df20111cb4e5de4bb0ccb5a13e5d6fd506128510892561f1
GET /x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Content-Type: application/json
x-purpleads-version: 2.0.2
x-request-url: aHR0cHM6Ly9kZmlsZXMuZXUvZmlsZXMvOTh1cmxxdHB1L1RvdGFsLVdBLmV4ZQ==
Authorization: Bearer 64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
pa-user-id: dc07889d-e2ef-48f7-88ef-ad0ad7df4f4c
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:58 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
etag: W/"57e-xwXHYMWm8AlDpBD9HtehZ2kJflU"
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2
cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
104.26.3.51200 OK 44 kB URL GET HTTP/2 cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
IP 104.26.3.51:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subjectprplads.com
Fingerprint44:46:5A:F0:A0:B0:25:70:06:3F:E4:EB:02:D5:A2:67:7A:E3:7D:0E
ValidityWed, 19 Apr 2023 12:34:16 GMT - Tue, 18 Jul 2023 12:34:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683 HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"103f53a915d53d541a023f9c8352e84c"
last-modified: Wed, 03 May 2023 17:14:59 GMT
x-amz-id-2: c0BBo0bTVFeShG8i+7lo2b2VE/UirvGjsaEwxq/wwMJ6ns1s3aKZvOG0lzRnXyQ2PtAWUDAre3c=
x-amz-request-id: VF6G331VR5CZSWHS
cache-control: max-age=86400
cf-cache-status: HIT
age: 7188
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJOlekMT89ku1GWjN2SKOoHgXA0H6Z7%2Fy1VnpZPVuySjHeWCquoBg7KVNvqLh5MUsyRwrFxMWC6WFDMGiDxVFW5v%2FphhafeRlzO96KN%2BqfNMPZ8QwIuF%2FBVpICYY2CVYPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fb4d550b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntvpwpush.com/dl/cookies
94.130.198.6200 OK 620 B IP 94.130.198.6:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (656), with no line terminators
Hash 0f28ac8b62710210d8c20200cb32caf2
e5cf4c2df4e48eff5fe877531dd3f12351c0c37d
2e6743f06e4cc09ff077b579b75511eaaf5ccf370f70fd2075d74725bf5b872c
GET /dl/cookies HTTP/1.1
Host: ntvpwpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 24 May 2023 04:55:56 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
illuminatedusing.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BdH3INsXCPBuFl3Fb1JdVX1pEx1V1PVNT0JHoILssfx5rHznWSDGpb1D1Ck421ByHiKYA7C%2FgGi7FlmMjj6oHnv%2B77v8Hmv68t9d04COHq29r7elUrRpXYr8F%2F7JAyv%2Bxsyd0N%2F2Ot82omv%2B2bwZhistILX%2FXcF29ZLURAGQRiE%2Fpo0ItXDpTAMWwFkcbwStlaCVhy1wnaMofm%2Fts6DpR744Jy8AMknzx4%2FjCFZgzx7dFPY7VIXb7yTOUVLbTDgRx%2Fl27mucmSLMjUe0vxoPg1tT9d%2BhM4PZ8DQg38HEzkh3pM%2FkORHc0okg8ML0ERB5Ej4c6gGDYRqIGkDpu9B8lMCMI5bm8izB7e0qejOhUun7oRcfvoXZDUhl39%2FEXn2cFXJoX9XK1dKnVsM0xpy2ED2GxTuBOXuJcjqBKz8ApL%2FQpaebiDPDjat0pC8ni0vZQOZNlBiBGo9uOknPbjUgys8ZPzM77K41%2BO9NqeCsShJw14ap%2FEKZUHKguWVCI5N8UYoixGYGoGZPRRmD9tyBON%2Bgt2qYbkHW06I98EeBrxGJQgqS1BRgkoSVCVBNagPubKRrR9wZV0SznM0z8v1WJf9fXqoy77IyX5xTq7O7vJ3R2NbnPlRFFMe0zBO4iRss7AbddK0G7QF63QjQTuwsoa0l2ar7srTawUKefr8y0joCaw6AZNXQd0roNW4GwWgW%2BO4F2A3f8RFoa0sU6mEbTGdgesaRXkZ5Y63r87JSzOOV5%2F4EOwxmQeYqVGYGp%2FJnwn66v74jq7IwR1dWfL9ZlHKTO7S6b%2B7W9JSXPn2PbFTacPXb9rRNzfY1JiWxx8KW27QnMu8b8l3q5JzYda0YYL8sG4%2FFsltZ7dWncldsXH77bX1rDDCWqnzBlSeft4BkxNy5cbh7FVe%2B7MHaRoYVyNzC1KpG7BiD7ZY9KwmMGqhk8JD5eqxiZJFU0kCJRaaJjXsf3SyqPftffSNB1reQ57VGJgaA1WDqhGse2ZcFubxW78uzwKJ8saJMt5Booz66uK0Vp75jAWChkk3FIKL9jJjcYf1kk66HHdFr83bKO2EZ1%2F%2F9g8AAAD%2F%2FwEAAP%2F%2FKKoAZWIEAAA%3D
173.233.137.44200 OK 0 B URL GET HTTP/1.1 illuminatedusing.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BdH3INsXCPBuFl3Fb1JdVX1pEx1V1PVNT0JHoILssfx5rHznWSDGpb1D1Ck421ByHiKYA7C%2FgGi7FlmMjj6oHnv%2B77v8Hmv68t9d04COHq29r7elUrRpXYr8F%2F7JAyv%2Bxsyd0N%2F2Ot82omv%2B2bwZhistILX%2FXcF29ZLURAGQRiE%2Fpo0ItXDpTAMWwFkcbwStlaCVhy1wnaMofm%2Fts6DpR744Jy8AMknzx4%2FjCFZgzx7dFPY7VIXb7yTOUVLbTDgRx%2Fl27mucmSLMjUe0vxoPg1tT9d%2BhM4PZ8DQg38HEzkh3pM%2FkORHc0okg8ML0ERB5Ej4c6gGDYRqIGkDpu9B8lMCMI5bm8izB7e0qejOhUun7oRcfvoXZDUhl39%2FEXn2cFXJoX9XK1dKnVsM0xpy2ED2GxTuBOXuJcjqBKz8ApL%2FQpaebiDPDjat0pC8ni0vZQOZNlBiBGo9uOknPbjUgys8ZPzM77K41%2BO9NqeCsShJw14ap%2FEKZUHKguWVCI5N8UYoixGYGoGZPRRmD9tyBON%2Bgt2qYbkHW06I98EeBrxGJQgqS1BRgkoSVCVBNagPubKRrR9wZV0SznM0z8v1WJf9fXqoy77IyX5xTq7O7vJ3R2NbnPlRFFMe0zBO4iRss7AbddK0G7QF63QjQTuwsoa0l2ar7srTawUKefr8y0joCaw6AZNXQd0roNW4GwWgW%2BO4F2A3f8RFoa0sU6mEbTGdgesaRXkZ5Y63r87JSzOOV5%2F4EOwxmQeYqVGYGp%2FJnwn66v74jq7IwR1dWfL9ZlHKTO7S6b%2B7W9JSXPn2PbFTacPXb9rRNzfY1JiWxx8KW27QnMu8b8l3q5JzYda0YYL8sG4%2FFsltZ7dWncldsXH77bX1rDDCWqnzBlSeft4BkxNy5cbh7FVe%2B7MHaRoYVyNzC1KpG7BiD7ZY9KwmMGqhk8JD5eqxiZJFU0kCJRaaJjXsf3SyqPftffSNB1reQ57VGJgaA1WDqhGse2ZcFubxW78uzwKJ8saJMt5Booz66uK0Vp75jAWChkk3FIKL9jJjcYf1kk66HHdFr83bKO2EZ1%2F%2F9g8AAAD%2F%2FwEAAP%2F%2FKKoAZWIEAAA%3D
IP 173.233.137.44:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BdH3INsXCPBuFl3Fb1JdVX1pEx1V1PVNT0JHoILssfx5rHznWSDGpb1D1Ck421ByHiKYA7C%2FgGi7FlmMjj6oHnv%2B77v8Hmv68t9d04COHq29r7elUrRpXYr8F%2F7JAyv%2Bxsyd0N%2F2Ot82omv%2B2bwZhistILX%2FXcF29ZLURAGQRiE%2Fpo0ItXDpTAMWwFkcbwStlaCVhy1wnaMofm%2Fts6DpR744Jy8AMknzx4%2FjCFZgzx7dFPY7VIXb7yTOUVLbTDgRx%2Fl27mucmSLMjUe0vxoPg1tT9d%2BhM4PZ8DQg38HEzkh3pM%2FkORHc0okg8ML0ERB5Ej4c6gGDYRqIGkDpu9B8lMCMI5bm8izB7e0qejOhUun7oRcfvoXZDUhl39%2FEXn2cFXJoX9XK1dKnVsM0xpy2ED2GxTuBOXuJcjqBKz8ApL%2FQpaebiDPDjat0pC8ni0vZQOZNlBiBGo9uOknPbjUgys8ZPzM77K41%2BO9NqeCsShJw14ap%2FEKZUHKguWVCI5N8UYoixGYGoGZPRRmD9tyBON%2Bgt2qYbkHW06I98EeBrxGJQgqS1BRgkoSVCVBNagPubKRrR9wZV0SznM0z8v1WJf9fXqoy77IyX5xTq7O7vJ3R2NbnPlRFFMe0zBO4iRss7AbddK0G7QF63QjQTuwsoa0l2ar7srTawUKefr8y0joCaw6AZNXQd0roNW4GwWgW%2BO4F2A3f8RFoa0sU6mEbTGdgesaRXkZ5Y63r87JSzOOV5%2F4EOwxmQeYqVGYGp%2FJnwn66v74jq7IwR1dWfL9ZlHKTO7S6b%2B7W9JSXPn2PbFTacPXb9rRNzfY1JiWxx8KW27QnMu8b8l3q5JzYda0YYL8sG4%2FFsltZ7dWncldsXH77bX1rDDCWqnzBlSeft4BkxNy5cbh7FVe%2B7MHaRoYVyNzC1KpG7BiD7ZY9KwmMGqhk8JD5eqxiZJFU0kCJRaaJjXsf3SyqPftffSNB1reQ57VGJgaA1WDqhGse2ZcFubxW78uzwKJ8saJMt5Booz66uK0Vp75jAWChkk3FIKL9jJjcYf1kk66HHdFr83bKO2EZ1%2F%2F9g8AAAD%2F%2FwEAAP%2F%2FKKoAZWIEAAA%3D HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 86e1a4dd7f2754938922f353050ffce0
Strict-Transport-Security: max-age=0; includeSubdomains
api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395
75.101.220.184200 OK 2.8 kB URL GET HTTP/2 api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395
IP 75.101.220.184:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- troff or preprocessor input, ASCII text, with very long lines (2948), with no line terminators
Hash 800a49d1af44148de862e984c0a041cb
77137eedf2c989ca4bbaea4bcdb55548ae61ae43
470ef99137daccc3d667fb695f5d64dc581a10068e3e0f7df28327835d803af3
GET /x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Content-Type: application/json
x-purpleads-version: 2.0.2
x-request-url: aHR0cHM6Ly9kZmlsZXMuZXUvZmlsZXMvOTh1cmxxdHB1L1RvdGFsLVdBLmV4ZQ==
Authorization: Bearer 64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:56 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
set-cookie: pa-user-id=dc07889d-e2ef-48f7-88ef-ad0ad7df4f4c; Domain=.purpleads.io; Path=/
pa-user-id: dc07889d-e2ef-48f7-88ef-ad0ad7df4f4c
etag: W/"af4-DxOKbowKjENHKbenMX10hUGCu4k"
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2
static.depositfiles.com/images/flags/lang24.png
91.226.124.81200 OK 9.2 kB URL GET HTTP/1.1 static.depositfiles.com/images/flags/lang24.png
IP 91.226.124.81:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-23d4"
Accept-Ranges: bytes
addresseepaper.com/sfp.js
0.0.0.0 0 B URL GET addresseepaper.com/sfp.js
IP 0.0.0.0:0
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989
75.101.220.184200 OK 0 B URL OPTIONS HTTP/2 api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989
IP 75.101.220.184:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,pa-user-id,x-purpleads-version,x-request-url
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:58 GMT
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
access-control-allow-headers: authorization,content-type,pa-user-id,x-purpleads-version,x-request-url
access-control-max-age: 86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/js/script.js
172.64.196.23200 OK 385 B URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/js/script.js
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (399), with no line terminators
Hash 1cefc33777b8bee6b7fcc27b0ecbd6f8
019bb2f304ef537ce1764a91d5cf3aae361b1f08
a7daa6a82a2edc4563c1e9b8962007248d693996475caca0fa546266adf0ae9b
GET /sb/notifications/software/us/norton/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:45:00 GMT
etag: W/"602d01bc-181"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 124
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOApiV2PMq4MWdYpIrbA%2BD95%2BI1ggUs5kQohdImU6oQMKtxWVlTGd3ZoPy4szkDOXR6HChikW%2F1vaSRLhIFiu%2BmVbXaGp1e96J29mDBbC72Mtxk%2B%2Fa%2BuQOELF%2BXhHXpI6SdXxLUBzapC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd0fc1774f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.unblockia.com/h.js
54.230.111.117200 OK 166 kB IP 54.230.111.117:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 166 kB (166192 bytes)
Hash 3d75dc8f7c4000ccdac0fff2f09d78a8
9008e9830c5f3a690cbb6cc94ddb34b59fc12677
203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8
GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Mon, 22 May 2023 09:17:35 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-content-sha256: 3b11cd91ab382736a9ba8e63029f318e3177aa77903aa4fa093a80765fac8c07
x-amz-version-id: gKayxwShEzJAnBjNaPvAM9Fj3A2ZU3Kt
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:6a48fce0-eba0-40cc-8a72-49f5d7d1abde
x-amz-meta-codebuild-content-md5: 60511405d11f9acd0880a4539ae338cb
server: AmazonS3
content-encoding: br
date: Tue, 23 May 2023 09:19:59 GMT
etag: W/"3d75dc8f7c4000ccdac0fff2f09d78a8"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ComVA1guobnlMfEz3osXMz_5LOmbFC_AHQExrbyxmSzBthfLae0xSw==
age: 70555
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.m.js
45.133.44.53200 OK 158 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT
Size 158 kB (158096 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:53 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 19 May 2023 08:16:51 GMT
etag: W/"64673073-26990"
content-encoding: gzip
expires: Wed, 24 May 2023 05:00:53 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/style.css
172.64.196.23200 OK 2.3 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/style.css
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (2472), with no line terminators
Hash 50a727839c0d5c323ac1e5a8b32e5838
ab2dbb07e2f14e3010b7bcb8cf276a17bc681bcd
cb2dc4b9bfac73114f274ed68a9d7fe3efe6db932ea3958a29f255337f050489
GET /sb/notifications/software/us/norton/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:59 GMT
etag: W/"602d01bb-907"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 142316
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XmjzaTaiRcBoeR%2B2u434THJ7VJNWUKKloDgVhrQEMiqjvl4f5GewhmUiBNMfcHJSEi0PAEva3tRwvAMyK0ZUHQPxtjL5ah5Jnl9WXYGgyGbh6OiZWrWHNhKRIpZqZhIjZt1jxiGTOUzW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd1fca774f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395
75.101.220.184200 OK 0 B URL OPTIONS HTTP/2 api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395
IP 75.101.220.184:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:56 GMT
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-max-age: 86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/animate.css
172.64.196.23200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/animate.css
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/notifications/software/us/norton/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:45:00 GMT
etag: W/"602d01bc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 142316
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJu00mol6euEGIkbcJPZIY1xMe%2FY7je79jttLKZf3qlcxjrHRWBGJZvwo%2Fz%2BRTVdWvocilfvm%2BJGgrE8pliGKiRIHG5ZoFrLi93wyFZLJtr7mZUH1P5qMNqDN8h4QJ8rOeO6wYN79dLt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd0fc5774f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.141.24200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP 172.64.141.24:443
Requested by https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 0e1e6df64d946b7d9bb83e2a68c3cb45
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 24 May 2023 04:55:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZeSCBaB%2FDxaQbjjoJ4t0sMzSAlD7I7M9drtMUbPztKNLi%2FNteokCx0TP0zuDUhNc8YI4GN%2BtAywg5cWzPkiDnHPMeFLTxVXmW7ABs4oF0LPDfZaWs%2BVyUTBp3KFf5V34uaSvRjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2f1eacd385c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2