Report - depositfiles.com/files/98urlqtpu/Total-WA.exe

Report Overview

Submitted URL
depositfiles.com/files/98urlqtpu/Total-WA.exe
IP
91.226.124.80
ASN
#35415 Webzilla B.V.
Submitted
2023-05-24 04:56:13
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
simplewebanalysis.com	unknown	2022-02-15	2022-02-25	2023-05-23	1.4 kB	1.0 kB	52.58.93.188
fe16743433.1c9ca7ac71.com	unknown	unknown	No data	No data	1.3 kB	320 B	45.133.44.52
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-23	1.0 kB	49 kB	216.58.207.227
dfiles.eu	434493	unknown	2012-12-23	2023-05-23	494 B	6.9 kB	91.226.124.80
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-23	340 B	944 B	54.230.80.227
dolphinabberantleaflet.com	unknown	2023-04-29	2023-04-29	2023-05-23	490 B	467 B	173.233.137.52
t.unblockia.com	unknown	2019-10-17	2023-01-30	2023-05-23	413 B	408 B	54.230.111.104
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2023-05-23	1.0 kB	774 B	157.90.84.242
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-23	433 B	1.5 kB	142.250.74.106
friendshipmale.com	unknown	2022-10-21	2022-10-21	2023-05-23	397 B	86 kB	172.64.141.24
depositfiles.com	149089	2005-11-05	2012-05-21	2023-05-23	501 B	211 B	91.226.124.76
na.nawpush.com	38563	2020-12-21	2020-12-23	2023-05-23	433 B	813 B	45.133.44.25
notification.tubecup.net	8210	2008-09-26	2019-08-30	2023-05-23	469 B	309 B	94.130.197.136
api.purpleads.io	146037	2020-01-29	2020-02-18	2023-05-23	3.6 kB	5.9 kB	75.101.220.184
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-23	2.3 kB	4.9 kB	142.250.74.131
illuminatedusing.com	unknown	2023-04-29	2023-04-29	2023-05-23	7.4 kB	37 kB	173.233.137.44
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2023-05-23	463 B	1.2 kB	45.133.44.4
ocsp.r2m02.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-05-23	680 B	1.9 kB	54.230.80.227
unseenreport.com	unknown	2022-03-30	2022-03-30	2023-05-23	1.5 kB	846 B	192.243.59.13
prebid.a-mo.net	1148	2017-09-08	2020-07-14	2023-05-23	461 B	310 B	147.75.84.158
cdn.pubfuture-ad.com	unknown	2022-09-30	2022-11-16	2023-05-23	969 B	9.5 kB	104.26.0.97
addresseepaper.com	18169	2021-11-01	2021-11-01	2023-05-23	397 B	0 B	0.0.0.0
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-23	418 B	86 kB	142.250.74.168
js.wpadmngr.com	25762	2021-06-02	2021-06-02	2023-05-23	814 B	169 kB	45.133.44.53
loader.unblockia.com	unknown	2019-10-17	2023-01-30	2023-05-23	437 B	47 kB	54.230.111.2
adsbb.dfiles.eu	unknown	unknown	2017-03-18	2023-05-23	5.8 kB	174 kB	91.226.124.76
js.wpshsdk.com	12130	2021-06-04	2021-06-04	2023-05-23	826 B	28 kB	45.133.44.53
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-23	470 B	168 kB	142.250.74.35
cdn.unblockia.com	20316	2019-10-17	2019-12-02	2023-05-23	1.3 kB	259 kB	54.230.111.117
script.4dex.io	2135	2018-04-02	2018-07-23	2023-05-23	815 B	25 kB	172.67.75.241
pl16105218.highrevenuegate.com	unknown	2023-03-02	2023-03-03	2023-05-23	445 B	14 kB	173.233.137.52
mp.4dex.io	2629	2018-04-02	2019-01-03	2023-05-23	459 B	1.2 kB	104.18.3.114
images.outbrainimg.com	2085	2018-04-09	2018-05-15	2023-05-23	579 B	12 kB	23.38.201.176
ex.ingage.tech	15627	2018-07-26	2020-09-04	2023-05-23	505 B	445 B	172.67.41.84
ocsp.globalsign.com	2075	1999-04-19	2012-07-20	2023-05-23	349 B	1.5 kB	151.101.130.133
log.outbrainimg.com	2177	2018-04-09	2018-09-04	2023-05-23	1.1 kB	646 B	70.42.32.255
bs.yandex.ru	35988	1997-09-23	2012-11-03	2023-05-23	512 B	600 B	77.88.21.90
static.depositfiles.com	unknown	2005-11-05	2012-05-24	2023-05-23	7.9 kB	708 kB	91.226.124.81
ip2geo.pubfuture-ad.com	unknown	2022-09-30	2023-03-27	2023-05-23	423 B	1.2 kB	104.26.0.97
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2023-05-23	2.3 kB	146 kB	172.64.196.23
cdn.prplads.com	unknown	2023-02-19	2023-02-20	2023-05-23	569 B	45 kB	104.26.3.51
ntvpwpush.com	unknown	2020-12-15	2020-12-15	2023-05-23	509 B	972 B	94.130.198.6
www.google.com	7	1997-09-15	2015-05-10	2023-05-23	401 B	1.1 kB	142.250.74.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-24	medium	pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-24	medium	highrevenuegate.com
2023-05-23	medium	illuminatedusing.com
2023-05-23	medium	illuminatedusing.com
2023-05-24	medium	dolphinabberantleaflet.com
2023-05-23	medium	illuminatedusing.com
2023-05-23	medium	illuminatedusing.com
2023-05-23	medium	illuminatedusing.com
2023-05-23	medium	illuminatedusing.com
2023-05-23	medium	illuminatedusing.com
2023-05-23	medium	illuminatedusing.com
2023-05-23	medium	unseenreport.com
2023-05-23	medium	unseenreport.com
2023-05-23	medium	illuminatedusing.com
2023-05-24	medium	addresseepaper.com

ThreatFox

No alerts detected

JavaScript (40)

	URL	Size	First Seen	Last Seen
	unknown	600 B	2023-03-14	2024-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 11:05:07 Last Seen2024-01-08 08:13:29 Times Seen57 Hash 091f5fc193d59a67dc89e9044107aa33 dc4c1d8f90b31e906e153926d5249ab5b2567932 f689e10c7dbcd8b51f78ab4b82f3cf8ed0ecc30ed59f9029d4f44ace7e5b6bc1 Loading...

	www.googletagmanager.com/gtag/js?id=G-BL9163LYG1	252 kB	2023-05-24	2023-05-24
Pretty URL www.googletagmanager.com/gtag/js?id=G-BL9163LYG1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-24 06:56:21 Last Seen2023-05-24 06:56:21 Times Seen2 Hash 0ad5c83f2a9dbd9df298e257bc26e655 bb0c65e4cd346b658700a20e05cbd83bada7e136 043a05b922fa8e94f942f41201abdd141ebd5c0c3f8a52825c80c569f7210756 Loading...

	static.depositfiles.com/js/function.js	35 kB	2023-03-07	2024-04-19
Pretty URL static.depositfiles.com/js/function.js IP 91.226.124.81 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen1120 Hash a5779d2f560cd50376dbba372b0fd15b 07b08e35b9254288c1372e37577db8b9e4da01b4 51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84 Loading...

	cdn.unblockia.com/h.js	166 kB	2023-05-22	2023-06-12
Pretty URL cdn.unblockia.com/h.js IP 54.230.111.117 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 12:38:11 Last Seen2023-06-12 08:45:06 Times Seen211 Hash 3d75dc8f7c4000ccdac0fff2f09d78a8 9008e9830c5f3a690cbb6cc94ddb34b59fc12677 203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8 Loading...

	cdn.pubfuture-ad.com/v2/unit/pt.js	6.6 kB	2023-05-08	2023-07-18
Pretty URL cdn.pubfuture-ad.com/v2/unit/pt.js IP 104.26.0.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 18:57:55 Last Seen2023-07-18 10:00:36 Times Seen253 Hash 682292a8592cf915768cad01e4b3222d 7cac4c7f0693fe9296ced91b9ea1c60b2475600b 74075ecdd502ca9121a9d6a11e8824771cea3c7e158726e01a2964c750766e1d Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	154 B	2023-03-13	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 20:01:53 Last Seen2024-04-19 05:23:57 Times Seen593 Hash a5d30d6e8f7d127b22036f0cba694312 48b3fda0a81aeee349d1d58c1064e6028ad01500 3535afb4b7453318c16fd30caa8ed102f9e880596bd4391c7aff5be03295cdf0 Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	148 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:56 Last Seen2024-04-19 05:23:57 Times Seen593 Hash 39f8fffd2249f3bb9deb92a533243df9 ee75ba64aea887c758cd24407d003bc9494237f3 62cdfe74dd5ba57340776bc53ee95b20c286efbc7c467ece9594d27e24b48dcd Loading...

	js.wpshsdk.com/npc/sdk/wp-banners.js	0 B	2023-03-07	2024-04-23
Pretty URL js.wpshsdk.com/npc/sdk/wp-banners.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 20:12:06 Times Seen37024418 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683	44 kB	2023-05-04	2023-07-06
Pretty URL cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683 IP 104.26.3.51 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-04 19:00:26 Last Seen2023-07-06 12:03:28 Times Seen91 Hash e7f2069322ec42bbceeeb82aa038ad97 ff19fb5f2a8acaaa6e5690ac8a4a18d4e3a96239 e925958da62482fd49a37dde6b3d8b2429ab1a7f7d531ab0c15e3fe112f464ef Loading...

	js.wpshsdk.com/npc/sdk/push.m.js?v=1	67 kB	2023-04-05	2023-05-24
Pretty URL js.wpshsdk.com/npc/sdk/push.m.js?v=1 IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 16:56:19 Last Seen2023-05-24 12:50:30 Times Seen3968 Hash feb36403b62b67278b7e2678eadade8a d9fb0f995c7a6d93af6cc01794d60a3e4ea10220 2802e4618ec30ec53ea5296b1b832279514ea2325caae829c549aed796ce53ff Loading...

	static.depositfiles.com/js/jquery.validate.js	38 kB	2023-04-05	2024-04-19
Pretty URL static.depositfiles.com/js/jquery.validate.js IP 91.226.124.81 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 16:56:19 Last Seen2024-04-19 05:23:57 Times Seen541 Hash f6d96c36018433b4c22c84fa072983df 3db792e82c157ffc093a3cea08e873343beb6452 df875197ee9dd42c13d717a36886997f9daa05e02641daa025c9039bb37b6126 Loading...

	pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js	37 kB	2023-05-24	2023-05-24
Pretty URL pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-24 06:56:21 Last Seen2023-05-24 06:56:21 Times Seen2 Hash ddd6f4ad0d9679db509cc3e44c2b430c 6a9e51dd2cf5227c850a6f8d6ead7b6a56cb7561 55a4c6991087c898fefdb29dc560b36032373817484421abf643fd478e88dfc9 Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	781 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen580 Hash fc579ba1ff4c0c2e22ba979c418178d1 87d25254a57e673bc1a10500c9a7f887d8dfa6a9 455914aff0c5916e2978af037cddc01aca97fe3c14c6cd1b8f2c6dfc557931bc Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	125 B	2023-05-12	2023-05-28
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-12 04:04:52 Last Seen2023-05-28 18:34:04 Times Seen32 Hash 69f459f4a109591677c3a6f6a2bddaed 28bd2335b141b1a261aacfc369bf73512d9b58ce b8ba0b9fcbb384c36eaa76e8afa547a2b5f91516ba0e2b3b275de0570f7d1a91 Loading...

	www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js	418 kB	2023-05-18	2023-06-28
Pretty URL www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-18 01:27:56 Last Seen2023-06-28 00:20:35 Times Seen22262 Hash 213e1a6e418f3df36f2ec077314ef525 7a553e545a48271f3afec47b3ed5f3518cfdd7b4 ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	475 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen593 Hash 7d5b8ae86ab79df757399336af6dc4e6 d80237486fe292a185a576578308234114e302ce bf66c6e0c4ea53d83f6c17058e513aee1ff1c1fd319fe8fca1970ccc2151fed7 Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	139 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:56 Last Seen2024-04-19 05:23:57 Times Seen591 Hash 096fbc4b579acc65367920b87875c1f0 53a8d0be557838d6912339a6f684ac434f9cedc0 4a590c7532c8fdd5e2f6fe223990b525091f9412faf8b2971bfdc1e69be03cd2 Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	145 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen399 Hash 25e8fa0a01ccad8580ab6d3e32224215 1417328ad6c6ec271babbd02e416084732e5fe16 a3c5c8f919fba5ed782546322677dfaf74cad0e631d95787d6e003d127481dfc Loading...

	friendshipmale.com/sfp.js	86 kB	2023-04-05	2023-08-25
Pretty URL friendshipmale.com/sfp.js IP 172.64.141.24 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:35:42 Last Seen2023-08-25 11:30:02 Times Seen8520 Hash 8bf542db65f0ff20d510889d62e5e092 1b1b7cc04275b7641e2f07b0f4bf99b5387303bf 77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711 Loading...

	static.depositfiles.com/js/gold_offer.js	9.9 kB	2023-03-07	2024-04-19
Pretty URL static.depositfiles.com/js/gold_offer.js IP 91.226.124.81 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen730 Hash 041bdbbe3ac15bc57b14933e164b55f8 790f921426d0b602424fb3077ca900af94b5ad9e a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	196 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen399 Hash 738f0ebda06d4e3be48f4576e83f5bdc e759a55fed96d6755fcfe6ca0e5462661623584c 89f8e0678a1c23c88167b818660ff3ee3177babd1941f25827c17884f0187f52 Loading...

	js.wpadmngr.com/static/adManager.js	1.2 kB	2023-03-08	2023-09-14
Pretty URL js.wpadmngr.com/static/adManager.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:37:08 Last Seen2023-09-14 04:40:07 Times Seen1254 Hash 51b1a71b0add99b35a138609b191ca0a 49f6306d517f897883dcadb89fb725a3cd5f017d 902269f1228994ac73ce1a3ed21d948beb250b5c3d945b459ac6a48a097968fe Loading...

	js.wpadmngr.com/static/adManager.m.js	158 kB	2023-05-17	2023-05-29
Pretty URL js.wpadmngr.com/static/adManager.m.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-17 12:38:28 Last Seen2023-05-29 08:19:12 Times Seen1499 Hash dab0e6f83f75fb629b93faf638b0768c b1d129ba6836895c5025831ee1a2f13fd7694c11 032e1167d424f8908b3a76a84fe3151136ab45852d52ab951f81f5e89547c19b Loading...

	static.depositfiles.com/js/base2.js	399 kB	2023-03-07	2024-04-19
Pretty URL static.depositfiles.com/js/base2.js IP 91.226.124.81 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:54 Last Seen2024-04-19 05:23:57 Times Seen1089 Hash 2fcae8126c3fd9a626370a701f0bd887 f3496fb7bbe122a9774d7dcfcd68da03a24dc285 d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc Loading...

	www.google.com/recaptcha/api.js	850 B	2023-05-19	2023-05-26
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-19 05:24:48 Last Seen2023-05-26 00:37:24 Times Seen2423 Hash b7b728964630ecd7e800d650f14695c5 473f7633fea7e2f828c3df9ab19356286f10a692 f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217 Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	141 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen404 Hash bba9a3136929bdf22ef7c58444cd035d d8ab7384a7eae0f0cb07f544c4da92fd28a88606 76b819fa6287efa9f226f132c5779e0399810c17f08ce9fa15ddf7e8be521deb Loading...

	static.depositfiles.com/js/download_utils.js	13 kB	2023-03-07	2024-04-19
Pretty URL static.depositfiles.com/js/download_utils.js IP 91.226.124.81 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen747 Hash 90a706006bc709cdc974ff3e0e01b34f 89585d2c7cac44c9c03c118bbb38aefba1d8a1e4 16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea Loading...

	illuminatedusing.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js	86 kB	2023-05-24	2023-05-24
Pretty URL illuminatedusing.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js IP 173.233.137.44 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-24 06:56:21 Last Seen2023-05-24 06:56:21 Times Seen2 Hash 657daa112dc743df7794b021b3b57105 74fe2bb7a0a7d89a6c45a7183c5cab7ba1d16684 686e26adaebcdda55871e9edc61fee90bc36b8654111ff139f79a4787d91ecde Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	614 B	2023-05-24	2023-11-29
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-24 06:56:21 Last Seen2023-11-29 05:22:16 Times Seen2 Hash 56f73738128c2eb1e1f62fa1cf351562 b80651b9f3f123b524e98a56fcb97fbabe1ea92a 9ec2e6db11cbabaab0cb334aff355ed5263774f963937bfa253ca2b6a5e4c1ae Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	124 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen404 Hash ea56b045449a9a9b583e07a300254601 10f3457ead5193b389e2c5388688f1cfaedece73 292d2666bd7d7b11b87d541c20534f8d3c4ce40ec3bccc57c96d652ec30dcaf9 Loading...

	dfiles.eu/files/98urlqtpu/Total-WA.exe	26 B	2023-03-07	2024-04-19
Pretty URL dfiles.eu/files/98urlqtpu/Total-WA.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen593 Hash ed91f0c19cbcd50a62fe290680800145 b42572f05f14b93093f64b146245b32b3d0cbf9e c67d0cfcd4c4e9eb4c73c9ac4c4545d5628603946d522a5fca6f3106749df1e0 Loading...

	unknown	133 B	2023-05-12	2024-04-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-12 09:11:43 Last Seen2024-04-16 22:06:44 Times Seen81 Hash 377d3b2e03fc6f8306740f08a9727c40 a793b245d9de493b5312872d6675482f2c8c64d7 799899af28a256c42da96652251db4b655b4f6c0db0d5752bfe7d1c605a20817 Loading...

		Size	First Seen	Last Seen
	#1 Eval - b326b5062b2f0e69046810717534cb09	4 B	2023-03-07	2024-04-23
Pretty Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-23 16:24:01 Times Seen23283 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	#2 Eval - 11ebbd19ded6d8f70bc6a77d06438582	99 B	2023-05-24	2023-11-29
Pretty Observations First Seen2023-05-24 06:56:21 Last Seen2023-11-29 05:22:16 Times Seen2 Hash 11ebbd19ded6d8f70bc6a77d06438582 f222d157cc7b80a9221641d1ef3cd4d34914cf6c 83c8daab2e990ce394296a2dfb4f3f1d10073128b6ddf0b069f0114b61b97e08 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5281b3eddad38de276cff46776f66376	80 B	2023-05-24	2023-11-29
Pretty Observations First Seen2023-05-24 06:56:21 Last Seen2023-11-29 05:22:16 Times Seen2 Hash 5281b3eddad38de276cff46776f66376 55ad6b696d4fcf488b7058e4005693bed7569d32 bdd1110ce11cff1432b274a5db1529a0129b7d93bf599d3845fb67312d84de6e Loading...

	#2 Write - 3bc42f03b3f1761ea9f95a335ab2bbba	77 B	2023-03-07	2024-04-19
Pretty Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-19 05:23:57 Times Seen580 Hash 3bc42f03b3f1761ea9f95a335ab2bbba 4ab15b6c153a542425f02baadcc1ed4867078b8d 1f8c7edef8c37d8821755ee623f481f29d6584195b327d15ac5abe6d243d8ec0 Loading...

	#3 Write - 3e931d5c0ce8a94e81104c08d67872ba	164 B	2023-03-13	2024-04-19
Pretty Observations First Seen2023-03-13 12:53:25 Last Seen2024-04-19 05:23:57 Times Seen548 Hash 3e931d5c0ce8a94e81104c08d67872ba f13674fd6a6089aee16a19b1807f2f0fd2d9a0e2 18dea144f4b37879ae8916760ee75a30bb0e4d06fc7fa341029a70593a89d669 Loading...

	#4 Write - f846a6f7f9f77ee64de243dd2e11c9ae	164 B	2023-05-06	2024-04-19
Pretty Observations First Seen2023-05-06 12:18:48 Last Seen2024-04-19 05:23:57 Times Seen473 Hash f846a6f7f9f77ee64de243dd2e11c9ae 81b65f57f43372a490c1a82b0a40c3d18b40b0bf 63f0d3c423380243710222e2b275efa59ab2ed4eec8aab35781707f6459c407d Loading...

	#5 Write - 2252dce4ea7721d2af589d45c5149b49	2.9 kB	2023-05-23	2023-05-24
Pretty Observations First Seen2023-05-23 12:35:46 Last Seen2023-05-24 11:33:24 Times Seen5 Hash 2252dce4ea7721d2af589d45c5149b49 a2c580408f586fc897065f4f9b5b021437efaf9b 13668237fb6c97541153dfc852a8fe8cd0e4fba81a7c554306ba6cea14af9ca9 Loading...

	#6 Write - da79c1546822032f36e1136b4d4b2039	2.4 kB	2023-05-24	2023-05-24
Pretty Observations First Seen2023-05-24 06:56:21 Last Seen2023-05-24 06:56:21 Times Seen1 Hash da79c1546822032f36e1136b4d4b2039 e979c8292ee454a53ffffb3eb53e0998d4a689db 895f45dd54bfc130a7913403c45a5b283cc1b095dbbb5d790866654f596b3127 Loading...

HTTP Transactions (102)

URL IP Response Size

depositfiles.com/files/98urlqtpu/Total-WA.exe

91.226.124.76

302 Found

0 B

URL User Request GET HTTP/1.1
depositfiles.com/files/98urlqtpu/Total-WA.exe
IP
91.226.124.76:443
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /files/98urlqtpu/Total-WA.exe HTTP/1.1
Host: depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 24 May 2023 04:55:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Location: //dfiles.eu/files/98urlqtpu/Total-WA.exe

dfiles.eu/files/98urlqtpu/Total-WA.exe

91.226.124.80

200 OK

6.4 kB

URL User Request GET HTTP/1.1
dfiles.eu/files/98urlqtpu/Total-WA.exe
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (662), with CRLF, CR, LF line terminators
Size
6.4 kB (6382 bytes)
Hash
24e133fc64ae8bd354a14d028987ac14
b09a3b0223dedd4594d067e9e66e2b4a8a733101
c7643eef0f9102544e92505a5607fcd2b269bf4a3d821bf4edb1c36ea2c9b108

HTTP Headers

GET /files/98urlqtpu/Total-WA.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; path=/; domain=.dfiles.eu
last_file=98urlqtpu; path=/; domain=.dfiles.eu
lang_current=en; expires=Thu, 23-May-2024 04:55:52 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c74db17f871249d3df054a36ab699f09
2b363e108eb091a4d1c2b762672dd4cebd6c53a9
2a58ed6b6af2bb75f4ce077b241be5668d699c3b2f8ba328db7bf741da02d49e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b177a0b4c4732543dc622b5d30d3f29e
4291249786016059808cb395192d04186b9fe26e
e2bd71d5a4e41775ed06882a32cf1cf344d72e6a04d5b4925050bd73dcc60cba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js

142.250.74.132

200 OK

557 B

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint85:AD:43:66:C0:73:07:1B:B5:5D:4A:83:4B:76:3F:DA:4B:2B:E1:F8
ValidityMon, 24 Apr 2023 12:01:16 GMT - Mon, 17 Jul 2023 12:01:15 GMT

File type
ASCII text, with very long lines (850), with no line terminators
Size
557 B (557 bytes)
Hash
b7b728964630ecd7e800d650f14695c5
473f7633fea7e2f828c3df9ab19356286f10a692
f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Wed, 24 May 2023 04:55:53 GMT
date: Wed, 24 May 2023 04:55:53 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.depositfiles.com/js/gold_offer.js

91.226.124.81

200 OK

9.9 kB

URL GET HTTP/1.1
static.depositfiles.com/js/gold_offer.js
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
HTML document text\012- HTML document, ASCII text
Size
9.9 kB (9887 bytes)
Hash
041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b

HTTP Headers

GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 9887
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-269f"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/js/download_utils.js

91.226.124.81

200 OK

13 kB

URL GET HTTP/1.1
static.depositfiles.com/js/download_utils.js
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
ASCII text, with very long lines (2250)
Size
13 kB (13383 bytes)
Hash
90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea

HTTP Headers

GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 13383
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-3447"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-BL9163LYG1

142.250.74.168

200 OK

86 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint55:51:32:58:36:72:A1:C8:50:5E:5A:8D:CE:A5:2F:DC:D7:1E:62:03
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT

File type
ASCII text, with very long lines (5048)
Size
86 kB (85693 bytes)
Hash
0ad5c83f2a9dbd9df298e257bc26e655
bb0c65e4cd346b658700a20e05cbd83bada7e136
043a05b922fa8e94f942f41201abdd141ebd5c0c3f8a52825c80c569f7210756

HTTP Headers

GET /gtag/js?id=G-BL9163LYG1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 24 May 2023 04:55:53 GMT
expires: Wed, 24 May 2023 04:55:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.depositfiles.com/js/jquery.validate.js

91.226.124.81

200 OK

38 kB

URL GET HTTP/1.1
static.depositfiles.com/js/jquery.validate.js
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (1238)
Size
38 kB (38269 bytes)
Hash
d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7

HTTP Headers

GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-957d"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/js/function.js

91.226.124.81

200 OK

35 kB

URL GET HTTP/1.1
static.depositfiles.com/js/function.js
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
ASCII text, with very long lines (4240)
Size
35 kB (34915 bytes)
Hash
a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84

HTTP Headers

GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-8863"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/css/main.css

91.226.124.81

200 OK

47 kB

URL GET HTTP/1.1
static.depositfiles.com/css/main.css
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
ASCII text, with very long lines (332)
Size
47 kB (46819 bytes)
Hash
af57443dfa4bc2d3299321923ae1c57f
d922badb0ed1d665302cf93268e9960d0a04c065
50d446eade67c33dc4dba74f2f2b7480b5021de5a98bfedc1f10ce5c35d966f3

HTTP Headers

GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: text/css
Last-Modified: Tue, 26 Apr 2022 10:45:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6267cd55-2f719"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Content-Encoding: gzip

static.depositfiles.com/js/base2.js

91.226.124.81

200 OK

399 kB

URL GET HTTP/1.1
static.depositfiles.com/js/base2.js
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (65481)
Size
399 kB (398927 bytes)
Hash
2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc

HTTP Headers

GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Tue, 26 Apr 2022 10:45:43 GMT
Connection: keep-alive
ETag: "6267cd57-6164f"
Expires: Wed, 24 May 2023 05:00:53 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c74db17f871249d3df054a36ab699f09
2b363e108eb091a4d1c2b762672dd4cebd6c53a9
2a58ed6b6af2bb75f4ce077b241be5668d699c3b2f8ba328db7bf741da02d49e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
430d419c6ea6e18afe2b0a88c95427e2
06d04d98d858c0e59d9ade936cbe30b163ace637
d22ecf4f72f3e51345778a5e96d6febf31b2f0ec206ff4e50f4a995418c78540

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js

173.233.137.52

200 OK

13 kB

URL GET HTTP/1.1
pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT

File type
ASCII text, with very long lines (37164), with no line terminators
Size
13 kB (13438 bytes)
Hash
ddd6f4ad0d9679db509cc3e44c2b430c
6a9e51dd2cf5227c850a6f8d6ead7b6a56cb7561
55a4c6991087c898fefdb29dc560b36032373817484421abf643fd478e88dfc9

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cdd801ca67e962745300e1902be1426c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

static.depositfiles.com/images/speed_small.gif

91.226.124.81

200 OK

24 kB

URL GET HTTP/1.1
static.depositfiles.com/images/speed_small.gif
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 200 x 200\012- data
Size
24 kB (23980 bytes)
Hash
5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991

HTTP Headers

GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/gif
Content-Length: 23980
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-5dac"
Expires: Mon, 29 May 2023 04:55:53 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/speed_small_gold.gif

91.226.124.81

200 OK

14 kB

URL GET HTTP/1.1
static.depositfiles.com/images/speed_small_gold.gif
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 200 x 200\012- data
Size
14 kB (14492 bytes)
Hash
c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9

HTTP Headers

GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/gif
Content-Length: 14492
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-389c"
Expires: Mon, 29 May 2023 04:55:53 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/yes.png

91.226.124.81

200 OK

3.3 kB

URL GET HTTP/1.1
static.depositfiles.com/images/yes.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3275 bytes)
Hash
3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac

HTTP Headers

GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 3275
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-ccb"
Accept-Ranges: bytes

static.depositfiles.com/images/no.png

91.226.124.81

200 OK

3.1 kB

URL GET HTTP/1.1
static.depositfiles.com/images/no.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
3.1 kB (3146 bytes)
Hash
1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79

HTTP Headers

GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 3146
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-c4a"
Accept-Ranges: bytes

static.depositfiles.com/images/logo.png

91.226.124.81

200 OK

3.6 kB

URL GET HTTP/1.1
static.depositfiles.com/images/logo.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Size
3.6 kB (3623 bytes)
Hash
c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-e27"
Accept-Ranges: bytes

static.depositfiles.com/images/member_menu_bg.gif

91.226.124.81

200 OK

78 B

URL GET HTTP/1.1
static.depositfiles.com/images/member_menu_bg.gif
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 1 x 48\012- data
Size
78 B (78 bytes)
Hash
20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df

HTTP Headers

GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-4e"
Expires: Mon, 29 May 2023 04:55:53 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

js.wpadmngr.com/static/adManager.js

45.133.44.53

200 OK

9.8 kB

URL GET HTTP/2
js.wpadmngr.com/static/adManager.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT

File type
gzip compressed data, from Unix\012- data
Size
9.8 kB (9785 bytes)
Hash
2fe5f3c0aa8662d227137b95805cbb8d
326b83bc343184551bac9dca8bdf2aef7e95c269
e93a6ba1f4aa9929ced2e34853e248eb509eb2637e978f2c7ee2eeac2f15366b

HTTP Headers

GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:53 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Wed, 24 May 2023 05:00:53 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

static.depositfiles.com/images/upload_btn_bg.gif

91.226.124.81

200 OK

9.0 kB

URL GET HTTP/1.1
static.depositfiles.com/images/upload_btn_bg.gif
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 209 x 75\012- data
Size
9.0 kB (9010 bytes)
Hash
6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b

HTTP Headers

GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/gif
Content-Length: 9010
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-2332"
Expires: Mon, 29 May 2023 04:55:53 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/sprite.png

91.226.124.81

200 OK

37 kB

URL GET HTTP/1.1
static.depositfiles.com/images/sprite.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Size
37 kB (36802 bytes)
Hash
2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0

HTTP Headers

GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-8fc2"
Accept-Ranges: bytes

static.depositfiles.com/images/sprite64.png

91.226.124.81

200 OK

29 kB

URL GET HTTP/1.1
static.depositfiles.com/images/sprite64.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Size
29 kB (28747 bytes)
Hash
e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d

HTTP Headers

GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 28747
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-704b"
Accept-Ranges: bytes

static.depositfiles.com/images/sprite16.png

91.226.124.81

200 OK

28 kB

URL GET HTTP/1.1
static.depositfiles.com/images/sprite16.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28501 bytes)
Hash
2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1

HTTP Headers

GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-6f55"
Accept-Ranges: bytes

ocsp.r2m01.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
86c316e2d89a407be1c179a66e808d0c
f3bb320bf5441b6a4759e1d7e0675650dd9b90ec
ba0f3accd8e1400e1a7ca7d562238541719decb97c3bffc257811a162ff0d210

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Wed, 24 May 2023 04:55:53 GMT
Last-Modified: Wed, 24 May 2023 04:05:38 GMT
Server: ECAcc (bsa/EB26)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DyWotMY06Lv20fnG3qvkoSEDMob6QF4aZPrrxFiYpjmcu2aAZeWbJQ==
Age: 3015

simplewebanalysis.com/stats

52.58.93.188

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
52.58.93.188:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
630576afab8fedc4c2e5c5aa7e26b437
21f3b5a7382d3f7a029ad655f3cb8cb1a4b8bc7e
2d9db0dac01aea40b4bea481f146e65721e11377e16877aa98ece27d22089fc0

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=2c59d3ef-8c85-4182-ba05-c8a1082a7615:2:1; expires=Sat, 21 May 2033 04:55:54 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

loader.unblockia.com/c/dfiles.eu/config.json

54.230.111.2

200 OK

47 kB

URL GET HTTP/2
loader.unblockia.com/c/dfiles.eu/config.json
IP
54.230.111.2:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (46747), with no line terminators
Size
47 kB (46747 bytes)
Hash
f365c1e4619a90bbadadacf55598fe90
1623c939b72aecd3831e1da35e4c0a5229383e91
23e2e4d868bb2652b97e9e13d36df1dfeeba338d4e9c4d1d737fba6b2b2b2d52

HTTP Headers

GET /c/dfiles.eu/config.json HTTP/1.1
Host: loader.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 46747
last-modified: Fri, 12 May 2023 12:21:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 9pI8Ts97IpPXbRP2Kcl6CF4_Ph.rjMBr
accept-ranges: bytes
server: AmazonS3
date: Wed, 24 May 2023 04:35:46 GMT
etag: "f365c1e4619a90bbadadacf55598fe90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I0pT2zPvNmvvz2iY2Xv6dHuICpjXW12GySLB1iVbf4EIPlhuZx3cuA==
age: 2448
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2

adsbb.dfiles.eu//ad.php?z=56&c=NO

91.226.124.76

303 See Other

0 B

URL GET HTTP/1.1
adsbb.dfiles.eu//ad.php?z=56&c=NO
IP
91.226.124.76:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Thu, 25-May-2023 04:55:53 GMT; Max-Age=86400
Location: /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway

91.226.124.76

303 See Other

0 B

URL GET HTTP/1.1
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP
91.226.124.76:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Thu, 25-May-2023 04:55:53 GMT; Max-Age=86400
Location: /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

na.nawpush.com/tags/46445?version_name=c

45.133.44.25

200 OK

578 B

URL GET HTTP/2
na.nawpush.com/tags/46445?version_name=c
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectna.nawpush.com
Fingerprint06:8A:2E:29:09:91:41:F0:6E:1C:15:DE:41:23:FB:9C:E4:5B:47:B0
ValidityMon, 03 Apr 2023 01:01:43 GMT - Sun, 02 Jul 2023 01:01:42 GMT

File type
JSON data\012- , ASCII text, with very long lines (578), with no line terminators
Size
578 B (578 bytes)
Hash
48cf99226e98595889e80d389697c90c
6c6f7b9047532c20c72d68b246dafe3db8ca16b5
e81d3360bc9596b20a9ea1289549039c2b4d0350a4cd9122c1578605b56f7055

HTTP Headers

GET /tags/46445?version_name=c HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: application/json
content-length: 578
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.wpshsdk.com/npc/sdk/wp-banners.js

45.133.44.53

200 OK

0 B

URL GET HTTP/2
js.wpshsdk.com/npc/sdk/wp-banners.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Wed, 24 May 2023 05:00:54 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

91.226.124.76

200 OK

678 B

URL GET HTTP/1.1
adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
91.226.124.76:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
678 B (678 bytes)
Hash
4087c9bd646dde8dc6df88bc4f20a814
19287743dcb1c746c3456a3810b46d43c1fcfb85
02eee499ca3b1b315d5524f99983da7901c01f9a4f2236bfd1fec897935fb563

HTTP Headers

GET /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 24 May 2023 04:55:01 GMT
Content-Encoding: gzip

adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

91.226.124.76

200 OK

677 B

URL GET HTTP/1.1
adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
91.226.124.76:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
677 B (677 bytes)
Hash
df757cbb5e9114cf42662499cf10b64f
6f6ae6251e75cef168bb19c8a98b565c5c322670
9a039e52d3e6a213d1a14b7d58d5afc881f1b352c35155247ffc94a5973b8c41

HTTP Headers

GET /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 24 May 2023 04:55:01 GMT
Content-Encoding: gzip

ip2geo.pubfuture-ad.com/detail

104.26.0.97

200 OK

33 B

URL GET HTTP/2
ip2geo.pubfuture-ad.com/detail
IP
104.26.0.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
007af5ffed017e37943df31888ef8666
2877ed4c460ba9164b3625e32502a9d83a2a1d4a
bfb9d45766b6f87ee2c5f55862cdffe168aa7df0ff6ed0917b0fbcb035fdcdd2

HTTP Headers

GET /detail HTTP/1.1
Host: ip2geo.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: application/json; charset=utf-8
content-length: 33
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"21-KHftTEYLqRZLNiXjJQKp2DoqHUo"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=To6FWoh74lRSS3nOY5CjKm%2BZ0dY46o22wUsiIWCIL9MRZImNHv2xLWwmP77RR0BX0YNn2cUlTovnRVzfQAZ462GPc6Uj%2BQwo7XjP23JceXDd5GEJt1%2Bc%2BA3J59JbfOMLjgJq7wVgMSjr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc2f2f26a21b52d-OSL
X-Firefox-Spdy: h2

illuminatedusing.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js

173.233.137.44

200 OK

29 kB

URL GET HTTP/1.1
illuminatedusing.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28771 bytes)
Hash
657daa112dc743df7794b021b3b57105
74fe2bb7a0a7d89a6c45a7183c5cab7ba1d16684
686e26adaebcdda55871e9edc61fee90bc36b8654111ff139f79a4787d91ecde

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b3f62f9cc82bfb10a88bb422b5c80ae2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

simplewebanalysis.com/stats

52.58.93.188

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
52.58.93.188:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
630576afab8fedc4c2e5c5aa7e26b437
21f3b5a7382d3f7a029ad655f3cb8cb1a4b8bc7e
2d9db0dac01aea40b4bea481f146e65721e11377e16877aa98ece27d22089fc0

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=2c59d3ef-8c85-4182-ba05-c8a1082a7615:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js

91.226.124.76

85 kB

URL
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
91.226.124.76:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
Unicode text, UTF-8 text, with very long lines (65168)
Size
85 kB (85260 bytes)
Hash
b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

HTTP Headers

GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js

91.226.124.76

85 kB

URL
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
91.226.124.76:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
Unicode text, UTF-8 text, with very long lines (65168)
Size
85 kB (85260 bytes)
Hash
b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

HTTP Headers

GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

static.depositfiles.com/images/favicon.ico

91.226.124.81

200 OK

318 B

URL GET HTTP/1.1
static.depositfiles.com/images/favicon.ico
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Size
318 B (318 bytes)
Hash
0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-13e"
Accept-Ranges: bytes

adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646d98a5754056438005837364893

91.226.124.76

43 B

URL
adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646d98a5754056438005837364893
IP
91.226.124.76:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /view.gif?c=2973&z=58&b=2775&u=646d98a5754056438005837364893 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0e2a51fc0a704370c246690b8e25c332
28b056e0210c4e5139982c887bbd5b416a7c888e
639b72f46177c45cf6faed4c59c70f988ba038216aceeb1a9734de3364da854d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adsbb.dfiles.eu/view.gif?c=2963&z=56&b=2760&u=646d98a5723999607590445167333

91.226.124.76

43 B

URL
adsbb.dfiles.eu/view.gif?c=2963&z=56&b=2760&u=646d98a5723999607590445167333
IP
91.226.124.76:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /view.gif?c=2963&z=56&b=2760&u=646d98a5723999607590445167333 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=e16d21b89a1033ad8255b99d29b37071; last_file=98urlqtpu; lang_current=en; _ga_BL9163LYG1=GS1.1.1684904153.1.0.1684904153.0.0.0; _ga=GA1.1.202886558.1684904153; _nf56=1; _nf58=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js

142.250.74.35

200 OK

167 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (554)
Size
167 kB (166637 bytes)
Hash
213e1a6e418f3df36f2ec077314ef525
7a553e545a48271f3afec47b3ed5f3518cfdd7b4
ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d

HTTP Headers

GET /recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166637
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 19:21:59 GMT
expires: Wed, 22 May 2024 19:21:59 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 May 2023 04:00:52 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 34435
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

illuminatedusing.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6

173.233.137.52

200 OK

3.0 kB

URL GET HTTP/1.1
illuminatedusing.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type
JSON data\012- , ASCII text, with very long lines (5439), with no line terminators
Size
3.0 kB (2994 bytes)
Hash
7215f43b7d95fea66ed597221b0458d3
f45525418810b9845679d98bb05d8f933ee81e9a
af7f245b6d63f94c94aa62da2350f0e2c5200c58301c3576cdadae8e9ed0231c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:54 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
uncs=1; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 25 May 2023 04:55:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 08177ee95efdca0264cc25f65e15e4e1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0e2a51fc0a704370c246690b8e25c332
28b056e0210c4e5139982c887bbd5b416a7c888e
639b72f46177c45cf6faed4c59c70f988ba038216aceeb1a9734de3364da854d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dolphinabberantleaflet.com/pixel/purst?dl=0&th=0&sc=0&rs=2580&rd=2580&fd=726&bv=22.10.v.10&tmpl=136

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
dolphinabberantleaflet.com/pixel/purst?dl=0&th=0&sc=0&rs=2580&rd=2580&fd=726&bv=22.10.v.10&tmpl=136
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdolphinabberantleaflet.com
Fingerprint96:DD:F7:B8:BA:04:7B:75:A4:F6:43:5C:B9:8E:6A:DE:79:0D:1E:BE
ValiditySat, 29 Apr 2023 06:15:54 GMT - Fri, 28 Jul 2023 06:15:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2580&rd=2580&fd=726&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: dolphinabberantleaflet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

simplewebanalysis.com/stats

52.58.93.188

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
52.58.93.188:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
630576afab8fedc4c2e5c5aa7e26b437
21f3b5a7382d3f7a029ad655f3cb8cb1a4b8bc7e
2d9db0dac01aea40b4bea481f146e65721e11377e16877aa98ece27d22089fc0

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=2c59d3ef-8c85-4182-ba05-c8a1082a7615:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true

54.230.111.117

200 OK

37 kB

URL GET HTTP/2
cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
IP
54.230.111.117:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Size
37 kB (36773 bytes)
Hash
58fbb6ffe72ac0c1aa468de39ee18e13
d25230f1ef89aecc6048b0ceb09dd0af609ee7b6
e8ff7f3a8926e5b5497d2ab7a1bf47c5655e287a51045f11846f426ac6c7d180

HTTP Headers

GET /autopromos/unicef2.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 36773
last-modified: Tue, 12 Apr 2022 08:41:28 GMT
x-amz-version-id: xUurxjfnscsyJn430NFsrgfbabIFowSl
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 May 2023 17:02:15 GMT
etag: "58fbb6ffe72ac0c1aa468de39ee18e13"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j615ixBjnuGEailqrloTgQfp43_I8ibsG7tkUNnN8ZkQpJg4pXMAuw==
age: 42899
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true

54.230.111.117

200 OK

54 kB

URL GET HTTP/2
cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
IP
54.230.111.117:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 160x600, components 3\012- data
Size
54 kB (54292 bytes)
Hash
5dcf47442fc7fbb8d0263bbf4869537e
2c8232ac93448bbc06b5464f1839a5cdb2ed3e07
81804a1b2b20350ec009ba6429a4f58124c16ca30683af0af255544cd98c8fa6

HTTP Headers

GET /autopromos/unicef3.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 54292
last-modified: Tue, 12 Apr 2022 08:41:27 GMT
x-amz-version-id: iA22.ytP0i4dmuIhnc0eyNVgJlt2K4fl
accept-ranges: bytes
server: AmazonS3
date: Wed, 24 May 2023 04:35:47 GMT
etag: "5dcf47442fc7fbb8d0263bbf4869537e"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1NCek7BSOW49geXhLiM6aAGJFjzvquKS-OMnVvg8iOKAcF902Hqr0g==
age: 5048
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

illuminatedusing.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BeXe5CNayQYN%2BuuojeprqqelKnuaqq6pifBQ3BB9jjePHa%2Bk2xQw7L%2BAYp0vC0IGU8RzEHYP0CUPctMgqMPmve%2B7%2FsOn%2Fe6vtxzZySAo6er7%2BsdqRRdarcC%2F7VPwvC6vy5zN%2FJHvc6nnfi6b4ZvhkG%2FFbzuvyvYll6KgjAIwiD0V6URqR4thWHYCiCLo37Y6getOGqF7Rgj839tnQdLPfDhGXkBkk%2BfPXoYQ7IGefboprBbpS7eeCdzipbaYMgPP8q3cl3lyBZlajyk%2BeHFNLQ9Wf0ROj%2BYA0MP%2Fx1M5JR4T%2F5Akh9eUCIZHpyDJgoiR8KfQzVsIFQDSRswfQ%2BSnxCAcdzaQJ49uKVNRbfPXTpzp%2BTy078gqym5%2FPuLyLOHK0qO%2FLtauVLq3GKU1pCjBnLQoHDHKHcuQVbHYOUXkPwXsvR0HXm2v2GVhuT1fHkpG8i0gRJjUOvBzT7pwaUeXOEh46d%2Bl8W9Hu%2B1ORWMRUka9tI4jfuUBSkLlvsRHJvhjVEWYzA1BjO7KMwutuQYxv0Eu1nDcg%2B2nBLvg10MeY1KEFSWoKIElSSoSoJqWB9wZSNbP%2BDKuiS8yNFFXq4nuhzs0QNdDkRO9oozcnV%2Bl787Glvi1I%2BimPKYhnESJ2Gbhd2ok6bdoC1YpxsJ2oGVNaS9NF91R55cK1DIk%2BdfRkKPYdUxmLwK6l4BrSbdKADdnMS9ADv5Iy4KbWWZSiVsi%2BkMXNcoyssot709dUZemnO8%2BsSHYI%2FJRYCZGoWp8Zn8mWCg7k%2Fu6Irs39GVJd9vFKXM5A6d%2Fbu7JS3FlW%2FfE9uVNnztph1%2Fc4PNjFl59KGw5TrNucwHlny3IjkXZlUbJsgPa%2FZjkdx2dnPFmdwV67ffXl3LCiOslTpvQOXJ5x0wOSVXbhzMX%2BW1P3uQpoFxNTK3IJW6ASt2YYtFz2oCoxY6KTxUrp6YKFk0lSRQYqFpUsP%2BRyeLes%2Fex8B4oOU95FmNoakxVDWoGsO6ZyZlYR6%2F9evyPJAob5Io4%2B0nyqivzk9r5akvuqLT78dB3OVBkMQ8isK2YHQ5pn0aRWkXpZ3y7Ovf%2FgEAAP%2F%2FAQAA%2F%2F%2FXjah1YgQAAA%3D%3D

173.233.137.44

200 OK

7 B

URL GET HTTP/1.1
illuminatedusing.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BeXe5CNayQYN%2BuuojeprqqelKnuaqq6pifBQ3BB9jjePHa%2Bk2xQw7L%2BAYp0vC0IGU8RzEHYP0CUPctMgqMPmve%2B7%2FsOn%2Fe6vtxzZySAo6er7%2BsdqRRdarcC%2F7VPwvC6vy5zN%2FJHvc6nnfi6b4ZvhkG%2FFbzuvyvYll6KgjAIwiD0V6URqR4thWHYCiCLo37Y6getOGqF7Rgj839tnQdLPfDhGXkBkk%2BfPXoYQ7IGefboprBbpS7eeCdzipbaYMgPP8q3cl3lyBZlajyk%2BeHFNLQ9Wf0ROj%2BYA0MP%2Fx1M5JR4T%2F5Akh9eUCIZHpyDJgoiR8KfQzVsIFQDSRswfQ%2BSnxCAcdzaQJ49uKVNRbfPXTpzp%2BTy078gqym5%2FPuLyLOHK0qO%2FLtauVLq3GKU1pCjBnLQoHDHKHcuQVbHYOUXkPwXsvR0HXm2v2GVhuT1fHkpG8i0gRJjUOvBzT7pwaUeXOEh46d%2Bl8W9Hu%2B1ORWMRUka9tI4jfuUBSkLlvsRHJvhjVEWYzA1BjO7KMwutuQYxv0Eu1nDcg%2B2nBLvg10MeY1KEFSWoKIElSSoSoJqWB9wZSNbP%2BDKuiS8yNFFXq4nuhzs0QNdDkRO9oozcnV%2Bl787Glvi1I%2BimPKYhnESJ2Gbhd2ok6bdoC1YpxsJ2oGVNaS9NF91R55cK1DIk%2BdfRkKPYdUxmLwK6l4BrSbdKADdnMS9ADv5Iy4KbWWZSiVsi%2BkMXNcoyssot709dUZemnO8%2BsSHYI%2FJRYCZGoWp8Zn8mWCg7k%2Fu6Irs39GVJd9vFKXM5A6d%2Fbu7JS3FlW%2FfE9uVNnztph1%2Fc4PNjFl59KGw5TrNucwHlny3IjkXZlUbJsgPa%2FZjkdx2dnPFmdwV67ffXl3LCiOslTpvQOXJ5x0wOSVXbhzMX%2BW1P3uQpoFxNTK3IJW6ASt2YYtFz2oCoxY6KTxUrp6YKFk0lSRQYqFpUsP%2BRyeLes%2Fex8B4oOU95FmNoakxVDWoGsO6ZyZlYR6%2F9evyPJAob5Io4%2B0nyqivzk9r5akvuqLT78dB3OVBkMQ8isK2YHQ5pn0aRWkXpZ3y7Ovf%2FgEAAP%2F%2FAQAA%2F%2F%2FXjah1YgQAAA%3D%3D
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BeXe5CNayQYN%2BuuojeprqqelKnuaqq6pifBQ3BB9jjePHa%2Bk2xQw7L%2BAYp0vC0IGU8RzEHYP0CUPctMgqMPmve%2B7%2FsOn%2Fe6vtxzZySAo6er7%2BsdqRRdarcC%2F7VPwvC6vy5zN%2FJHvc6nnfi6b4ZvhkG%2FFbzuvyvYll6KgjAIwiD0V6URqR4thWHYCiCLo37Y6getOGqF7Rgj839tnQdLPfDhGXkBkk%2BfPXoYQ7IGefboprBbpS7eeCdzipbaYMgPP8q3cl3lyBZlajyk%2BeHFNLQ9Wf0ROj%2BYA0MP%2Fx1M5JR4T%2F5Akh9eUCIZHpyDJgoiR8KfQzVsIFQDSRswfQ%2BSnxCAcdzaQJ49uKVNRbfPXTpzp%2BTy078gqym5%2FPuLyLOHK0qO%2FLtauVLq3GKU1pCjBnLQoHDHKHcuQVbHYOUXkPwXsvR0HXm2v2GVhuT1fHkpG8i0gRJjUOvBzT7pwaUeXOEh46d%2Bl8W9Hu%2B1ORWMRUka9tI4jfuUBSkLlvsRHJvhjVEWYzA1BjO7KMwutuQYxv0Eu1nDcg%2B2nBLvg10MeY1KEFSWoKIElSSoSoJqWB9wZSNbP%2BDKuiS8yNFFXq4nuhzs0QNdDkRO9oozcnV%2Bl787Glvi1I%2BimPKYhnESJ2Gbhd2ok6bdoC1YpxsJ2oGVNaS9NF91R55cK1DIk%2BdfRkKPYdUxmLwK6l4BrSbdKADdnMS9ADv5Iy4KbWWZSiVsi%2BkMXNcoyssot709dUZemnO8%2BsSHYI%2FJRYCZGoWp8Zn8mWCg7k%2Fu6Irs39GVJd9vFKXM5A6d%2Fbu7JS3FlW%2FfE9uVNnztph1%2Fc4PNjFl59KGw5TrNucwHlny3IjkXZlUbJsgPa%2FZjkdx2dnPFmdwV67ffXl3LCiOslTpvQOXJ5x0wOSVXbhzMX%2BW1P3uQpoFxNTK3IJW6ASt2YYtFz2oCoxY6KTxUrp6YKFk0lSRQYqFpUsP%2BRyeLes%2Fex8B4oOU95FmNoakxVDWoGsO6ZyZlYR6%2F9evyPJAob5Io4%2B0nyqivzk9r5akvuqLT78dB3OVBkMQ8isK2YHQ5pn0aRWkXpZ3y7Ovf%2FgEAAP%2F%2FAQAA%2F%2F%2FXjah1YgQAAA%3D%3D HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 496981ba94adacdef6dbc601f1cbc5d6
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.barscreative1.com/sb/notifications/software/us/norton/1/index.html

45.133.44.4

200 OK

804 B

URL GET HTTP/2
cdn.barscreative1.com/sb/notifications/software/us/norton/1/index.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint0B:AE:8A:C0:29:EA:B0:86:29:66:F6:7E:76:63:66:57:38:88:FC:E6
ValidityMon, 15 May 2023 04:01:53 GMT - Sun, 13 Aug 2023 04:01:52 GMT

File type
HTML document text\012- HTML document, ASCII text
Size
804 B (804 bytes)
Hash
3be2a223ed1b1c36a153f54be2c83f27
ec1a98749afdd4b466d1834239572161f4483f56
a3ae56824eb2005ad2daea5baa21fe6f0fa44891f59c34aed64b7232f59354c6

HTTP Headers

GET /sb/notifications/software/us/norton/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: text/html; charset=utf-8
content-length: 804
server: nginx/1.17.6
last-modified: Wed, 17 Feb 2021 11:42:48 GMT
etag: "602d0138-324"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Wed, 24 May 2023 05:55:55 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1

54.230.111.104

200 OK

0 B

URL POST HTTP/2
t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
IP
54.230.111.104:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /?sid=140&o=3&b=2&p=1&t=1 HTTP/1.1
Host: t.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
content-type: application/json
content-length: 0
server: nginx/1.20.0
date: Wed, 24 May 2023 04:55:55 GMT
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SDSZ-B_5M3yxzEgI0dOQ3wTcMIP58Iaku_i3d0ao8HNgxznKSNPgYA==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2

notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=c

94.130.197.136

204 No Content

0 B

URL GET HTTP/2
notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=c
IP
94.130.197.136:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tags?tag_id=46445&timezone_olson=UTC&version_name=c HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Wed, 24 May 2023 04:55:55 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=210

173.233.137.44

200 OK

0 B

URL GET HTTP/1.1
illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=210
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=210 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/bg.jpg

172.64.196.23

200 OK

58 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/bg.jpg
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=250, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=970], progressive, precision 8, 970x250, components 3\012- data
Size
58 kB (58368 bytes)
Hash
93db86920aaf5aa1cb2f1b727b06dfe8
bce81c9da296929263f7ec1e606616a97ab42b9d
d67bdc40107fb5f7db687092375adbce71dcf6faec40d1c5c9c50c3c9e6d5ca7

HTTP Headers

GET /sb/notifications/software/us/norton/1/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: image/jpeg
content-length: 58368
last-modified: Wed, 17 Feb 2021 11:45:02 GMT
etag: "602d01be-e400"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7397614
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mevwqWzhBLATaSc4XdekG2Scf1J3Nn9m9%2FbokBFgDs4Okf045hUtwS5OzIdGJDw7I%2FcuF8t%2FKQrBi2%2BG3yRs9W%2FnXO1Q%2B3ZJAoIaGGdSRp6JZhRRVqom9CNow2XAebstQck2%2B%2F8Tl9BK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd2dcc491f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/close.png

172.64.196.23

200 OK

1.8 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/close.png
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1778 bytes)
Hash
c1b8f53c3afa0fdd5be48e6bfdbbb6fa
eeb2cd8d17e3abe135865be77330b8519f6bceb2
8f5d7d0bf69b5fcb8a110dd7c79948e70c860440b6ecc803a20ababe193a1af0

HTTP Headers

GET /sb/notifications/software/us/norton/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: image/png
content-length: 1778
last-modified: Wed, 17 Feb 2021 11:45:01 GMT
etag: "602d01bd-6f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7402551
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMtMIxfm6yy8jSRXDVGd95WpoWcDTUUtwGq5Cajo8ZJrMUDLVAKZxidbQmMhSzdfqatng8lmh1TxVVxlbCeXDvt47w9lfEB9%2F8LbvUbdPoEChn85saljPzAuxFyF8R77649WRcwqgohf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd3dd8491f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=274

173.233.137.44

200 OK

0 B

URL GET HTTP/1.1
illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=274
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=274 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=270

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=270
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=270 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

ocsp.r2m02.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
df5448af909add73de2baea893efd38f
a2b82648ffe2205bf8eb8f0629408c451e0788b2
c5c7223d75ef78e8dced6c409b21242499fa418aa5bf9c89dc878bd9ad6b1138

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Wed, 24 May 2023 04:55:56 GMT
Last-Modified: Wed, 24 May 2023 03:29:08 GMT
Server: ECAcc (bsa/EA9D)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EZzmCDZ11QVGRIsZZIBTTO06BsClWLtfs8PodGn6t9KzNhk2lpxGEQ==
Age: 5208

ocsp.r2m02.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
df5448af909add73de2baea893efd38f
a2b82648ffe2205bf8eb8f0629408c451e0788b2
c5c7223d75ef78e8dced6c409b21242499fa418aa5bf9c89dc878bd9ad6b1138

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=7200'
Date: Wed, 24 May 2023 04:55:56 GMT
Last-Modified: Wed, 24 May 2023 03:47:21 GMT
Server: ECAcc (nya/7919)
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: K6hJtlkwx6GLpguBuyBL_sNM8HJl-SnEqDkKWkLp_t4ATGcfREhMqg==
Age: 4115

js.wpshsdk.com/npc/sdk/push.m.js?v=1

45.133.44.53

200 OK

27 kB

URL GET HTTP/2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT

File type
gzip compressed data, from Unix\012- data
Size
27 kB (27274 bytes)
Hash
dfec4288f4b68df6e5d35ab3bbf67440
6a5b6edfed360b8f04a39410158ba5dba7cb79e6
680a9f1144dea0ce20527d751d03146eaf95e055af7b9c8cd5e1717730e6c7b5

HTTP Headers

GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 05 Apr 2023 13:10:08 GMT
etag: W/"642d7330-1054e"
content-encoding: gzip
expires: Wed, 24 May 2023 05:00:55 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

illuminatedusing.com/pixel/sbs?c=1

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
illuminatedusing.com/pixel/sbs?c=1
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fe16743433.1c9ca7ac71.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0NDc0NjQxNDkyMTE1NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==

45.133.44.52

200 OK

0 B

URL GET HTTP/2
fe16743433.1c9ca7ac71.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0NDc0NjQxNDkyMTE1NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectfe16743433.1c9ca7ac71.com
FingerprintEC:CA:80:E9:10:8A:EB:57:D2:AE:2D:31:38:B9:2F:C1:F0:85:27:A8
ValiditySun, 21 May 2023 02:50:32 GMT - Sat, 19 Aug 2023 02:50:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0NDc0NjQxNDkyMTE1NTAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNDkuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjMsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS42OCwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ== HTTP/1.1
Host: fe16743433.1c9ca7ac71.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:56 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=46445

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=46445
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 24 May 2023 04:55:56 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

fp.metricswpsh.com/fp?tag_id=46445

157.90.84.242

200 OK

27 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=46445
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type
JSON data\012- , ASCII text
Size
27 B (27 bytes)
Hash
c4bea7951aaa542768f63f72d171ff83
7f57b3ce5d3a9bb0a15c32b34745b0214710e185
d4fbb24457a99cbf28127e8a416979ca0f2ab97c64a59b8d38760c40d4934756

HTTP Headers

POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23168
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=12580505317823954241; Expires=Thu, 23 May 2024 04:55:56 GMT; Secure; SameSite=None
Vary: Origin

illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=282

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
illuminatedusing.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=282
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=282 HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7b408a2a70de86b87cc1ed9b7a9eb121
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=2c59d3ef-8c85-4182-ba05-c8a1082a7615&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 466c9e0317b58c76e44de3b38f4c0447
Strict-Transport-Security: max-age=0; includeSubdomains

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c02ea2eb31eb1af30ad378cddf6f94b5
f6190e85f669f8282ec9c4a36cf7f552c82f4989
e218cdd31cbdc6f9019a3ba5dbcd1451c74d4c9704bb0187b0b2dcc7481a4daa

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 May 2023 04:55:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Lato&display=swap

142.250.74.106

200 OK

826 B

URL GET HTTP/3
fonts.googleapis.com/css?family=Lato&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
gzip compressed data, max compression\012- data
Size
826 B (826 bytes)
Hash
695c4dd832ba475513c6bb83e2343213
4a80f743ce20f23ecbc40158e4d29f1582fd9470
b9057496d9560a51aa9cc6c045430b12174874db8dce3bb6a1e4667fbceecc50

HTTP Headers

GET /css?family=Lato&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 May 2023 04:55:57 GMT
date: Wed, 24 May 2023 04:55:57 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

script.4dex.io/localstore.js

172.67.75.241

268 B

URL
script.4dex.io/localstore.js
IP
172.67.75.241:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (482)
Size
268 B (268 bytes)
Hash
922cffdd75f7192f75231d92684885aa
48ae21017844de388e0a32206a2691fa4c109669
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

HTTP Headers

GET /localstore.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 May 2023 04:55:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=1800
ETag: W/"922cffdd75f7192f75231d92684885aa"
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 1327198
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJhqHe13uC29nVWwRJadSFG6dqIuSQViimiJIZ8w7bn5HNxg9INeexPTTYnlsxBRiDHp2eabuwZWOKQvMiQE3Am71tsBkWkOjfguIVDO0R02I%2BHX%2BcqlH3NVIrtbNFsz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7cc2f309c84bb523-OSL
Content-Encoding: br

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 May 2023 04:04:41 GMT
expires: Fri, 17 May 2024 04:04:41 GMT
cache-control: public, max-age=31536000
age: 521476
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

prebid.a-mo.net/a/c

147.75.84.158

0 B

URL
prebid.a-mo.net/a/c
IP
147.75.84.158:0
ASN
#54825 PACKET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /a/c HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1349
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://dfiles.eu
cache-control: max-age=0, private, must-revalidate
date: Wed, 24 May 2023 04:55:57 GMT
server: envoy
vary: origin, Accept-Encoding
x-nbr: 1
x-envoy-upstream-service-time: 0
X-Firefox-Spdy: h2

ocsp.globalsign.com/gseccovsslca2018

151.101.130.133

939 B

URL
ocsp.globalsign.com/gseccovsslca2018
IP
151.101.130.133:0
ASN
#54113 FASTLY

File type
data
Size
939 B (939 bytes)
Hash
5d05d65b8f4b2949a6655cbccbeebed9
ce0cc0ded189139c53314a9cb025c33a356b79ee
419ed9e043732a65e3f45f2de96b5f74c33fe8c30f6bb1bbb2f42b92d202c605

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Sun, 28 May 2023 04:23:24 GMT
ETag: "ce0cc0ded189139c53314a9cb025c33a356b79ee"
Last-Modified: Wed, 24 May 2023 04:23:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 24 May 2023 04:55:57 GMT
Age: 409
X-Served-By: cache-qpg1239-QPG, cache-bma1674-BMA
X-Cache: MISS, HIT
X-Cache-Hits: 0, 12
X-Timer: S1684904158.886311,VS0,VE0

script.4dex.io/adagio.js

172.67.75.241

23 kB

URL
script.4dex.io/adagio.js
IP
172.67.75.241:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65354)
Size
23 kB (23176 bytes)
Hash
c56b6332dacf72f135afcd153ae22448
78efc5939cc29a3e9ca16fadfbd26e7057fd27fd
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

HTTP Headers

GET /adagio.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 May 2023 04:55:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Last-Modified: Wed, 23 Nov 2022 15:43:17 GMT
Vary: Origin, Accept-Encoding
Access-Control-Expose-Headers: 
CF-Cache-Status: HIT
Age: 86645
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F0YpfMYI5axofy0UjrQZ%2BIcXkfiw1Dyfe1p6yyH%2BuNtaItu7618em1bBu%2F825Aw%2FGaHZZ2VXZPCt4I2yqD3MZMIL0GFifl3kEZpOaf2lV51B3WDAIymY6uAbKuS6MpiG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7cc2f30acbe30b02-OSL
Content-Encoding: br

ex.ingage.tech/v1/openrtb

172.67.41.84

0 B

URL
ex.ingage.tech/v1/openrtb
IP
172.67.41.84:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /v1/openrtb HTTP/1.1
Host: ex.ingage.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 24 May 2023 04:55:57 GMT
content-length: 0
vary: Origin, Access-Control-Request-Headers
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers: content-type
access-control-max-age: 3600
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cc2f309ffcdb4f9-OSL
X-Firefox-Spdy: h2

bs.yandex.ru/metadsp/2360912?imp-id=1&target-ref=dfiles.eu&ssp-id=10500

77.88.21.90

0 B

URL
bs.yandex.ru/metadsp/2360912?imp-id=1&target-ref=dfiles.eu&ssp-id=10500
IP
77.88.21.90:0
ASN
#13238 YANDEX LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /metadsp/2360912?imp-id=1&target-ref=dfiles.eu&ssp-id=10500 HTTP/1.1
Host: bs.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 205
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
content-length: 0
timing-allow-origin: *
uniformat: true
date: Wed, 24 May 2023 04:55:58 GMT
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
pragma: no-cache
uniformat-product-type: None
x-xss-protection: 1; mode=block
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
expires: Wed, 24 May 2023 04:55:58 GMT
last-modified: Wed, 24 May 2023 04:55:58 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzk4dXJscXRwdS9Ub3RhbC1XQS5leGU=

104.26.0.97

200 OK

380 B

URL GET HTTP/2
cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzk4dXJscXRwdS9Ub3RhbC1XQS5leGU=
IP
104.26.0.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
JSON data\012- HTML document, ASCII text, with very long lines (466), with no line terminators
Size
380 B (380 bytes)
Hash
35782e397b3b5cfc7576ad94eba9b923
dc5fced987d30921f3c1a04e3ba888230e821446
b967349f7186f514e1d05fbcc7af4d685f688aea654a81e4763e6bb4c0057b5a

HTTP Headers

GET /v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzk4dXJscXRwdS9Ub3RhbC1XQS5leGU= HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: application/json; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"1d2-3F/O2YfTCSHzwaBOO6iIIw6CFEY"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzUV%2Bvk35jEn28BEygC4YNTL9EJBDIA6bXbw48O3Y7NBzcffvIVXgE0g9FO7AoqnbweT60qONptMtuRy7%2BJNZ2u4d7C5r5KRQw3gwGv2KVAOgHyNsmNLVXTUSXWRNIBu9%2FqjWGwn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc2f2fa49a1b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 May 2023 04:04:41 GMT
expires: Fri, 17 May 2024 04:04:41 GMT
cache-control: public, max-age=31536000
age: 521478
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

images.outbrainimg.com/transform/v3/eyJpdSI6IjYzZTA1YmNjZjdiZGU0ZmI5MWNiYzY4NzVmNTYwZmJmZjk0MGQ4MzU5ODZiZmY4MGU4ZjVjMTE1NmJjMjUxNjEiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp

23.38.201.176

200 OK

12 kB

URL GET HTTP/2
images.outbrainimg.com/transform/v3/eyJpdSI6IjYzZTA1YmNjZjdiZGU0ZmI5MWNiYzY4NzVmNTYwZmJmZjk0MGQ4MzU5ODZiZmY4MGU4ZjVjMTE1NmJjMjUxNjEiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
IP
23.38.201.176:443
ASN
#16625 AKAMAI-AS

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint4F:05:15:71:93:78:ED:64:53:30:81:ED:DA:9C:FE:4F:7B:F9:41:BE
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sat, 02 Mar 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (11934 bytes)
Hash
381813ed1c8a6f1705b621585b605054
6992e1183afd04c1529bfe128964e2109713cce5
09d2e03f19ba0b368b245b44d487d7ea4eabd930cd3a5a4d3d098ae29efddf32

HTTP Headers

GET /transform/v3/eyJpdSI6IjYzZTA1YmNjZjdiZGU0ZmI5MWNiYzY4NzVmNTYwZmJmZjk0MGQ4MzU5ODZiZmY4MGU4ZjVjMTE1NmJjMjUxNjEiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp HTTP/1.1
Host: images.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/webp
content-length: 11934
last-modified: Sun, 21 May 2023 02:01:31 GMT
x-traceid: 3af7fcdc66242d3579f179e92650ee72
cache-control: max-age=2194876
date: Wed, 24 May 2023 04:55:59 GMT
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
timing-allow-origin: *, *
X-Firefox-Spdy: h2

api.purpleads.io/x/a/20439424fc2daf1ccceb08514c96e983:1a160841438f2325780d89ffe2cb7043a5f4c5e751050eb17b3040b860e9abfd31996f229cc1d8f5578b09114d9fd6a1c320e2dca8483b5ca4af879b47ad908eaebc7d9bb692c526bd4f4ffea7ec0bd5ce6a765a028bed8f08ed390f893b6fc5/i?id=b0ed679f-565a-439a-a699-10fd583ae9c3

75.101.220.184

204 No Content

0 B

URL GET HTTP/2
api.purpleads.io/x/a/20439424fc2daf1ccceb08514c96e983:1a160841438f2325780d89ffe2cb7043a5f4c5e751050eb17b3040b860e9abfd31996f229cc1d8f5578b09114d9fd6a1c320e2dca8483b5ca4af879b47ad908eaebc7d9bb692c526bd4f4ffea7ec0bd5ce6a765a028bed8f08ed390f893b6fc5/i?id=b0ed679f-565a-439a-a699-10fd583ae9c3
IP
75.101.220.184:443
ASN
#14618 AMAZON-AES

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /x/a/20439424fc2daf1ccceb08514c96e983:1a160841438f2325780d89ffe2cb7043a5f4c5e751050eb17b3040b860e9abfd31996f229cc1d8f5578b09114d9fd6a1c320e2dca8483b5ca4af879b47ad908eaebc7d9bb692c526bd4f4ffea7ec0bd5ce6a765a028bed8f08ed390f893b6fc5/i?id=b0ed679f-565a-439a-a699-10fd583ae9c3 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Wed, 24 May 2023 04:55:59 GMT
access-control-allow-origin: api.purpleads.io
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
X-Firefox-Spdy: h2

mp.4dex.io/prebid

104.18.3.114

600 B

URL
mp.4dex.io/prebid
IP
104.18.3.114:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix\012- data
Size
600 B (600 bytes)
Hash
0afe8142168ae4ce80d7c2728621a370
3e5b314c9a33a5610bd83b3b40f866bb9b7c759d
3265864b26d86ec6748ece6f8282e940af907328ddf39d116df7893526b2f55b

HTTP Headers

POST /prebid HTTP/1.1
Host: mp.4dex.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2093
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:57 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://dfiles.eu
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin, Accept-Encoding
x-err: Shapings: no adunits with size and seat and mapping
x-version: 3.0.0-gcp-ams
x-warn: Process Seats Booster. unable to get the seat booster engine for organization: 1263
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cc2f30a494eb52d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=17c993f058982669b3486410ec49e0f2&pvId=17c993f058982669b3486410ec49e0f2&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent

70.42.32.255

200 OK

4 B

URL GET HTTP/1.1
log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=17c993f058982669b3486410ec49e0f2&pvId=17c993f058982669b3486410ec49e0f2&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
IP
70.42.32.255:443
ASN
#22075 AS-OUTBRAIN

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /loggerServices/widgetGlobalEvent?rId=17c993f058982669b3486410ec49e0f2&pvId=17c993f058982669b3486410ec49e0f2&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 May 2023 04:56:00 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: e2c511f5b4d5abc04f614ca9aca0e45a

log.outbrainimg.com/loggerServices/log-viewability?requestId=17c993f058982669b3486410ec49e0f2&position=0

70.42.32.255

200 OK

4 B

URL GET HTTP/1.1
log.outbrainimg.com/loggerServices/log-viewability?requestId=17c993f058982669b3486410ec49e0f2&position=0
IP
70.42.32.255:443
ASN
#22075 AS-OUTBRAIN

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /loggerServices/log-viewability?requestId=17c993f058982669b3486410ec49e0f2&position=0 HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 May 2023 04:56:00 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: ad118fd44afbc2903965c1d20bd94e65

cdn.pubfuture-ad.com/v2/unit/pt.js

104.26.0.97

200 OK

6.6 kB

URL GET HTTP/2
cdn.pubfuture-ad.com/v2/unit/pt.js
IP
104.26.0.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (6778), with no line terminators
Size
6.6 kB (6612 bytes)
Hash
0111fa8d579e88268584595c79ad05d8
557bd8adf0625893e0ede25162f2cee913ae702c
0e2968fc4d954021c6a483bf6195122c7934c97b6bc495e2c46e4382b2ee0ae4

HTTP Headers

GET /v2/unit/pt.js HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:53 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-bgj: minify
access-control-allow-origin: *
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
etag: W/"19d4-fKxMfwaT/pKWztkbnqHGCyR1YAs"
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: HIT
age: 61524
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l74waFLnLgrsyELIJUQV9ajM8BTrfpzipuNpIewTiRFngEtaPt1ptn3EkDM6JIWpdbTGpQoI%2FvctslRTlVkox1xx24%2FlNE4jISvLmv2smOkBlF58fHczIa8jLsf4bRFM4Guu55t5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc2f2ed7e86b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989

75.101.220.184

200 OK

1.4 kB

URL GET HTTP/2
api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989
IP
75.101.220.184:443
ASN
#14618 AMAZON-AES

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1462), with no line terminators
Size
1.4 kB (1406 bytes)
Hash
d09399fabe77f1860fc872a519a19f72
b6b5b017953d78825e29ce97d6710ce00f55d180
4e8c48ba30baa845df20111cb4e5de4bb0ccb5a13e5d6fd506128510892561f1

HTTP Headers

GET /x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Content-Type: application/json
x-purpleads-version: 2.0.2
x-request-url: aHR0cHM6Ly9kZmlsZXMuZXUvZmlsZXMvOTh1cmxxdHB1L1RvdGFsLVdBLmV4ZQ==
Authorization: Bearer 64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
pa-user-id: dc07889d-e2ef-48f7-88ef-ad0ad7df4f4c
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:58 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
etag: W/"57e-xwXHYMWm8AlDpBD9HtehZ2kJflU"
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2

cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683

104.26.3.51

200 OK

44 kB

URL GET HTTP/2
cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
IP
104.26.3.51:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectprplads.com
Fingerprint44:46:5A:F0:A0:B0:25:70:06:3F:E4:EB:02:D5:A2:67:7A:E3:7D:0E
ValidityWed, 19 Apr 2023 12:34:16 GMT - Tue, 18 Jul 2023 12:34:15 GMT

File type

Size
44 kB (44061 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683 HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"103f53a915d53d541a023f9c8352e84c"
last-modified: Wed, 03 May 2023 17:14:59 GMT
x-amz-id-2: c0BBo0bTVFeShG8i+7lo2b2VE/UirvGjsaEwxq/wwMJ6ns1s3aKZvOG0lzRnXyQ2PtAWUDAre3c=
x-amz-request-id: VF6G331VR5CZSWHS
cache-control: max-age=86400
cf-cache-status: HIT
age: 7188
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJOlekMT89ku1GWjN2SKOoHgXA0H6Z7%2Fy1VnpZPVuySjHeWCquoBg7KVNvqLh5MUsyRwrFxMWC6WFDMGiDxVFW5v%2FphhafeRlzO96KN%2BqfNMPZ8QwIuF%2FBVpICYY2CVYPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fb4d550b49-OSL
content-encoding: br
X-Firefox-Spdy: h2

ntvpwpush.com/dl/cookies

94.130.198.6

200 OK

620 B

URL GET HTTP/2
ntvpwpush.com/dl/cookies
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (656), with no line terminators
Size
620 B (620 bytes)
Hash
0f28ac8b62710210d8c20200cb32caf2
e5cf4c2df4e48eff5fe877531dd3f12351c0c37d
2e6743f06e4cc09ff077b579b75511eaaf5ccf370f70fd2075d74725bf5b872c

HTTP Headers

GET /dl/cookies HTTP/1.1
Host: ntvpwpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 24 May 2023 04:55:56 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

illuminatedusing.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BdH3INsXCPBuFl3Fb1JdVX1pEx1V1PVNT0JHoILssfx5rHznWSDGpb1D1Ck421ByHiKYA7C%2FgGi7FlmMjj6oHnv%2B77v8Hmv68t9d04COHq29r7elUrRpXYr8F%2F7JAyv%2Bxsyd0N%2F2Ot82omv%2B2bwZhistILX%2FXcF29ZLURAGQRiE%2Fpo0ItXDpTAMWwFkcbwStlaCVhy1wnaMofm%2Fts6DpR744Jy8AMknzx4%2FjCFZgzx7dFPY7VIXb7yTOUVLbTDgRx%2Fl27mucmSLMjUe0vxoPg1tT9d%2BhM4PZ8DQg38HEzkh3pM%2FkORHc0okg8ML0ERB5Ej4c6gGDYRqIGkDpu9B8lMCMI5bm8izB7e0qejOhUun7oRcfvoXZDUhl39%2FEXn2cFXJoX9XK1dKnVsM0xpy2ED2GxTuBOXuJcjqBKz8ApL%2FQpaebiDPDjat0pC8ni0vZQOZNlBiBGo9uOknPbjUgys8ZPzM77K41%2BO9NqeCsShJw14ap%2FEKZUHKguWVCI5N8UYoixGYGoGZPRRmD9tyBON%2Bgt2qYbkHW06I98EeBrxGJQgqS1BRgkoSVCVBNagPubKRrR9wZV0SznM0z8v1WJf9fXqoy77IyX5xTq7O7vJ3R2NbnPlRFFMe0zBO4iRss7AbddK0G7QF63QjQTuwsoa0l2ar7srTawUKefr8y0joCaw6AZNXQd0roNW4GwWgW%2BO4F2A3f8RFoa0sU6mEbTGdgesaRXkZ5Y63r87JSzOOV5%2F4EOwxmQeYqVGYGp%2FJnwn66v74jq7IwR1dWfL9ZlHKTO7S6b%2B7W9JSXPn2PbFTacPXb9rRNzfY1JiWxx8KW27QnMu8b8l3q5JzYda0YYL8sG4%2FFsltZ7dWncldsXH77bX1rDDCWqnzBlSeft4BkxNy5cbh7FVe%2B7MHaRoYVyNzC1KpG7BiD7ZY9KwmMGqhk8JD5eqxiZJFU0kCJRaaJjXsf3SyqPftffSNB1reQ57VGJgaA1WDqhGse2ZcFubxW78uzwKJ8saJMt5Booz66uK0Vp75jAWChkk3FIKL9jJjcYf1kk66HHdFr83bKO2EZ1%2F%2F9g8AAAD%2F%2FwEAAP%2F%2FKKoAZWIEAAA%3D

173.233.137.44

200 OK

0 B

URL GET HTTP/1.1
illuminatedusing.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BdH3INsXCPBuFl3Fb1JdVX1pEx1V1PVNT0JHoILssfx5rHznWSDGpb1D1Ck421ByHiKYA7C%2FgGi7FlmMjj6oHnv%2B77v8Hmv68t9d04COHq29r7elUrRpXYr8F%2F7JAyv%2Bxsyd0N%2F2Ot82omv%2B2bwZhistILX%2FXcF29ZLURAGQRiE%2Fpo0ItXDpTAMWwFkcbwStlaCVhy1wnaMofm%2Fts6DpR744Jy8AMknzx4%2FjCFZgzx7dFPY7VIXb7yTOUVLbTDgRx%2Fl27mucmSLMjUe0vxoPg1tT9d%2BhM4PZ8DQg38HEzkh3pM%2FkORHc0okg8ML0ERB5Ej4c6gGDYRqIGkDpu9B8lMCMI5bm8izB7e0qejOhUun7oRcfvoXZDUhl39%2FEXn2cFXJoX9XK1dKnVsM0xpy2ED2GxTuBOXuJcjqBKz8ApL%2FQpaebiDPDjat0pC8ni0vZQOZNlBiBGo9uOknPbjUgys8ZPzM77K41%2BO9NqeCsShJw14ap%2FEKZUHKguWVCI5N8UYoixGYGoGZPRRmD9tyBON%2Bgt2qYbkHW06I98EeBrxGJQgqS1BRgkoSVCVBNagPubKRrR9wZV0SznM0z8v1WJf9fXqoy77IyX5xTq7O7vJ3R2NbnPlRFFMe0zBO4iRss7AbddK0G7QF63QjQTuwsoa0l2ar7srTawUKefr8y0joCaw6AZNXQd0roNW4GwWgW%2BO4F2A3f8RFoa0sU6mEbTGdgesaRXkZ5Y63r87JSzOOV5%2F4EOwxmQeYqVGYGp%2FJnwn66v74jq7IwR1dWfL9ZlHKTO7S6b%2B7W9JSXPn2PbFTacPXb9rRNzfY1JiWxx8KW27QnMu8b8l3q5JzYda0YYL8sG4%2FFsltZ7dWncldsXH77bX1rDDCWqnzBlSeft4BkxNy5cbh7FVe%2B7MHaRoYVyNzC1KpG7BiD7ZY9KwmMGqhk8JD5eqxiZJFU0kCJRaaJjXsf3SyqPftffSNB1reQ57VGJgaA1WDqhGse2ZcFubxW78uzwKJ8saJMt5Booz66uK0Vp75jAWChkk3FIKL9jJjcYf1kk66HHdFr83bKO2EZ1%2F%2F9g8AAAD%2F%2FwEAAP%2F%2FKKoAZWIEAAA%3D
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectilluminatedusing.com
FingerprintAF:19:68:30:80:E4:4A:1B:82:10:E8:99:C8:5C:99:FE:73:3E:E6:5F
ValiditySat, 29 Apr 2023 06:18:13 GMT - Fri, 28 Jul 2023 06:18:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq9dlD%2BplXS%2BCQt9UkEl3p%2BdH3INsXCPBuFl3Fb1JdVX1pEx1V1PVNT0JHoILssfx5rHznWSDGpb1D1Ck421ByHiKYA7C%2FgGi7FlmMjj6oHnv%2B77v8Hmv68t9d04COHq29r7elUrRpXYr8F%2F7JAyv%2Bxsyd0N%2F2Ot82omv%2B2bwZhistILX%2FXcF29ZLURAGQRiE%2Fpo0ItXDpTAMWwFkcbwStlaCVhy1wnaMofm%2Fts6DpR744Jy8AMknzx4%2FjCFZgzx7dFPY7VIXb7yTOUVLbTDgRx%2Fl27mucmSLMjUe0vxoPg1tT9d%2BhM4PZ8DQg38HEzkh3pM%2FkORHc0okg8ML0ERB5Ej4c6gGDYRqIGkDpu9B8lMCMI5bm8izB7e0qejOhUun7oRcfvoXZDUhl39%2FEXn2cFXJoX9XK1dKnVsM0xpy2ED2GxTuBOXuJcjqBKz8ApL%2FQpaebiDPDjat0pC8ni0vZQOZNlBiBGo9uOknPbjUgys8ZPzM77K41%2BO9NqeCsShJw14ap%2FEKZUHKguWVCI5N8UYoixGYGoGZPRRmD9tyBON%2Bgt2qYbkHW06I98EeBrxGJQgqS1BRgkoSVCVBNagPubKRrR9wZV0SznM0z8v1WJf9fXqoy77IyX5xTq7O7vJ3R2NbnPlRFFMe0zBO4iRss7AbddK0G7QF63QjQTuwsoa0l2ar7srTawUKefr8y0joCaw6AZNXQd0roNW4GwWgW%2BO4F2A3f8RFoa0sU6mEbTGdgesaRXkZ5Y63r87JSzOOV5%2F4EOwxmQeYqVGYGp%2FJnwn66v74jq7IwR1dWfL9ZlHKTO7S6b%2B7W9JSXPn2PbFTacPXb9rRNzfY1JiWxx8KW27QnMu8b8l3q5JzYda0YYL8sG4%2FFsltZ7dWncldsXH77bX1rDDCWqnzBlSeft4BkxNy5cbh7FVe%2B7MHaRoYVyNzC1KpG7BiD7ZY9KwmMGqhk8JD5eqxiZJFU0kCJRaaJjXsf3SyqPftffSNB1reQ57VGJgaA1WDqhGse2ZcFubxW78uzwKJ8saJMt5Booz66uK0Vp75jAWChkk3FIKL9jJjcYf1kk66HHdFr83bKO2EZ1%2F%2F9g8AAAD%2F%2FwEAAP%2F%2FKKoAZWIEAAA%3D HTTP/1.1
Host: illuminatedusing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 24 May 2023 04:55:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 86e1a4dd7f2754938922f353050ffce0
Strict-Transport-Security: max-age=0; includeSubdomains

api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395

75.101.220.184

200 OK

2.8 kB

URL GET HTTP/2
api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395
IP
75.101.220.184:443
ASN
#14618 AMAZON-AES

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- troff or preprocessor input, ASCII text, with very long lines (2948), with no line terminators
Size
2.8 kB (2804 bytes)
Hash
800a49d1af44148de862e984c0a041cb
77137eedf2c989ca4bbaea4bcdb55548ae61ae43
470ef99137daccc3d667fb695f5d64dc581a10068e3e0f7df28327835d803af3

HTTP Headers

GET /x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Content-Type: application/json
x-purpleads-version: 2.0.2
x-request-url: aHR0cHM6Ly9kZmlsZXMuZXUvZmlsZXMvOTh1cmxxdHB1L1RvdGFsLVdBLmV4ZQ==
Authorization: Bearer 64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:56 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
set-cookie: pa-user-id=dc07889d-e2ef-48f7-88ef-ad0ad7df4f4c; Domain=.purpleads.io; Path=/
pa-user-id: dc07889d-e2ef-48f7-88ef-ad0ad7df4f4c
etag: W/"af4-DxOKbowKjENHKbenMX10hUGCu4k"
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2

static.depositfiles.com/images/flags/lang24.png

91.226.124.81

200 OK

9.2 kB

URL GET HTTP/1.1
static.depositfiles.com/images/flags/lang24.png
IP
91.226.124.81:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Size
9.2 kB (9172 bytes)
Hash
efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b

HTTP Headers

GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 May 2023 04:55:53 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Tue, 26 Apr 2022 10:45:42 GMT
Connection: keep-alive
ETag: "6267cd56-23d4"
Accept-Ranges: bytes

addresseepaper.com/sfp.js

0.0.0.0

0 B

URL GET
addresseepaper.com/sfp.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989

75.101.220.184

200 OK

0 B

URL OPTIONS HTTP/2
api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989
IP
75.101.220.184:443
ASN
#14618 AMAZON-AES

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&demand=unifiedPb&ts=1684904157989 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,pa-user-id,x-purpleads-version,x-request-url
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:58 GMT
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
access-control-allow-headers: authorization,content-type,pa-user-id,x-purpleads-version,x-request-url
access-control-max-age: 86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/js/script.js

172.64.196.23

200 OK

385 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/js/script.js
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text, with very long lines (399), with no line terminators
Size
385 B (385 bytes)
Hash
1cefc33777b8bee6b7fcc27b0ecbd6f8
019bb2f304ef537ce1764a91d5cf3aae361b1f08
a7daa6a82a2edc4563c1e9b8962007248d693996475caca0fa546266adf0ae9b

HTTP Headers

GET /sb/notifications/software/us/norton/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:45:00 GMT
etag: W/"602d01bc-181"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 124
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOApiV2PMq4MWdYpIrbA%2BD95%2BI1ggUs5kQohdImU6oQMKtxWVlTGd3ZoPy4szkDOXR6HChikW%2F1vaSRLhIFiu%2BmVbXaGp1e96J29mDBbC72Mtxk%2B%2Fa%2BuQOELF%2BXhHXpI6SdXxLUBzapC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd0fc1774f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.unblockia.com/h.js

54.230.111.117

200 OK

166 kB

URL GET HTTP/2
cdn.unblockia.com/h.js
IP
54.230.111.117:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
166 kB (166192 bytes)
Hash
3d75dc8f7c4000ccdac0fff2f09d78a8
9008e9830c5f3a690cbb6cc94ddb34b59fc12677
203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8

HTTP Headers

GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Mon, 22 May 2023 09:17:35 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-content-sha256: 3b11cd91ab382736a9ba8e63029f318e3177aa77903aa4fa093a80765fac8c07
x-amz-version-id: gKayxwShEzJAnBjNaPvAM9Fj3A2ZU3Kt
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:6a48fce0-eba0-40cc-8a72-49f5d7d1abde
x-amz-meta-codebuild-content-md5: 60511405d11f9acd0880a4539ae338cb
server: AmazonS3
content-encoding: br
date: Tue, 23 May 2023 09:19:59 GMT
etag: W/"3d75dc8f7c4000ccdac0fff2f09d78a8"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ComVA1guobnlMfEz3osXMz_5LOmbFC_AHQExrbyxmSzBthfLae0xSw==
age: 70555
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

js.wpadmngr.com/static/adManager.m.js

45.133.44.53

200 OK

158 kB

URL GET HTTP/2
js.wpadmngr.com/static/adManager.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT

File type

Size
158 kB (158096 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:53 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 19 May 2023 08:16:51 GMT
etag: W/"64673073-26990"
content-encoding: gzip
expires: Wed, 24 May 2023 05:00:53 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/style.css

172.64.196.23

200 OK

2.3 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/style.css
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text, with very long lines (2472), with no line terminators
Size
2.3 kB (2311 bytes)
Hash
50a727839c0d5c323ac1e5a8b32e5838
ab2dbb07e2f14e3010b7bcb8cf276a17bc681bcd
cb2dc4b9bfac73114f274ed68a9d7fe3efe6db932ea3958a29f255337f050489

HTTP Headers

GET /sb/notifications/software/us/norton/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:59 GMT
etag: W/"602d01bb-907"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 142316
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XmjzaTaiRcBoeR%2B2u434THJ7VJNWUKKloDgVhrQEMiqjvl4f5GewhmUiBNMfcHJSEi0PAEva3tRwvAMyK0ZUHQPxtjL5ah5Jnl9WXYGgyGbh6OiZWrWHNhKRIpZqZhIjZt1jxiGTOUzW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd1fca774f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395

75.101.220.184

200 OK

0 B

URL OPTIONS HTTP/2
api.purpleads.io/x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395
IP
75.101.220.184:443
ASN
#14618 AMAZON-AES

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /x/v2/f?pid=a7816163750a4e79a2019993bdbe909d&ts=1684904155395 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:56 GMT
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-max-age: 86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/animate.css

172.64.196.23

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/animate.css
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text
Size
79 kB (79249 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/notifications/software/us/norton/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:55 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:45:00 GMT
etag: W/"602d01bc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 142316
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJu00mol6euEGIkbcJPZIY1xMe%2FY7je79jttLKZf3qlcxjrHRWBGJZvwo%2Fz%2BRTVdWvocilfvm%2BJGgrE8pliGKiRIHG5ZoFrLi93wyFZLJtr7mZUH1P5qMNqDN8h4QJ8rOeO6wYN79dLt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2fd0fc5774f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.141.24

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/98urlqtpu/Total-WA.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85467 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 May 2023 04:55:54 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 0e1e6df64d946b7d9bb83e2a68c3cb45
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 24 May 2023 04:55:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZeSCBaB%2FDxaQbjjoJ4t0sMzSAlD7I7M9drtMUbPztKNLi%2FNteokCx0TP0zuDUhNc8YI4GN%2BtAywg5cWzPkiDnHPMeFLTxVXmW7ABs4oF0LPDfZaWs%2BVyUTBp3KFf5V34uaSvRjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc2f2f1eacd385c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (40)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL