depositfiles.com/files/nkrrg36os/Human_Error1.0.2.zip
91.226.124.78302 Moved Temporarily 138 B URL HTTP/1.1 depositfiles.com/files/nkrrg36os/Human_Error1.0.2.zip
IP 91.226.124.78:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /files/nkrrg36os/Human_Error1.0.2.zip HTTP/1.1
Host: depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 07 Dec 2022 11:29:43 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: https://depositfiles.com/files/nkrrg36os/Human_Error1.0.2.zip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5883
Expires: Wed, 07 Dec 2022 13:07:46 GMT
Date: Wed, 07 Dec 2022 11:29:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3457
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:43 GMT
Last-Modified: Wed, 07 Dec 2022 10:32:06 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 11:18:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 657
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10477
Expires: Wed, 07 Dec 2022 14:24:20 GMT
Date: Wed, 07 Dec 2022 11:29:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5PCKxbgtLGuq37OIXu76Fonv/faZtpnwJCiB8vcawdzGysQ7Z6au9Hs2Tdwt+ojj5guUkV7gPgc=
x-amz-request-id: 71ZQTAJGHBVZ908R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 10:49:20 GMT
age: 2423
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 37f6b14470edce8761f62c4932277456
843c406992f09caf30b116fe80741b19351e11a4
0b47b3d18e62b4a1a1abda173b91cc6fa569f082eea0ed4e08c859867c7a6361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B47B3D18E62B4A1A1ABDA173B91CC6FA569F082EEA0ED4E08C859867C7A6361"
Last-Modified: Tue, 06 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8826
Expires: Wed, 07 Dec 2022 13:56:49 GMT
Date: Wed, 07 Dec 2022 11:29:43 GMT
Connection: keep-alive
depositfiles.com/files/nkrrg36os/Human_Error1.0.2.zip
91.226.124.76302 Found 0 B URL HTTP/1.1 depositfiles.com/files/nkrrg36os/Human_Error1.0.2.zip
IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /files/nkrrg36os/Human_Error1.0.2.zip HTTP/1.1
Host: depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 07 Dec 2022 11:29:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Location: //dfiles.eu/files/nkrrg36os/Human_Error1.0.2.zip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:29:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 687674a4517e8c54e1d293e7e9dd8ccf
2e720f3dee7a6df0de020cd43137dbd1f7db0a7b
d65fbc1b7744624b9bb749328882045cc07bd1cc71bbce6860d477b49a4c7a7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D65FBC1B7744624B9BB749328882045CC07BD1CC71BBCE6860D477B49A4C7A7A"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5878
Expires: Wed, 07 Dec 2022 13:07:41 GMT
Date: Wed, 07 Dec 2022 11:29:43 GMT
Connection: keep-alive
dfiles.eu/files/nkrrg36os/Human_Error1.0.2.zip
91.226.124.78200 OK 8.4 kB URL HTTP/1.1 dfiles.eu/files/nkrrg36os/Human_Error1.0.2.zip
IP 91.226.124.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6441), with CRLF, CR, LF line terminators
Hash c86018a6d99d214df04621c01772484c
6b12c6fcc18f731aa910151a0fd4c98eea57f5b0
2986c4e4be49b1226928279cb3b3944d519798c9c6c04bc6e1935a572d5cf890
GET /files/nkrrg36os/Human_Error1.0.2.zip HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=2afb141a65a62aad3fe18908d925369b; path=/; domain=.dfiles.eu
last_file=nkrrg36os; path=/; domain=.dfiles.eu
lang_current=en; expires=Thu, 07-Dec-2023 11:29:43 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
216.58.207.228200 OK 553 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 216.58.207.228:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 1309ff133720d219cc98090d66a051ed
b96fc5a893e42be16d687d7abdecdb13d348a019
358683c66634ea5ee3021c93111d8621d583880bcbbfadf3ec2ff87a15ea1038
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 07 Dec 2022 11:29:44 GMT
date: Wed, 07 Dec 2022 11:29:44 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 11:08:58 GMT
cache-control: public,max-age=3600
age: 1246
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 37f6b14470edce8761f62c4932277456
843c406992f09caf30b116fe80741b19351e11a4
0b47b3d18e62b4a1a1abda173b91cc6fa569f082eea0ed4e08c859867c7a6361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B47B3D18E62B4A1A1ABDA173B91CC6FA569F082EEA0ED4E08C859867C7A6361"
Last-Modified: Tue, 06 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8825
Expires: Wed, 07 Dec 2022 13:56:49 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 37f6b14470edce8761f62c4932277456
843c406992f09caf30b116fe80741b19351e11a4
0b47b3d18e62b4a1a1abda173b91cc6fa569f082eea0ed4e08c859867c7a6361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B47B3D18E62B4A1A1ABDA173B91CC6FA569F082EEA0ED4E08C859867C7A6361"
Last-Modified: Tue, 06 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8825
Expires: Wed, 07 Dec 2022 13:56:49 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 37f6b14470edce8761f62c4932277456
843c406992f09caf30b116fe80741b19351e11a4
0b47b3d18e62b4a1a1abda173b91cc6fa569f082eea0ed4e08c859867c7a6361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B47B3D18E62B4A1A1ABDA173B91CC6FA569F082EEA0ED4E08C859867C7A6361"
Last-Modified: Tue, 06 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8825
Expires: Wed, 07 Dec 2022 13:56:49 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 37f6b14470edce8761f62c4932277456
843c406992f09caf30b116fe80741b19351e11a4
0b47b3d18e62b4a1a1abda173b91cc6fa569f082eea0ed4e08c859867c7a6361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B47B3D18E62B4A1A1ABDA173B91CC6FA569F082EEA0ED4E08C859867C7A6361"
Last-Modified: Tue, 06 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8825
Expires: Wed, 07 Dec 2022 13:56:49 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.depositfiles.com/js/function.js
91.226.124.83200 OK 35 kB URL HTTP/1.1 static.depositfiles.com/js/function.js
IP 91.226.124.83:0
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-8863"
Expires: Wed, 07 Dec 2022 11:34:44 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3447
Cache-Control: max-age=167673
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:44 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:04:17 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
static.depositfiles.com/js/jquery.validate.js
91.226.124.83200 OK 38 kB URL HTTP/1.1 static.depositfiles.com/js/jquery.validate.js
IP 91.226.124.83:0
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-957d"
Expires: Wed, 07 Dec 2022 11:34:44 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/css/main.css
91.226.124.83200 OK 47 kB URL HTTP/1.1 static.depositfiles.com/css/main.css
IP 91.226.124.83:0
File type ASCII text, with very long lines (332)
Hash cea03c07a2dcdd9444f5f6de6a3f6c64
89307ec85eb1fa31aa0b0d759e13f78970b0375b
5ecd5842291f787ca0d39182e73ab7992ed55dccce2aaeb7cfc4e10ba3917634
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/css
Last-Modified: Thu, 24 Nov 2022 11:10:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"637f5136-2f719"
Expires: Wed, 07 Dec 2022 11:34:44 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
static.depositfiles.com/js/base2.js
91.226.124.83200 OK 399 kB URL HTTP/1.1 static.depositfiles.com/js/base2.js
IP 91.226.124.83:0
File type Unicode text, UTF-8 text, with very long lines (65481)
Size 399 kB (398927 bytes)
Hash 2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-6164f"
Expires: Wed, 07 Dec 2022 11:34:44 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 45a25e44ed72e89f8a4ad9117e992a19
45f8963020886a77dbdc4dd1ebb802ff116d8486
417b9a1cac53073dc212790552b27df90b7a58351c72188506e5ac5fa2d79d5d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "417B9A1CAC53073DC212790552B27DF90B7A58351C72188506E5AC5FA2D79D5D"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10035
Expires: Wed, 07 Dec 2022 14:16:59 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
push.services.mozilla.com/
35.163.38.240101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.38.240:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6On7SUxeWSlT3wqjpkn+Dw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Qswip+F3uL5Zvt9nKPxoFQexsFE=
pl16105218.highperformancecpmgate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 pl16105218.highperformancecpmgate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37188), with no line terminators
Hash 354ed0a6b1eaaad4653ec2ce382ddcc9
0a1281f6e4b7ee1c6a65cc861f56c93b4da1002d
279e8007ab93d51b504ef065e30983a6b893314d0f2205396a4fda84123abe4c
Analyzer Verdict Alert quad9 Sinkholed
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 99a459266a74b52403598dcd1dc2591c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/logo.png
91.226.124.83200 OK 3.6 kB URL HTTP/1.1 static.depositfiles.com/images/logo.png
IP 91.226.124.83:0
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-e27"
Accept-Ranges: bytes
static.depositfiles.com/images/member_menu_bg.gif
91.226.124.83200 OK 78 B URL HTTP/1.1 static.depositfiles.com/images/member_menu_bg.gif
IP 91.226.124.83:0
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-4e"
Expires: Mon, 12 Dec 2022 11:29:44 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/timer.gif
91.226.124.83200 OK 12 kB URL HTTP/1.1 static.depositfiles.com/images/timer.gif
IP 91.226.124.83:0
File type GIF image data, version 89a, 70 x 70\012- data
Hash fb170c2ce20d8088b7cee465689c3637
9759429c7de6921580fac900c4c6026c758bb94c
6b5c53dd4d2d07c854e019e55458ff9652a4d9b7bf1fe8848ad00ca16032e294
GET /images/timer.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: image/gif
Content-Length: 11607
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-2d57"
Expires: Mon, 12 Dec 2022 11:29:44 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/sprite.png
91.226.124.83200 OK 37 kB URL HTTP/1.1 static.depositfiles.com/images/sprite.png
IP 91.226.124.83:0
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-8fc2"
Accept-Ranges: bytes
static.depositfiles.com/images/flags/lang24.png
91.226.124.83200 OK 9.2 kB URL HTTP/1.1 static.depositfiles.com/images/flags/lang24.png
IP 91.226.124.83:0
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-23d4"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite16.png
91.226.124.83200 OK 28 kB URL HTTP/1.1 static.depositfiles.com/images/sprite16.png
IP 91.226.124.83:0
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-6f55"
Accept-Ranges: bytes
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3115dd5bc8b3f10f7a5bdac8a4d6d579
3c8fca862ef564894e6a226312319b638f56daf2
e123ed36a240c987e233bcba017c41294e1cd01a88fdb68f99a1926049c0bb81
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "E123ED36A240C987E233BCBA017C41294E1CD01A88FDB68F99A1926049C0BB81"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5574
Expires: Wed, 07 Dec 2022 13:02:38 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5cb13a7d08a09e3cb2b7752f7f5a37b1
9b3b2db7ee5df5749ea12f2a2f90d8d1139283cf
b50f893f6ae0143654ae6dd0287f3550e715e1075b542c104ca0c2e70b5bdc5b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B50F893F6AE0143654AE6DD0287F3550E715E1075B542C104CA0C2E70B5BDC5B"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17743
Expires: Wed, 07 Dec 2022 16:25:27 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 975d829b6c1182baa9059ef46ba71c89
4cad25f5dc5997779e9bde153551bf7fa3481938
5a23467d164713da6a0ba9cff3d114780c255f12696ad50c3efc214c8895ee64
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96120
Date: Wed, 07 Dec 2022 11:29:44 GMT
Etag: "638f4418-1d7"
Expires: Thu, 08 Dec 2022 14:11:44 GMT
Last-Modified: Tue, 06 Dec 2022 13:31:04 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eZcyk-EWHzTJQV_JeB4Lsy7PdfHD-QNqrQGolPHrt7WOPjs8cFcjCw==
Age: 2440
adsbb.dfiles.eu//ad.php?z=60&c=NO
91.226.124.82303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=60&c=NO
IP 91.226.124.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=60&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf60=1; expires=Thu, 08-Dec-2022 11:29:44 GMT; Max-Age=86400
Location: /upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=no_file
91.226.124.82303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=58&c=NO&g=no_file
IP 91.226.124.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=58&c=NO&g=no_file HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Thu, 08-Dec-2022 11:29:44 GMT; Max-Age=86400
Location: /upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=56&c=NO
91.226.124.82303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=56&c=NO
IP 91.226.124.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Thu, 08-Dec-2022 11:29:44 GMT; Max-Age=86400
Location: /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=7&c=NO&g=no_file&u=63907927da593-61652829
91.226.124.82303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=7&c=NO&g=no_file&u=63907927da593-61652829
IP 91.226.124.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=7&c=NO&g=no_file&u=63907927da593-61652829 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf7=1; expires=Thu, 08-Dec-2022 11:29:44 GMT; Max-Age=86400
Location: /upload/2211/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e54d6b62083db2712ec828ec50113a1c
395314695f0c1984401e945f3054fa657b395595
b12fac2209dbac1514cf4b90c65c073b28615aa341ff192a29b9d59c3a375eed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B12FAC2209DBAC1514CF4B90C65C073B28615AA341FF192A29B9D59C3A375EED"
Last-Modified: Tue, 06 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6525
Expires: Wed, 07 Dec 2022 13:18:29 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 4f6254178f34f3ec253e70fa85fd34c9
7bc2715b65f644e795fa84b05d1e5e0997b216c2
6870b94bc685b84a6385207f2da85badd7b4f14af532b4c122c30d25dfa3a134
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:44 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
set-cookie: uid_id2=e749f42c-c6ed-4f46-91a9-770f9078cb23:3:1; expires=Sat, 04 Dec 2032 11:29:44 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.82200 OK 670 B URL HTTP/1.1 adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 45396d3ec88a7acf815dfda937d91a77
bd8dde2468cccb5a02f47b14ca87a6436337fd8f
8b32787a4df5faeec5db45991bd40e55a7ae6b789def8985dc71838feed6a864
GET /upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 07 Dec 2022 11:25:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.82200 OK 671 B URL HTTP/1.1 adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 326f614df051364e7e18aa223e59e80b
33be80a3912a5099bd8822cafabcd41eb488a5e0
282e4ed3b1d1f5c297d8e270a529215bbed4bd56f13c5aaaeba74ad67498f134
GET /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 07 Dec 2022 11:25:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.82200 OK 887 B URL HTTP/1.1 adsbb.dfiles.eu/upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash c67099ef8b531d912a46659900cf3d10
4ad67591aeff106042e445e06575633093969bc1
d41511b6e8d6282cef7cc8621d1819f031ac238647c3e35eaeb7a9a602b0fbbf
GET /upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 07 Dec 2022 11:25:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2211/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.82200 OK 2.4 kB URL HTTP/1.1 adsbb.dfiles.eu/upload/2211/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (879)
Hash 54aa81684b2bf8841017cda8b0a1d6c8
bd13fd1291fa8617115f01adc4661dd64dee80cb
8bcac9d4b87269e130bdc80d1f31013ee5b36f302f6ccfeccd5391fc13ff3f46
GET /upload/2211/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 07 Dec 2022 11:25:01 GMT
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3115dd5bc8b3f10f7a5bdac8a4d6d579
3c8fca862ef564894e6a226312319b638f56daf2
e123ed36a240c987e233bcba017c41294e1cd01a88fdb68f99a1926049c0bb81
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "E123ED36A240C987E233BCBA017C41294E1CD01A88FDB68F99A1926049C0BB81"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5574
Expires: Wed, 07 Dec 2022 13:02:38 GMT
Date: Wed, 07 Dec 2022 11:29:44 GMT
Connection: keep-alive
dominantroute.com/bens/vinos.js?23701&u=null&a=0.09881188662954998
193.200.64.20200 OK 140 kB URL HTTP/1.1 dominantroute.com/bens/vinos.js?23701&u=null&a=0.09881188662954998
IP 193.200.64.20:0
ASN #6681 Rozetka Sp. z o.o.
File type ASCII text, with very long lines (727)
Size 140 kB (140149 bytes)
Hash 11c89cf3c532d557a759d00d34927ec5
617ced953e1f637a174fa72f47f7927f21feaae7
ade133faff47b3fc5b69f9c11abc8bae953f46ee841f2d487173e292fe46b8fc
GET /bens/vinos.js?23701&u=null&a=0.09881188662954998 HTTP/1.1
Host: dominantroute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa TIA"
Set-Cookie: uuid=16704122581532635802; expires=Fri, 06-Dec-2024 11:29:44 GMT; Max-Age=63072000; path=/; samesite=None; domain=.dominantroute.com; secure
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 819ddbbd8b0d3cf7f559a65602676d10
2e137d20f9b37b7636af0a08c788633e9c9f602e
d185c13e986f8366d3472dd187aa7aacc0c91d55b07a66ebfbb3afce82cfc88b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5351
Cache-Control: max-age=125644
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:45 GMT
Etag: "638fac0e-118"
Expires: Thu, 08 Dec 2022 22:23:49 GMT
Last-Modified: Tue, 06 Dec 2022 20:54:38 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 280
ac309a36ac.fb28078ad6.com/6d86bacf59ba60447aa61ee2a90dc84e/46445?version_name=d
45.133.44.24200 OK 405 B URL HTTP/2 ac309a36ac.fb28078ad6.com/6d86bacf59ba60447aa61ee2a90dc84e/46445?version_name=d
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (405), with no line terminators
Hash 962be1b003036e603ae1d12a10d6c220
ce6518280924c11dd596f3f64bfe368f554020ae
b2851dd48763c139dafea5294d9e92ba708af9de6b23b6a5bc614d15a6089df1
Analyzer Verdict Alert quad9 Sinkholed
GET /6d86bacf59ba60447aa61ee2a90dc84e/46445?version_name=d HTTP/1.1
Host: ac309a36ac.fb28078ad6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:45 GMT
content-type: application/json
content-length: 405
server: nginx/1.18.0
cache-control: max-age=300
expires: Wed, 07 Dec 2022 11:34:45 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ac309a36ac.fb28078ad6.com/ba88bc4c8888d62514d2c88356e66609.js
45.133.44.24200 OK 36 kB URL HTTP/2 ac309a36ac.fb28078ad6.com/ba88bc4c8888d62514d2c88356e66609.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 54bfb861f97b590c7ae7ce9da9045d72
5c4238c11e936831b7c8918ec063df722f98c973
bf053c2b876c38649ea4dc3fdbc72626ae3ee855c2d1bde4e006fb8a3e7989ea
Analyzer Verdict Alert quad9 Sinkholed
GET /ba88bc4c8888d62514d2c88356e66609.js HTTP/1.1
Host: ac309a36ac.fb28078ad6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:44 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 08:10:45 GMT
etag: W/"63904a85-1770c"
content-encoding: gzip
expires: Wed, 07 Dec 2022 11:34:44 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.163.31200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.163.31:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash c1f1521284ed7be396e13acedf030c5c
bd239a565c8171c227e648da3340917aca31d996
1860756a0c4920851eb23c8cc6d0292bd3b44c2f242f56364b6c73098c645781
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:44 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 164a65cb38525e828907d05bf2a791e3
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Dec 2022 11:29:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ocah9FnGpi0WKYa1JOPXx3Pau0Fx%2FQiyVXaCyFt91IkPzDT%2B96JknHiBErF6CxvqkTUM7F44aOUOW9bFbLtv3vlBHAO1koscz8F6tKitgM1MHyDuxtZE1dG8IoWnzTosk7P4JyY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775cecdf0df57587-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.82200 OK 85 kB URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.82:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.82200 OK 85 kB URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.82:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2211/ad2769296150a424.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.82200 OK 85 kB URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.82:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
static.depositfiles.com/images/favicon.ico
91.226.124.83200 OK 318 B URL HTTP/1.1 static.depositfiles.com/images/favicon.ico
IP 91.226.124.83:0
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Thu, 24 Nov 2022 11:10:48 GMT
Connection: keep-alive
ETag: "637f5138-13e"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 78 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4a0c3f2dc4c869be69283c8678d7382a
a783e221e4b4c5a4c0460fe2878c635c7c789caa
576dd70778206e3b123bf17c76e226130227a1bbb1de1ce2fb715570b27bac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2FA354FF465A6BAE1778C74FDEF284E6F399096D05A6E7EBEC3B65D1E42D75A"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Wed, 07 Dec 2022 12:30:41 GMT
Date: Wed, 07 Dec 2022 11:29:45 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Wed, 07 Dec 2022 11:34:45 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
216.58.211.3200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 06:50:11 GMT
expires: Thu, 07 Dec 2023 06:50:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 16774
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adsbb.dfiles.eu/view.gif?c=2687&z=60&b=2759&u=6390780d3737e598589702734338
91.226.124.82200 OK 43 B URL HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2687&z=60&b=2759&u=6390780d3737e598589702734338
IP 91.226.124.82:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2687&z=60&b=2759&u=6390780d3737e598589702734338 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27592687cc8bc6.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=6390780d36f3111293395897897063
91.226.124.82200 OK 43 B URL HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=6390780d36f3111293395897897063
IP 91.226.124.82:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2685&z=56&b=2758&u=6390780d36f3111293395897897063 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
fairfaxgeorgianayourself.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
192.243.61.227200 OK 29 kB URL HTTP/1.1 fairfaxgeorgianayourself.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 97f17be02b115405d84ac8ca2af2f5ed
b12257c64326417267068fdfb2744f61a943ad23
68e5a88b8e85b2e59151c45568a30ac2f7eb290268a2727fa1bf1365b2ad7452
Analyzer Verdict Alert quad9 Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fd33a085cff3a0220f40b83e08e3579b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
adsbb.dfiles.eu/view.gif?c=2927&z=58&b=2708&u=6390780d38af3046312191312908535
91.226.124.82200 OK 78 kB URL HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2927&z=58&b=2708&u=6390780d38af3046312191312908535
IP 91.226.124.82:0
Hash ca3c2d7fe79566760b1caaff09efcf07
5c60e34effe59a0b7bd8be4c34d3cb603eb5c5b9
63595b2d17c7df5a44287122e004201138ef1a3af81e461b4b2f41fd80de5fdf
GET /view.gif?c=2927&z=58&b=2708&u=6390780d38af3046312191312908535 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
adserver.adreactor.com/js/libcode3.js
46.166.179.123200 OK 7.7 kB URL HTTP/1.1 adserver.adreactor.com/js/libcode3.js
IP 46.166.179.123:0
ASN #43350 NForce Entertainment B.V.
File type HTML document text\012- C source, ASCII text, with very long lines (27061), with no line terminators
Hash 02a8b86bce420a8a54223b74fa0d265e
a92561d8f1c6a43e23b0301db815d1cfca1995c6
d58e205115e1054fe89459992256a3ac8264bf821550ccc60fb01623f9b91c41
GET /js/libcode3.js HTTP/1.1
Host: adserver.adreactor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=86400
Expires: Thu, 08 Dec 2022 11:29:43 GMT
Vary: Accept-Encoding, Accept-Encoding
Last-Modified: Tue, 15 Mar 2022 21:49:26 GMT
Content-Encoding: gzip
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 4f6254178f34f3ec253e70fa85fd34c9
7bc2715b65f644e795fa84b05d1e5e0997b216c2
6870b94bc685b84a6385207f2da85badd7b4f14af532b4c122c30d25dfa3a134
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=e749f42c-c6ed-4f46-91a9-770f9078cb23:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
X-Firefox-Spdy: h2
adserver.adreactor.com/servlet/tagger/92639716/1670412585313
46.166.179.123200 OK 81 B URL HTTP/1.1 adserver.adreactor.com/servlet/tagger/92639716/1670412585313
IP 46.166.179.123:0
ASN #43350 NForce Entertainment B.V.
Hash 53489e2032c6a793ace4d4e18c6949cd
6a977246645e3342c31eee4563c9d8d1f45de668
adfa266c7fae0b78400589ab6702c7d7c11f151096c3e5fda7a225d144b67713
GET /servlet/tagger/92639716/1670412585313 HTTP/1.1
Host: adserver.adreactor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: ADRUID=b6a1f49ace31a7646ffb3a5d26cb8c1e; Expires=Thu, 07-Dec-2023 11:29:44 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip
adserver.adreactor.com/servlet/view/banner/javascript/ajax/crossdomain/zone?zid=9&pid=8620&uuid=b6a1f49ace31a7646ffb3a5d26cb8c1e&tagid=avp_1560248483863&viewable=true&txid=44840863&sver=1&pvid=90141203&resolution=728x91&random=78661803&millis=1670412585357&referrer=https%3A%2F%2Fadsbb.dfiles.eu%2Fupload%2F1906%2Fad2708292742b09a.htm%3Fcanp%3Dadv_73b411c406ca38ecadcf742fe6ade752
46.166.179.123200 OK 872 B URL HTTP/1.1 adserver.adreactor.com/servlet/view/banner/javascript/ajax/crossdomain/zone?zid=9&pid=8620&uuid=b6a1f49ace31a7646ffb3a5d26cb8c1e&tagid=avp_1560248483863&viewable=true&txid=44840863&sver=1&pvid=90141203&resolution=728x91&random=78661803&millis=1670412585357&referrer=https%3A%2F%2Fadsbb.dfiles.eu%2Fupload%2F1906%2Fad2708292742b09a.htm%3Fcanp%3Dadv_73b411c406ca38ecadcf742fe6ade752
IP 46.166.179.123:0
ASN #43350 NForce Entertainment B.V.
File type ASCII text, with very long lines (1006)
Hash 765521d6ed1ff011bd759710d1330ceb
656a1de06c2cd46d32f19dad8ca37c12bc437df1
90450c688e17bd9ad8bb25b496c49b155cda24c51513b46e0a60c02e30a1462c
GET /servlet/view/banner/javascript/ajax/crossdomain/zone?zid=9&pid=8620&uuid=b6a1f49ace31a7646ffb3a5d26cb8c1e&tagid=avp_1560248483863&viewable=true&txid=44840863&sver=1&pvid=90141203&resolution=728x91&random=78661803&millis=1670412585357&referrer=https%3A%2F%2Fadsbb.dfiles.eu%2Fupload%2F1906%2Fad2708292742b09a.htm%3Fcanp%3Dadv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adserver.adreactor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:44 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: ADRUID=b6a1f49ace31a7646ffb3a5d26cb8c1e; Expires=Thu, 07-Dec-2023 11:29:44 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip
fairfaxgeorgianayourself.com/pixel/purst?dl=0&th=0&sc=0&rs=2162&rd=2162&fd=757&bv=22.10.v.10&tmpl=136
192.243.61.227200 OK 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/pixel/purst?dl=0&th=0&sc=0&rs=2162&rd=2162&fd=757&bv=22.10.v.10&tmpl=136
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2162&rd=2162&fd=757&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2579
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 11:29:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 20:49:34 GMT
age: 52811
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 10614
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9257f2e3b9bd1b3aa262b0f4bf57968
4bcdd6ecd63834aa1010faf19457a97f37ae99fa
9afd592279c51b533b3bf72a860cf4a8f2bc6cf01b07d1ab6f11f0ff302e0ef6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7392
x-amzn-requestid: f4b6890a-7a8f-48f8-b2af-365cb5f681e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpwREFiXoAMFSMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d60d3-009e524f30c72d0629c877bb;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 03:09:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C0-H0LUbxaxMEXoDf6PXEFAvVTj2D9K2M7eshRo39QzAAWSk2ubepA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 03:15:41 GMT
age: 29644
etag: "4bcdd6ecd63834aa1010faf19457a97f37ae99fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e5de346-6863-4521-9b1c-e74cf4df1d53.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e5de346-6863-4521-9b1c-e74cf4df1d53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2409529ecac5140de749d864da85af0d
99f431b4ca446996dbacb969440e2ecfb11fd9e0
81b379b16874d6644b0cf63e02c5174e44a40ab7cb4f4727bb96ad44bfcaa72f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e5de346-6863-4521-9b1c-e74cf4df1d53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6422
x-amzn-requestid: 6d0cc220-31bc-4815-ade5-7e3e5403f39f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cniYTGgRoAMF5lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c7dce-64fbea8330a62e4f741c0c4e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 11:00:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IWfRJ5GaowWTJhSqFpvEhGKVi9DTp-h6tmrMXRtUlmXCMmolLPpaIA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 07:59:34 GMT
age: 12611
etag: "99f431b4ca446996dbacb969440e2ecfb11fd9e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9fda84db003d0cfc70d73dcb6a3763dd
5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4
f00aa6b88dd85164d8f6ee685937a3ca8039b98b442a2e6aede1c4c421b4fc4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8997
x-amzn-requestid: 54d7ed8c-119c-4583-929c-fd053524814c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csT_8F78IAMFY6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66cc-3d9816725e7e0b1b3404bc4a;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:46:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FjScmvs74slr4Mr8vhQLRNh-88KqMx4L1FwNKdBwbUUPDuu1ivOuoQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:47:20 GMT
age: 49345
etag: "5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 604a4132da78a0c013b5818644adb121
ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566
eecab519c33596c67f2d2021dfd1af24e7fd8f2ed403f99b4ba0c265c08a259f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8701
x-amzn-requestid: 653284c3-ee7f-45f1-9513-3a6c81e1d6e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cm3-2HRWIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c39f8-6f8969a26787a9463ba6c2ec;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 06:11:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cmRvAOLmk_xZC4RKdin-lozUNeK9-icqkzsQmSjP9scXnnCLxkvJ5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:01:53 GMT
age: 48472
etag: "ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fairfaxgeorgianayourself.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
192.243.61.227200 OK 3.4 kB URL HTTP/1.1 fairfaxgeorgianayourself.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6044), with no line terminators
Hash 973189aef89bf8cc415d7159b431e410
00f764636ba8da949797812ddd3dad7b8f4a5afa
1ea8a9548dace179c90227990f230e26c11be2638d7d7fd118e4df72be7374be
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Thu, 08 Dec 2022 11:29:45 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Dec 2022 11:29:45 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Dec 2022 11:29:45 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 08 Dec 2022 11:29:45 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 08 Dec 2022 11:29:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8bfd2e59215521c9657bf5d9ec236c59
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 4f6254178f34f3ec253e70fa85fd34c9
7bc2715b65f644e795fa84b05d1e5e0997b216c2
6870b94bc685b84a6385207f2da85badd7b4f14af532b4c122c30d25dfa3a134
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=e749f42c-c6ed-4f46-91a9-770f9078cb23:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
X-Firefox-Spdy: h2
fairfaxgeorgianayourself.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bxR%2Bdbfu9fMulwAUJhI9UIGfXXttxc6gIJSgiJKEtROKC5tc6Q2Z3VjO7XifqIaIS6gXJnOC4eU4aARVq%2FwAktOGCIiHFHFAOhD8C1DOyY8nwkXY%2F7837HN77zHxxkF8QHzk93%2FzA7Cmt6UKr7tfe2FKJMIWrrd%2BvBX7dX6ptqaQdLtUGk5%2Ft3wr8Vt2%2FWXtP8h2z0PAD3w%2F8oLairIzMYGGqQqVPukG969fDRj1ohRjY%2F3KXe3DUg%2BhfkBehxPh%2F2788g%2BIVkvjpHel2MpO%2B9W6ca5oZi744%2FijZSUyRIJ7DyHqIkuPZNIwbE%2FLNFZjkeJYApn84SQCmxsT7PQBLjmc2wfpHl06ZhkzAxHUU%2FQpSV1C0AjcPocQZAbjA%2BgaS%2BPG6sQXdvVTpRB2Ta8%2F%2FgirG5NofLyOJf1jWalC7Z3SeKZM4DKISalBB9Sqk%2BQmyPQ%2BqOAHPPocSv5KF52tI4sMNpw2UKKfplaqgogpaDkGdh3zyKQ955CFPPcTivEZb3cj3OxGLms3FkHPebHLeWmyLlmiGi5GPnE%2FsDZGlQ3A9BLf7SO0%2BdtQQNv8JbruEEx5cNibeh%2FvoixKFJCgcQUEJCkVQZARFvzwS2jVc%2BVhol7Ng1huz3ixHJusd0COT9WRCDtILcmO6l7%2FbBjvyvNZohFSENAhZyIIWDzqNdhR1%2FJbk7U5D0jacKqHclWnUPXX2UopUnb3wKhg9gdMn4OoGaP4aaDHqNHzQ7VG46GMveSpkapzKIqWlq3MTQ5gSaXYN2a53oC%2FIK1Mft66%2FCclPb3%2F95cafS%2BITcFsitSU%2BUz8T9PSj0V1TkMO7pnDk2UaaqVjt0cnd3ctoJq9%2B977cLYwVq3fc8Nu3%2BUSYwCf3pcvWaCJU0nPk%2B2UlhLQrxnJJflx1W5Jt5m57ObdJnq5tvrOyGqdWOqdMUoGqs48fgKsx%2Bf%2BDT6ev8nUPULaCzUvE%2BSmZFZSpwNN9uHTu3hkCq%2BczLPVQ5OXINtj8UCsCLeecshLuX5zN8YF7hJ71QLOHSOISfVuir0tQPYTLr46y1J7e%2Fq05LTDtjZi23iHTVn91uVqnzmuyFfmR9BuSRV0WdagvulHYZbQbyA5r0QCZG%2FPh7s1%2FAAAA%2F%2F8BAAD%2F%2F%2BzXe%2BltBAAA
192.243.61.227200 OK 7 B URL HTTP/1.1 fairfaxgeorgianayourself.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bxR%2Bdbfu9fMulwAUJhI9UIGfXXttxc6gIJSgiJKEtROKC5tc6Q2Z3VjO7XifqIaIS6gXJnOC4eU4aARVq%2FwAktOGCIiHFHFAOhD8C1DOyY8nwkXY%2F7837HN77zHxxkF8QHzk93%2FzA7Cmt6UKr7tfe2FKJMIWrrd%2BvBX7dX6ptqaQdLtUGk5%2Ft3wr8Vt2%2FWXtP8h2z0PAD3w%2F8oLairIzMYGGqQqVPukG969fDRj1ohRjY%2F3KXe3DUg%2BhfkBehxPh%2F2788g%2BIVkvjpHel2MpO%2B9W6ca5oZi744%2FijZSUyRIJ7DyHqIkuPZNIwbE%2FLNFZjkeJYApn84SQCmxsT7PQBLjmc2wfpHl06ZhkzAxHUU%2FQpSV1C0AjcPocQZAbjA%2BgaS%2BPG6sQXdvVTpRB2Ta8%2F%2FgirG5NofLyOJf1jWalC7Z3SeKZM4DKISalBB9Sqk%2BQmyPQ%2BqOAHPPocSv5KF52tI4sMNpw2UKKfplaqgogpaDkGdh3zyKQ955CFPPcTivEZb3cj3OxGLms3FkHPebHLeWmyLlmiGi5GPnE%2FsDZGlQ3A9BLf7SO0%2BdtQQNv8JbruEEx5cNibeh%2FvoixKFJCgcQUEJCkVQZARFvzwS2jVc%2BVhol7Ng1huz3ixHJusd0COT9WRCDtILcmO6l7%2FbBjvyvNZohFSENAhZyIIWDzqNdhR1%2FJbk7U5D0jacKqHclWnUPXX2UopUnb3wKhg9gdMn4OoGaP4aaDHqNHzQ7VG46GMveSpkapzKIqWlq3MTQ5gSaXYN2a53oC%2FIK1Mft66%2FCclPb3%2F95cafS%2BITcFsitSU%2BUz8T9PSj0V1TkMO7pnDk2UaaqVjt0cnd3ctoJq9%2B977cLYwVq3fc8Nu3%2BUSYwCf3pcvWaCJU0nPk%2B2UlhLQrxnJJflx1W5Jt5m57ObdJnq5tvrOyGqdWOqdMUoGqs48fgKsx%2Bf%2BDT6ev8nUPULaCzUvE%2BSmZFZSpwNN9uHTu3hkCq%2BczLPVQ5OXINtj8UCsCLeecshLuX5zN8YF7hJ71QLOHSOISfVuir0tQPYTLr46y1J7e%2Fq05LTDtjZi23iHTVn91uVqnzmuyFfmR9BuSRV0WdagvulHYZbQbyA5r0QCZG%2FPh7s1%2FAAAA%2F%2F8BAAD%2F%2F%2BzXe%2BltBAAA
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bxR%2Bdbfu9fMulwAUJhI9UIGfXXttxc6gIJSgiJKEtROKC5tc6Q2Z3VjO7XifqIaIS6gXJnOC4eU4aARVq%2FwAktOGCIiHFHFAOhD8C1DOyY8nwkXY%2F7837HN77zHxxkF8QHzk93%2FzA7Cmt6UKr7tfe2FKJMIWrrd%2BvBX7dX6ptqaQdLtUGk5%2Ft3wr8Vt2%2FWXtP8h2z0PAD3w%2F8oLairIzMYGGqQqVPukG969fDRj1ohRjY%2F3KXe3DUg%2BhfkBehxPh%2F2788g%2BIVkvjpHel2MpO%2B9W6ca5oZi744%2FijZSUyRIJ7DyHqIkuPZNIwbE%2FLNFZjkeJYApn84SQCmxsT7PQBLjmc2wfpHl06ZhkzAxHUU%2FQpSV1C0AjcPocQZAbjA%2BgaS%2BPG6sQXdvVTpRB2Ta8%2F%2FgirG5NofLyOJf1jWalC7Z3SeKZM4DKISalBB9Sqk%2BQmyPQ%2BqOAHPPocSv5KF52tI4sMNpw2UKKfplaqgogpaDkGdh3zyKQ955CFPPcTivEZb3cj3OxGLms3FkHPebHLeWmyLlmiGi5GPnE%2FsDZGlQ3A9BLf7SO0%2BdtQQNv8JbruEEx5cNibeh%2FvoixKFJCgcQUEJCkVQZARFvzwS2jVc%2BVhol7Ng1huz3ixHJusd0COT9WRCDtILcmO6l7%2FbBjvyvNZohFSENAhZyIIWDzqNdhR1%2FJbk7U5D0jacKqHclWnUPXX2UopUnb3wKhg9gdMn4OoGaP4aaDHqNHzQ7VG46GMveSpkapzKIqWlq3MTQ5gSaXYN2a53oC%2FIK1Mft66%2FCclPb3%2F95cafS%2BITcFsitSU%2BUz8T9PSj0V1TkMO7pnDk2UaaqVjt0cnd3ctoJq9%2B977cLYwVq3fc8Nu3%2BUSYwCf3pcvWaCJU0nPk%2B2UlhLQrxnJJflx1W5Jt5m57ObdJnq5tvrOyGqdWOqdMUoGqs48fgKsx%2Bf%2BDT6ev8nUPULaCzUvE%2BSmZFZSpwNN9uHTu3hkCq%2BczLPVQ5OXINtj8UCsCLeecshLuX5zN8YF7hJ71QLOHSOISfVuir0tQPYTLr46y1J7e%2Fq05LTDtjZi23iHTVn91uVqnzmuyFfmR9BuSRV0WdagvulHYZbQbyA5r0QCZG%2FPh7s1%2FAAAA%2F%2F8BAAD%2F%2F%2BzXe%2BltBAAA HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:46 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3c9eefd8e7a8894a09587c453ad78d72
Strict-Transport-Security: max-age=0; includeSubdomains
fairfaxgeorgianayourself.com/pixel/pure
192.243.61.227204 No Content 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/pixel/pure
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:46 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
fairfaxgeorgianayourself.com/pixel/pure
192.243.61.227204 No Content 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/pixel/pure
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:46 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7ecfabf23fb221e9e6acf679c21427aa
b614b4ef8f463fb9a58b3b86d234b02770193091
30be54531dcccec5b8c53c816ea2e52097ca1596accfe497a934f900faaf6210
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30BE54531DCCCEC5B8C53C816EA2E52097CA1596ACCFE497A934F900FAAF6210"
Last-Modified: Tue, 06 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3460
Expires: Wed, 07 Dec 2022 12:27:27 GMT
Date: Wed, 07 Dec 2022 11:29:47 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 11:29:47 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
eb3a94f7c8.fa479896c7.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTQ3OTg4MDIzMjE1NTY0MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE4LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuODQsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0=
45.133.44.24200 OK 0 B URL HTTP/2 eb3a94f7c8.fa479896c7.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTQ3OTg4MDIzMjE1NTY0MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE4LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuODQsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTQ3OTg4MDIzMjE1NTY0MjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjE4LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuODQsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0= HTTP/1.1
Host: eb3a94f7c8.fa479896c7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fairfaxgeorgianayourself.com/pixel/pure
192.243.61.227200 OK 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/pixel/pure
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fairfaxgeorgianayourself.com/pixel/pure
192.243.61.227200 OK 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/pixel/pure
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ea6d8022d3d0fcb1a655c111694efb3c
0565f1dae70afb9f7d231824a488de4f262218f0
198fc3e66c5d81029e6781d76d0eb5bf8a3c8ae92aa3aa6a7f0fda6d95658a76
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "198FC3E66C5D81029E6781D76D0EB5BF8A3C8AE92AA3AA6A7F0FDA6D95658A76"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9708
Expires: Wed, 07 Dec 2022 14:11:35 GMT
Date: Wed, 07 Dec 2022 11:29:47 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22288
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=2220653719673059832; Expires=Thu, 07 Dec 2023 11:29:47 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3efe2db47c9b8b4476a788f132c444d7
eff4fb4a61402323ec4489df167ef467abb5a3f6
df3d6e6dde9b11502ab8a8268631f5acabc83d649b86537e8880858febcf0038
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF3D6E6DDE9B11502AB8A8268631F5ACABC83D649B86537E8880858FEBCF0038"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5664
Expires: Wed, 07 Dec 2022 13:04:11 GMT
Date: Wed, 07 Dec 2022 11:29:47 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4649
Expires: Wed, 07 Dec 2022 12:47:16 GMT
Date: Wed, 07 Dec 2022 11:29:47 GMT
Connection: keep-alive
fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=350
192.243.61.227200 OK 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=350
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=350 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Wed, 07 Dec 2022 11:34:47 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.24200 OK 30 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 43dbf24be0e6963f06cfbbf18742315c
e1c43e13519ae9a4aa2bed61a9a9fc9792d307b6
a9eba7db50a41e9b486fdad124b58f17eb9644d9d6b6802b0497ce3aff45a10d
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 09:51:40 GMT
etag: W/"6390622c-f33b"
content-encoding: gzip
expires: Wed, 07 Dec 2022 11:34:47 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:0
Hash 17218a495a439d65f22b3deb1917218e
31f74894637a938436eb5a71af2358deddef8307
d7d617dab66cd1d3d8c0d1e631023041de0a8c8d0ef76c65a1cf588e3cb62baa
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 11:29:47 GMT
date: Wed, 07 Dec 2022 11:29:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 11:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f371fd6cbe04abe5f0d8679af1f2a998
ac95c5a39304a338b963d591a374bd667c836143
bb563352d50a6732df1045dcf54d5242f7609753538c26735456fef24a4692e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB563352D50A6732DF1045DCF54D5242F7609753538C26735456FEF24A4692E9"
Last-Modified: Tue, 06 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4191
Expires: Wed, 07 Dec 2022 12:39:38 GMT
Date: Wed, 07 Dec 2022 11:29:47 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
45.133.44.3200 OK 509 B URL HTTP/2 cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash 09f12e35f70a2d6da5026b7ab33034cf
a1ef71e1199a4c72b070340cf50dad8adf00e063
c47cc4028b6ae0301ec3c5234b12d72b57533534ed457322203846aa82ac4bb1
GET /sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:28 GMT
etag: W/"6275e5b8-4b9"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 07 Dec 2022 12:29:47 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=129
192.243.61.227200 OK 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=129
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=129 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
IP 172.64.108.13:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:46:51 GMT
etag: W/"602d022b-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1891353
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2BQ4x64FcWXV%2B%2BaRopURfvNIRCdEIG0QvcK8yD33odoJm5npidgY%2BNDWda%2BtM4iogkBZ5gxdm5bgAqA0Hx77VWxC4liT5W%2FOFZ08TOoMiaT3kVx3wsV9Rx2yFupn9F5KFTSeFIvJhVkm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775ceceebbdd770b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 932c342bdac10955a7a4526b617b265e
f62040d987f22ab35fa2984e55ce26a78f91c6c0
30a223bb84e4f11a13a48b558f14b7721e0f9e2b029bc8be08e3a2d50ea92e89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30A223BB84E4F11A13A48B558F14B7721E0F9E2B029BC8BE08E3A2D50EA92E89"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4246
Expires: Wed, 07 Dec 2022 12:40:33 GMT
Date: Wed, 07 Dec 2022 11:29:47 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
172.64.108.13200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
IP 172.64.108.13:0
Hash 1cfb4789ee542c008f9673311afb5f5b
c07a04fc5df96b4f2bb22b2c8c1e31b12fa0e3e1
d7f2e443d8426cf768a93ba74b9f9cbc2e571742c55b3c220c5d258fc4f19709
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 11:41:22 GMT
etag: W/"614c67e2-160c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 461633
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gi2brGxmyqQnoC45gwKS%2F%2FiEOQH0opH6EkpS7FRNmBZWcQvsFf91wqeWcTpV721YD56nX8tXy5PE66YRt39vEsqreNgH1fj58PnkOKWFb0FaY3okWQh8n8piEq2NWsQdFVDmRCu3n1D8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775ceceebbe5770b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png
45.133.44.9200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb2500acb00f247ef19403c3a0f89e1
7c57e8b84b2bb0003810ffae7a14e24869155464
7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/9f/03/9f/9f039f12c3a901981b39e44a7e2deb89/1667590110.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:28:39 GMT
etag: "636567e7-7ffb"
expires: Fri, 09 Dec 2022 11:29:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=e749f42c-c6ed-4f46-91a9-770f9078cb23&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e749f42c-c6ed-4f46-91a9-770f9078cb23&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e749f42c-c6ed-4f46-91a9-770f9078cb23&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f7b7f78d02d67d10a7f2375e6ed9ce0e
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=e749f42c-c6ed-4f46-91a9-770f9078cb23&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e749f42c-c6ed-4f46-91a9-770f9078cb23&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e749f42c-c6ed-4f46-91a9-770f9078cb23&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aeb362e697cc344478b062b1f4bbcb3c
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 575732
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 575753
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2835544c3ccb8f0afd61b32d2da0ff7
e178f4dee54df331684b973a4428474a834928e0
78847a6cf81868feb96a0e554e70a0e19599e522e611f553f69da0429176dd55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78847A6CF81868FEB96A0E554E70A0E19599E522E611F553F69DA0429176DD55"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9534
Expires: Wed, 07 Dec 2022 14:08:41 GMT
Date: Wed, 07 Dec 2022 11:29:47 GMT
Connection: keep-alive
fairfaxgeorgianayourself.com/pixel/sbs?c=1
192.243.61.227200 OK 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/pixel/sbs?c=1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fairfaxgeorgianayourself.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2%2FcxB8dt%2F1evuVS4IIEwkcq0Mb2en%2BkOVSEEhQRktAWInFB45nxZsjYY83Y603UQ0Ql1AvScoKj8zZpBFSo%2FQOQkMMFRULKckA5EP4IUM9oNystfCT78968z%2BG9z8wXB8UF8VDQ880P9J5Uii60Gp77xpZMuS6tu37f9b2Gt%2BRuybQdLrmDyc%2F0b%2Fleq%2BHddN8TbEcvBJ7veb7nuyvSiFgPFqYqZPZk0W8seo0waPitEAPzX24LB5Y64P0L8iIkH%2F9v%2B5dnkKxGmjy9I%2BxOrrO33k0KRXNt0OfHH6U7qS5TJHMYGwdxejybhrZjQr65Ap0ezxJA9w8nCRDJMXF%2B9xGlxzObiPpHl04jBZEi4tdR9msIVUPSGkw%2FhORnBGAc6xtIk8fr2pR091KlE3VMrj3%2FC7Ick2t%2FvIw0%2BWFZyYF7T6silzq1GMQV5KCG7NXIihPkew5keQKWfw7JfyULz9eQJocbVmlIXk3TS1lDxjWUGIJaB8Xkkw6K2EGROUj4uUtbi7HndeIobja7IWOs2WSs1W3zFm%2BG3dhDwSb2hsizIZgagpl9ZGYfO3IIU%2FwEu13Bcgc2HxPnw330eYVSEJSWoKQEpSQoc4KyXx1xZQNbPebKFpE%2F68GsN6uRznsH9EjnPZGSg%2ByC3Jju5e%2B2xo44d4MgpDykfhiFkd9ifidox3HHawnW7gSCtmFlBWmvTKPuybOXMmTy7IVXEdETWHUCJm%2BAFq%2BBlqNO4IFuj8Kuh730KReZtjKPpRK2wXQCritk%2BTXku86BuiCvTH3cuv4mBDu9%2FfWXG38u8U%2FATIXMVPhM%2FkzQU49Gd3VJDu%2Fq0pJnG1kuE7lHJ3d3L6e5uPrd%2B2K31Iav3rHDb99mE2ECn9wXNl%2BjKZdpz5LvlyXnwqxowwT5cdVuiWizsNvLhUmLbG3znZXVJDPCWqnTGlSeffwATI7J%2Fx98On2VrzuANDVMUSEpTsmsIHUNlu3DZnP3VhMYNZ%2BJMgdlUY1MEM0PlSRQYs5pVMH%2Bi0dzfGAfoWcc0Pwh0qRC31ToqwpUDWGLq6M8M6e3f2tOC5FyRpEyzmGkjPrqcrVWnrstPxTdqNthnEeCcb8TNLtNzws4DzuLwl9EbsdsuHvzHwAAAP%2F%2FAQAA%2F%2F%2F43%2FUPbQQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 fairfaxgeorgianayourself.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2%2FcxB8dt%2F1evuVS4IIEwkcq0Mb2en%2BkOVSEEhQRktAWInFB45nxZsjYY83Y603UQ0Ql1AvScoKj8zZpBFSo%2FQOQkMMFRULKckA5EP4IUM9oNystfCT78968z%2BG9z8wXB8UF8VDQ880P9J5Uii60Gp77xpZMuS6tu37f9b2Gt%2BRuybQdLrmDyc%2F0b%2Fleq%2BHddN8TbEcvBJ7veb7nuyvSiFgPFqYqZPZk0W8seo0waPitEAPzX24LB5Y64P0L8iIkH%2F9v%2B5dnkKxGmjy9I%2BxOrrO33k0KRXNt0OfHH6U7qS5TJHMYGwdxejybhrZjQr65Ap0ezxJA9w8nCRDJMXF%2B9xGlxzObiPpHl04jBZEi4tdR9msIVUPSGkw%2FhORnBGAc6xtIk8fr2pR091KlE3VMrj3%2FC7Ick2t%2FvIw0%2BWFZyYF7T6silzq1GMQV5KCG7NXIihPkew5keQKWfw7JfyULz9eQJocbVmlIXk3TS1lDxjWUGIJaB8Xkkw6K2EGROUj4uUtbi7HndeIobja7IWOs2WSs1W3zFm%2BG3dhDwSb2hsizIZgagpl9ZGYfO3IIU%2FwEu13Bcgc2HxPnw330eYVSEJSWoKQEpSQoc4KyXx1xZQNbPebKFpE%2F68GsN6uRznsH9EjnPZGSg%2ByC3Jju5e%2B2xo44d4MgpDykfhiFkd9ifidox3HHawnW7gSCtmFlBWmvTKPuybOXMmTy7IVXEdETWHUCJm%2BAFq%2BBlqNO4IFuj8Kuh730KReZtjKPpRK2wXQCritk%2BTXku86BuiCvTH3cuv4mBDu9%2FfWXG38u8U%2FATIXMVPhM%2FkzQU49Gd3VJDu%2Fq0pJnG1kuE7lHJ3d3L6e5uPrd%2B2K31Iav3rHDb99mE2ECn9wXNl%2BjKZdpz5LvlyXnwqxowwT5cdVuiWizsNvLhUmLbG3znZXVJDPCWqnTGlSeffwATI7J%2Fx98On2VrzuANDVMUSEpTsmsIHUNlu3DZnP3VhMYNZ%2BJMgdlUY1MEM0PlSRQYs5pVMH%2Bi0dzfGAfoWcc0Pwh0qRC31ToqwpUDWGLq6M8M6e3f2tOC5FyRpEyzmGkjPrqcrVWnrstPxTdqNthnEeCcb8TNLtNzws4DzuLwl9EbsdsuHvzHwAAAP%2F%2FAQAA%2F%2F%2F43%2FUPbQQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2%2FcxB8dt%2F1evuVS4IIEwkcq0Mb2en%2BkOVSEEhQRktAWInFB45nxZsjYY83Y603UQ0Ql1AvScoKj8zZpBFSo%2FQOQkMMFRULKckA5EP4IUM9oNystfCT78968z%2BG9z8wXB8UF8VDQ880P9J5Uii60Gp77xpZMuS6tu37f9b2Gt%2BRuybQdLrmDyc%2F0b%2Fleq%2BHddN8TbEcvBJ7veb7nuyvSiFgPFqYqZPZk0W8seo0waPitEAPzX24LB5Y64P0L8iIkH%2F9v%2B5dnkKxGmjy9I%2BxOrrO33k0KRXNt0OfHH6U7qS5TJHMYGwdxejybhrZjQr65Ap0ezxJA9w8nCRDJMXF%2B9xGlxzObiPpHl04jBZEi4tdR9msIVUPSGkw%2FhORnBGAc6xtIk8fr2pR091KlE3VMrj3%2FC7Ick2t%2FvIw0%2BWFZyYF7T6silzq1GMQV5KCG7NXIihPkew5keQKWfw7JfyULz9eQJocbVmlIXk3TS1lDxjWUGIJaB8Xkkw6K2EGROUj4uUtbi7HndeIobja7IWOs2WSs1W3zFm%2BG3dhDwSb2hsizIZgagpl9ZGYfO3IIU%2FwEu13Bcgc2HxPnw330eYVSEJSWoKQEpSQoc4KyXx1xZQNbPebKFpE%2F68GsN6uRznsH9EjnPZGSg%2ByC3Jju5e%2B2xo44d4MgpDykfhiFkd9ifidox3HHawnW7gSCtmFlBWmvTKPuybOXMmTy7IVXEdETWHUCJm%2BAFq%2BBlqNO4IFuj8Kuh730KReZtjKPpRK2wXQCritk%2BTXku86BuiCvTH3cuv4mBDu9%2FfWXG38u8U%2FATIXMVPhM%2FkzQU49Gd3VJDu%2Fq0pJnG1kuE7lHJ3d3L6e5uPrd%2B2K31Iav3rHDb99mE2ECn9wXNl%2BjKZdpz5LvlyXnwqxowwT5cdVuiWizsNvLhUmLbG3znZXVJDPCWqnTGlSeffwATI7J%2Fx98On2VrzuANDVMUSEpTsmsIHUNlu3DZnP3VhMYNZ%2BJMgdlUY1MEM0PlSRQYs5pVMH%2Bi0dzfGAfoWcc0Pwh0qRC31ToqwpUDWGLq6M8M6e3f2tOC5FyRpEyzmGkjPrqcrVWnrstPxTdqNthnEeCcb8TNLtNzws4DzuLwl9EbsdsuHvzHwAAAP%2F%2FAQAA%2F%2F%2F43%2FUPbQQAAA%3D%3D HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 11:29:47 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f6c934c287c670f739afc55df84aa383
Strict-Transport-Security: max-age=0; includeSubdomains
js.wpshsdk.com/npc/sdk/common/config.js
45.133.44.24200 OK 19 B URL HTTP/2 js.wpshsdk.com/npc/sdk/common/config.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash fec01d1036706ba84a7eedc87ffef13c
d3c7868c305bda2cc490e961331d4c5b3c4e54f2
2609d50f01d937b5ea44cd92705c2fc422c480fd290588165951c297dd7bfb8f
GET /npc/sdk/common/config.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 19
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 09:51:40 GMT
etag: "6390622c-13"
expires: Wed, 07 Dec 2022 11:34:47 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2835544c3ccb8f0afd61b32d2da0ff7
e178f4dee54df331684b973a4428474a834928e0
78847a6cf81868feb96a0e554e70a0e19599e522e611f553f69da0429176dd55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78847A6CF81868FEB96A0E554E70A0E19599E522E611F553F69DA0429176DD55"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9533
Expires: Wed, 07 Dec 2022 14:08:41 GMT
Date: Wed, 07 Dec 2022 11:29:48 GMT
Connection: keep-alive
js.wpshsdk.com/npc/sdk/common/core.js
45.133.44.24200 OK 35 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/common/core.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash a07b4618bd015f8f0a407fe394a992d0
e2c4e8fdc919e25ae7626e9425eb6d28e1e813bb
6d65e4cc45030531fbc9e5056a70ab7e25500d90d76cebee083fcfa30f5f36f9
GET /npc/sdk/common/core.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 09:51:40 GMT
etag: W/"6390622c-18792"
content-encoding: gzip
expires: Wed, 07 Dec 2022 11:34:47 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/styles.css
45.133.44.24200 OK 1.1 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push/styles.css
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (3179)
Hash 8b9ea1eb5d343e9b1a1cbad3e939a8bf
899569fab9911b7b19b52c9d97c60d79788e7f88
a3e6a9faf6478398b86d012a368e73db642af966339817fae27acfa645e61c86
GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:48 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Wed, 07 Dec 2022 11:34:48 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.82200 OK 0 B URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.82:0
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/1906/ad2708292742b09a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2afb141a65a62aad3fe18908d925369b; last_file=nkrrg36os; lang_current=en; _nf60=1; _nf58=1; _nf56=1; _nf7=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 11:29:45 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
ads.a-static.com/0/html/pd/allsize.html?w=728&h=90&ct=http%3A%2F%2Fadserver.adreactor.com%2Fclkz%3Fzid%3D9%26cid%3D21329%26mid%3D13691%26pid%3D8620%26sid%3D19%26uuid%3Db6a1f49ace31a7646ffb3a5d26cb8c1e%26ip%3D91.90.42.154%26default%3Dfalse%26random%3D78661803%26timestamp%3D20221207062943%26test%3Dfalse%26resolution%3D728x91%26referrer%3Dhttps%253A%252F%252Fadsbb.dfiles.eu%252Fupload%252F1906%252Fad2708292742b09a.htm%253Fcanp%253Dadv_73b411c406ca38ecadcf742fe6ade752%26redirect%3D&rurl=https%3A%2F%2Fbouledstre.biz%2Fredirect%3Ftid%3D834109%26subid%3Db-8620%26puid%3Db6a1f49ace31a7646ffb3a5d26cb8c1e-13691&g=NO&b=Firefox&bd=0&b1t=PLAY&b2t=DOWNLOAD&b1tc=ffffff&b2tc=000000&b1bc=f90606&b2bc=1ad31d
46.166.179.118200 OK 0 B URL HTTP/2 ads.a-static.com/0/html/pd/allsize.html?w=728&h=90&ct=http%3A%2F%2Fadserver.adreactor.com%2Fclkz%3Fzid%3D9%26cid%3D21329%26mid%3D13691%26pid%3D8620%26sid%3D19%26uuid%3Db6a1f49ace31a7646ffb3a5d26cb8c1e%26ip%3D91.90.42.154%26default%3Dfalse%26random%3D78661803%26timestamp%3D20221207062943%26test%3Dfalse%26resolution%3D728x91%26referrer%3Dhttps%253A%252F%252Fadsbb.dfiles.eu%252Fupload%252F1906%252Fad2708292742b09a.htm%253Fcanp%253Dadv_73b411c406ca38ecadcf742fe6ade752%26redirect%3D&rurl=https%3A%2F%2Fbouledstre.biz%2Fredirect%3Ftid%3D834109%26subid%3Db-8620%26puid%3Db6a1f49ace31a7646ffb3a5d26cb8c1e-13691&g=NO&b=Firefox&bd=0&b1t=PLAY&b2t=DOWNLOAD&b1tc=ffffff&b2tc=000000&b1bc=f90606&b2bc=1ad31d
IP 46.166.179.118:0
ASN #43350 NForce Entertainment B.V.
GET /0/html/pd/allsize.html?w=728&h=90&ct=http%3A%2F%2Fadserver.adreactor.com%2Fclkz%3Fzid%3D9%26cid%3D21329%26mid%3D13691%26pid%3D8620%26sid%3D19%26uuid%3Db6a1f49ace31a7646ffb3a5d26cb8c1e%26ip%3D91.90.42.154%26default%3Dfalse%26random%3D78661803%26timestamp%3D20221207062943%26test%3Dfalse%26resolution%3D728x91%26referrer%3Dhttps%253A%252F%252Fadsbb.dfiles.eu%252Fupload%252F1906%252Fad2708292742b09a.htm%253Fcanp%253Dadv_73b411c406ca38ecadcf742fe6ade752%26redirect%3D&rurl=https%3A%2F%2Fbouledstre.biz%2Fredirect%3Ftid%3D834109%26subid%3Db-8620%26puid%3Db6a1f49ace31a7646ffb3a5d26cb8c1e-13691&g=NO&b=Firefox&bd=0&b1t=PLAY&b2t=DOWNLOAD&b1tc=ffffff&b2tc=000000&b1bc=f90606&b2bc=1ad31d HTTP/1.1
Host: ads.a-static.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 11:29:45 GMT
content-type: text/html
last-modified: Thu, 09 Jul 2020 13:20:22 GMT
etag: W/"5f071996-11e2"
content-encoding: gzip
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
45.133.44.25200 OK 0 B IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:48 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 09:51:40 GMT
etag: W/"6390622c-158c"
content-encoding: gzip
expires: Wed, 07 Dec 2022 11:34:48 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.unblockia.com/h.js
143.204.55.34200 OK 0 B IP 143.204.55.34:0
GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Mon, 28 Nov 2022 09:50:00 GMT
x-amz-meta-codebuild-content-sha256: d40c5094a6853c43262ede66e3f11d2be99a6008864c1bf24bbd0e894a4dc359
x-amz-version-id: T96YjdnzZTokxfPNlkQLkULaCFHnuHb8
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:8c90ba8e-1861-49e0-9754-055b2b8e38ba
x-amz-meta-codebuild-content-md5: e3cacafead03ccba6b50fcbdbaddb119
server: AmazonS3
content-encoding: br
date: Wed, 07 Dec 2022 10:02:04 GMT
etag: W/"4b53f86e8ac0bd82dc3b57fe3da1f471"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: csmPoyv8Yo67cXLpkVS4jULdiGLYC1825xDvC8s7lZvgr_koanCuEA==
age: 5260
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cdn.engine.4dsply.com/Scripts/infinity.js.aspx?guid=f6c43cb5-024f-4158-a34e-034f3e05bbb0
104.16.158.17200 OK 0 B URL HTTP/2 cdn.engine.4dsply.com/Scripts/infinity.js.aspx?guid=f6c43cb5-024f-4158-a34e-034f3e05bbb0
IP 104.16.158.17:0
GET /Scripts/infinity.js.aspx?guid=f6c43cb5-024f-4158-a34e-034f3e05bbb0 HTTP/1.1
Host: cdn.engine.4dsply.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:45 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=900
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
last-modified: Wed, 07 Dec 2022 11:20:01 GMT
cf-cache-status: HIT
expires: Wed, 07 Dec 2022 11:44:45 GMT
server: cloudflare
cf-ray: 775cece21a3fb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
IP 172.64.108.13:0
GET /sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:46:52 GMT
etag: W/"602d022c-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1891353
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nfFuEAwnBWJ%2FHeJloEp%2FsbYdqF%2FhLSnrPyqelUEMFllbCKqRi0bCysUzonBCJLIrSU2a%2FPTRkbcZDGBUupvv0sPHOq6wB5hgbjA0684p2j8QQu9MygZZ8Z%2FTLgn45o6iomZ9z8QMCioV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775cecee9bac770b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?test_adblock=true
142.250.74.34200 OK 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?test_adblock=true
IP 142.250.74.34:0
GET /pagead/js/adsbygoogle.js?test_adblock=true HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 07 Dec 2022 11:29:45 GMT
expires: Wed, 07 Dec 2022 11:29:45 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 4172107915013419717
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49293
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
45.133.44.24200 OK 0 B IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 11:29:47 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 09:51:40 GMT
etag: W/"6390622c-158c"
content-encoding: gzip
expires: Wed, 07 Dec 2022 11:34:47 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2