{"report_id":"add83ced-d396-4c7f-ab19-a3615c1d4f1c","version":6,"status":"done","tags":[],"date":"2025-11-16T04:12:13Z","url":{"schema":"https","addr":"gofile.io/d/96et3I","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"final":{"url":{"schema":"https","addr":"gofile.io/d/96et3I","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"title":"Gofile - Cloud Storage Made Simple","dom":{"size":14560,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (7346)","md5":"40ba4fbc9e735735d2231b30b6f67242","sha1":"f3230a02ef12fdab9021d22f767362d9c85a51b0","sha256":"f16a79ed9fddd4b87da90015979830fe37fd72c74299dae07d4aacbb280d632c","sha512":"66ee97bbfd4f2fd69926ad0114cb36a6d3234f0e881ff5c8bd58338c44ff3ffb46c82b65869da19cf99c53767cb9ae0ac048b1e6c0390de3d8a7f563c9732f2f","ssdeep":"192:OX1YzXciFm6Bm+hDSoEdm+It048h8LwWPq0d50xQrTmhz5W18CwPtXea8YUE:1NIorNLPPq0PlwR9B","tlshash":"4262b7139195b22e343c3e5fbc4065ed7115f029ebb20fd0f4ea9ab5d24b2da1d9194c","dom_hash":"domhashf97dc345c4fe91cbb7ff289add036fe6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"gofile.io/d/96et3I","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-21T04:12:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":4,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-16T04:11:52Z","timestamp":1763266312,"ip_dst":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.16","port":49166,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)","source":"{\"timestamp\":\"2025-11-16T04:11:52.332176+0000\",\"flow_id\":301989066456049,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":49166,\"dest_ip\":\"51.75.242.210\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049323,\"rev\":1,\"signature\":\"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_11_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_28\"]}},\"tls\":{\"sni\":\"gofile.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":911,\"bytes_toclient\":2675,\"start\":\"2025-11-16T04:11:52.277489+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-16T04:11:53Z","timestamp":1763266313,"ip_dst":{"addr":"51.159.98.203","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.16","port":35468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)","source":"{\"timestamp\":\"2025-11-16T04:11:53.020952+0000\",\"flow_id\":783459195334976,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35468,\"dest_ip\":\"51.159.98.203\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049323,\"rev\":1,\"signature\":\"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_11_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_28\"]}},\"tls\":{\"sni\":\"s.gofile.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2675,\"start\":\"2025-11-16T04:11:52.962880+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-16T04:11:53Z","timestamp":1763266313,"ip_dst":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.16","port":49168,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)","source":"{\"timestamp\":\"2025-11-16T04:11:53.051228+0000\",\"flow_id\":416256671367583,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":49168,\"dest_ip\":\"51.75.242.210\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049323,\"rev\":1,\"signature\":\"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_11_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_28\"]}},\"tls\":{\"sni\":\"api.gofile.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2674,\"start\":\"2025-11-16T04:11:52.999839+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-16T04:11:53Z","timestamp":1763266313,"ip_dst":{"addr":"51.159.98.203","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.16","port":35484,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)","source":"{\"timestamp\":\"2025-11-16T04:11:53.145833+0000\",\"flow_id\":2211340400286695,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35484,\"dest_ip\":\"51.159.98.203\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049323,\"rev\":1,\"signature\":\"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_11_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_28\"]}},\"tls\":{\"sni\":\"s.gofile.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2675,\"start\":\"2025-11-16T04:11:53.089063+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"s.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"api.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"gofile.io","ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2014-11-26","domain_rank":6934,"first_seen":"2015-05-31T05:43:15Z","last_seen":"2025-11-05T18:45:26.550638Z","alert_count":12,"request_count":12,"received_data":853620,"sent_data":5353,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"s.gofile.io","ip":{"addr":"51.159.98.203","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"domain_registered":"2014-11-26","domain_rank":836091,"first_seen":"2023-12-14T14:42:39Z","last_seen":"2025-11-08T08:51:27.361962Z","alert_count":2,"request_count":2,"received_data":2091,"sent_data":877,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.gofile.io","ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2014-11-26","domain_rank":737505,"first_seen":"2019-03-19T16:29:00Z","last_seen":"2025-11-05T18:45:26.619136Z","alert_count":5,"request_count":5,"received_data":7532,"sent_data":2632,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ad.a-ads.com","ip":{"addr":"78.46.174.169","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2012-07-07","domain_rank":80794,"first_seen":"2013-04-19T21:54:57Z","last_seen":"2025-11-12T15:22:00.5481Z","alert_count":0,"request_count":1,"received_data":14982,"sent_data":528,"comment":"","tags":null,"fingerprints":[{"name":"Phusion Passenger","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-09T22:13:15.523411Z","alert_count":0,"request_count":1,"received_data":10794,"sent_data":471,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static.a-ads.com","ip":{"addr":"78.46.33.196","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2012-07-07","domain_rank":212861,"first_seen":"2013-06-01T16:47:05Z","last_seen":"2025-11-10T23:38:39.315518Z","alert_count":0,"request_count":1,"received_data":229193,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-09T22:13:15.598397Z","alert_count":0,"request_count":1,"received_data":49367,"sent_data":552,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-16T04:11:52Z","timestamp":1763266312,"ip_dst":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.16","port":49166,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)","source":"{\"timestamp\":\"2025-11-16T04:11:52.332176+0000\",\"flow_id\":301989066456049,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":49166,\"dest_ip\":\"51.75.242.210\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049323,\"rev\":1,\"signature\":\"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_11_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_28\"]}},\"tls\":{\"sni\":\"gofile.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":911,\"bytes_toclient\":2675,\"start\":\"2025-11-16T04:11:52.277489+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-16T04:11:53Z","timestamp":1763266313,"ip_dst":{"addr":"51.159.98.203","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.16","port":35468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)","source":"{\"timestamp\":\"2025-11-16T04:11:53.020952+0000\",\"flow_id\":783459195334976,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35468,\"dest_ip\":\"51.159.98.203\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049323,\"rev\":1,\"signature\":\"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_11_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_28\"]}},\"tls\":{\"sni\":\"s.gofile.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2675,\"start\":\"2025-11-16T04:11:52.962880+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-16T04:11:53Z","timestamp":1763266313,"ip_dst":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.16","port":49168,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)","source":"{\"timestamp\":\"2025-11-16T04:11:53.051228+0000\",\"flow_id\":416256671367583,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":49168,\"dest_ip\":\"51.75.242.210\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049323,\"rev\":1,\"signature\":\"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_11_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_28\"]}},\"tls\":{\"sni\":\"api.gofile.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2674,\"start\":\"2025-11-16T04:11:52.999839+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-16T04:11:53Z","timestamp":1763266313,"ip_dst":{"addr":"51.159.98.203","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.16","port":35484,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)","source":"{\"timestamp\":\"2025-11-16T04:11:53.145833+0000\",\"flow_id\":2211340400286695,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35484,\"dest_ip\":\"51.159.98.203\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049323,\"rev\":1,\"signature\":\"ET INFO File Sharing Related Domain in TLS SNI (gofile .io)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_11_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_28\"]}},\"tls\":{\"sni\":\"s.gofile.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2675,\"start\":\"2025-11-16T04:11:53.089063+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"gofile.io/d/96et3I","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ec370ca0eaf3069dce13df24243d863","sha1":"64c1919bbb18a6d851d1b7772f830320b8ab5cc1","sha256":"6a31a3a39783d09cc53dd9e9baeb4a4fa49be602eef90f6bbb9f78af02688064","sha512":"c24d4cfa5facd73ea7c242f69d6591d785bdbdca73bfc6aa7afe963bf09d4350a4daf0eeeb7ccd482b02d807663cf5d1c6763f0e2e468d8fda9f11213627d49d","ssdeep":"","tlshash":"6290040100513554711530d00134c3dd557df075dc4dd335754f570040c0405c53c401","size":41,"data":"","first_seen":"2023-03-07T01:02:03Z","last_seen":"2026-05-15T15:22:40.047968Z","times_seen":19479,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/js/framework.js","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"1fce1b83263fc64c21e8569ccb7b53c7","sha1":"c7e2394172c70cbfa3c77dfb5664581801f0d1a2","sha256":"779b428b6e8e1fc578446447c1834787309d479601a5b8c397da34253d32f0fc","sha512":"6ffe4667be9ed6311c5261cff2088d80e0c10a4e33bd10396502b4e507e9e1926769adf2d1e3050091d1321fc9e869bed02dd4b928f3b8411351523737061cc3","ssdeep":"192:gBitsr3mvC8lJ9TNFgVebCe57Rycttx/Lz:gBitsrmvC8JTNFgVebv0cttx/Lz","tlshash":"2722635d4d16957245bb63bbaf73a048fa36912721418288bdccc3016fb2ac5dd92fec","size":10669,"data":"","first_seen":"2025-05-27T17:22:25.480794Z","last_seen":"2025-12-17T12:49:35.659594Z","times_seen":158,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/js/global.js","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e21c2ae6f49c704ed122c34c79d276d","sha1":"e4c54c8c6cdf68ba85002a443569d62e205f311e","sha256":"190469f852bc2a5edb94540c1ad85dffe4956aaf060987b70da32ff25fb6c824","sha512":"64eef146ff1ab96f351b83af806b2c54bb8c46d9a1437bfc245830570d5db68c7a6d8b1195e28a822b12fc5bc231fce46c483b9cbc083c80d86bc30cc5171a1a","ssdeep":"3072:KYh8t1C3pDEzoJfeewlPBQ4om6bItzEUjf:PwqyjlPBQfItp","tlshash":"7f84b52971d0017645bbe3ba7ab29749fd64c117ca03c4487eac878b1ff3d4199a3b89","size":375557,"data":"","first_seen":"2025-10-28T23:30:17.193265Z","last_seen":"2025-11-16T04:12:16.276817Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.gofile.io/js/script.js","fqdn":"s.gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.159.98.203","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"abd4e2373b2e8c4dac2e80159641c5f1","sha1":"e273656e58ca934d873204e68dd35670fde657ed","sha256":"021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94","sha512":"fb04feb14c2eb999da4b032812a447e1d3b9f0fbc85abcdfb886df2cf1bdc1bcae1684a4e118626ecad9441fa56302ff8981b4ded5da2033012eed2e8a258398","ssdeep":"","tlshash":"0621569b78423a758cb0e9a7aa2f7703353766257809a413910196533414e4f8379ecd","size":1346,"data":"","first_seen":"2023-05-22T17:22:24Z","last_seen":"2026-05-15T13:34:21.466927Z","times_seen":8137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/js/blockies.min.js","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"567bdd7d405e2abf153c07d6ac299743","sha1":"a6a373484bb6ab2e0f592cccbabd45fa2bdad538","sha256":"7308155e336bc6ae28550692d7153ea146e7272708ab501620d2d8c10df37fe3","sha512":"88951c109433e9e697718f702c415775632f29053886e69ef2ac94648693b0d7abd6d84180866c760e370b18c943ae811681a3d1d7e52f2f21811db052bb76f2","ssdeep":"","tlshash":"602166c4b35814bf924b054d0d4fc18bb338ea14691bea945749d85638e49d891bdc9d","size":1370,"data":"","first_seen":"2024-12-04T17:08:30.358921Z","last_seen":"2026-05-11T21:27:01.648861Z","times_seen":351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"312351bff07989769097660a56395065","sha1":"004be89dd9e070ecb080b9b759e5be29ec24881b","sha256":"b2b2f104d32c638903e151a9b20d6e27b41d8c0c84cf8458738f83ca2f1dd744","sha512":"454935a0b9fe288a70896e9e0548537ed09c564e47d771b91202f70ddc94946fa6b209e205034983ebe3160633bf5401df01cdfc54b7f98c4bfbd5845a89124f","ssdeep":"","tlshash":"1f3000000000000000cc00000000000000000000000000000000000000000000000c00","size":4,"data":"","first_seen":"2023-03-13T00:05:53Z","last_seen":"2026-05-11T13:25:03.420858Z","times_seen":32220,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"gofile.io/dist/js/global.js","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /dist/js/global.js HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Mon, 27 Oct 2025 16:06:12 GMT\r\netag: W/\"5bb05-19a266b8744\"\r\nx-robots-tag: all\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":375557,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"6e21c2ae6f49c704ed122c34c79d276d","sha1":"e4c54c8c6cdf68ba85002a443569d62e205f311e","sha256":"190469f852bc2a5edb94540c1ad85dffe4956aaf060987b70da32ff25fb6c824","sha512":"64eef146ff1ab96f351b83af806b2c54bb8c46d9a1437bfc245830570d5db68c7a6d8b1195e28a822b12fc5bc231fce46c483b9cbc083c80d86bc30cc5171a1a","ssdeep":"3072:KYh8t1C3pDEzoJfeewlPBQ4om6bItzEUjf:PwqyjlPBQfItp","tlshash":"7f84b52971d0017645bbe3ba7ab29749fd64c117ca03c4487eac878b1ff3d4199a3b89","first_seen":"2025-10-28T23:30:17.193265Z","last_seen":"2025-11-16T04:12:16.276817Z","times_seen":13,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/js/framework.js","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /dist/js/framework.js HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Sun, 25 May 2025 22:17:54 GMT\r\netag: W/\"29ad-1970986204b\"\r\nx-robots-tag: all\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10669,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"1fce1b83263fc64c21e8569ccb7b53c7","sha1":"c7e2394172c70cbfa3c77dfb5664581801f0d1a2","sha256":"779b428b6e8e1fc578446447c1834787309d479601a5b8c397da34253d32f0fc","sha512":"6ffe4667be9ed6311c5261cff2088d80e0c10a4e33bd10396502b4e507e9e1926769adf2d1e3050091d1321fc9e869bed02dd4b928f3b8411351523737061cc3","ssdeep":"192:gBitsr3mvC8lJ9TNFgVebCe57Rycttx/Lz:gBitsrmvC8JTNFgVebv0cttx/Lz","tlshash":"2722635d4d16957245bb63bbaf73a048fa36912721418288bdccc3016fb2ac5dd92fec","first_seen":"2025-05-27T17:22:25.480794Z","last_seen":"2025-12-17T12:49:35.659594Z","times_seen":158,"resource_available":true,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/img/logo-small-70.png","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /dist/img/logo-small-70.png HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 2367\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 16 May 2025 03:13:22 GMT\r\netag: W/\"93f-196d71509ad\"\r\nx-robots-tag: all\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2367,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 48, 8-bit/color RGBA, non-interlaced","md5":"9823eef0eed8a9166aa4bd86355bd908","sha1":"95259a972d3c0c7a5a97e9f7bd109dcdc50e5f27","sha256":"25f5229d2c05f4883245fe331033b79f2b77dd84296151ae8c59b1ed27e7fe5c","sha512":"5b71f2716f0edaf4864dd1e16961e453705104e22bbc0144495eb94e78fa2d829654f1a614d7b423b8f00f980f10743db39734cf86b73075deb7da9ffa3467ad","ssdeep":"","tlshash":"b4411ada9c06e758ef3ec5da2159ca91c9d92efd72104d8739749d03c50fb81d598c83","first_seen":"2023-05-11T04:52:24Z","last_seen":"2026-05-11T21:27:01.632666Z","times_seen":431,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/plugins/fontawesome/webfonts/fa-solid-900.woff2","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /plugins/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 157192\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 16 May 2025 03:13:22 GMT\r\netag: W/\"26608-196d71509b5\"\r\nx-robots-tag: all\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":157192,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 157192, version 774.256","md5":"237f4a0afbdb652fb2330ee7e1567dd3","sha1":"69335cd6a6ac82253ea5545899cccde35af39131","sha256":"1f0189e087fcefbf654fad74a3a06668b782c01353a61d5c0b7f0bf23e33c020","sha512":"27e8e1f91507179c207f93a19485738ed5d372a977eb27d44a4ed163013097d38b117c7a5bf4336ecc9862ca514d78ffcd2b8a07e304bbfe1b2cce9c087baa38","ssdeep":"3072:Qeqp46DjdHdb7UT/IGFc27+78oGmfIXe0pGRDH9tQm1pbYqup:Q16n/IqpoG2IXZYTtxrbdO","tlshash":"5ce3125bf5e6dbe5525e6d64fb5478972b1030823ee11cf12ce2206eb889317399e08f","first_seen":"2024-07-18T18:39:32Z","last_seen":"2026-05-15T14:25:20.006389Z","times_seen":13342,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.gofile.io/js/script.js","fqdn":"s.gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.159.98.203","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /js/script.js HTTP/1.1\r\nHost: s.gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: application/javascript\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nx-robots-tag: noindex, nofollow\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1346,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1346), with no line terminators","md5":"abd4e2373b2e8c4dac2e80159641c5f1","sha1":"e273656e58ca934d873204e68dd35670fde657ed","sha256":"021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94","sha512":"fb04feb14c2eb999da4b032812a447e1d3b9f0fbc85abcdfb886df2cf1bdc1bcae1684a4e118626ecad9441fa56302ff8981b4ded5da2033012eed2e8a258398","ssdeep":"","tlshash":"0621569b78423a758cb0e9a7aa2f7703353766257809a413910196533414e4f8379ecd","first_seen":"2023-05-22T17:22:24Z","last_seen":"2026-05-15T13:34:21.466927Z","times_seen":8137,"resource_available":true,"data":null}},"time_used":186,"timings":{"blocked":76,"dns":14,"connect":26,"send":0,"wait":27,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"s.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/plugins/fontawesome/webfonts/fa-brands-400.woff2","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /plugins/fontawesome/webfonts/fa-brands-400.woff2 HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 118072\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 16 May 2025 03:13:22 GMT\r\netag: W/\"1cd38-196d71509b1\"\r\nx-robots-tag: all\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":118072,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 118072, version 774.256","md5":"715d593456fa02fe72a008a72398f5be","sha1":"e948290773216dc1b50c2121314a8cf918c22b54","sha256":"c411f11975d26eb04cd2aa3c071181d4b18e489f1fb97060d4176a3531dfb36e","sha512":"1f63209c93a462c2690442c9cf1c3e5a67f2df7a67dfcda2cb81292a2dbb90641aa0ab81c25323a1f2d9f0fa09b3421d136ae5228c47e581c51912ba284de46e","ssdeep":"3072:3wqMZaMDlYfb+t0YI4WlLL7rE2ZjX+B+pdJpimtm:gpZNYfytUxH7rnZj+Szpiz","tlshash":"71b3137922e526408e9d0e3bbf7b6a6ec7f8719ddbd4c10aa7d18469001738ed8d842c","first_seen":"2024-07-20T13:53:50Z","last_seen":"2026-05-15T14:25:19.953575Z","times_seen":9115,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.gofile.io/accounts/website","fqdn":"api.gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:53.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"OPTIONS /accounts/website HTTP/1.1\r\nHost: api.gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: authorization\r\nReferer: https://gofile.io/\r\nOrigin: https://gofile.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 8\r\naccess-control-allow-origin: https://gofile.io\r\naccess-control-allow-headers: Content-Type, Authorization\r\naccess-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD\r\naccess-control-allow-credentials: true\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nallow: GET,HEAD\r\netag: W/\"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg\"\r\nx-robots-tag: noindex, nofollow\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"f30c3a40e9a3e65c868c754a5de95919","sha1":"65101ff283414b70636ff494d866190a66ed9978","sha256":"875befe7cefc0715a17dc737f9514dda981f79a3c9f174badcae5bd1cc2425fe","sha512":"7c3dc1b13abbadaf23c0bdb3e1b2e4c70ea798f8980a2100c8c3e85ad7054fa31857603fe774d5c845b73245b55cc1b939e3b33b3a93830eee4e3e7af8307c6a","ssdeep":"","tlshash":"c250000f0c0000000000000cc0000000000000003000000000c0000c00000c00030000","first_seen":"2023-04-05T16:08:44Z","last_seen":"2026-05-15T07:42:27.922559Z","times_seen":3417,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"api.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.gofile.io/accounts/website","fqdn":"api.gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:53.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /accounts/website HTTP/1.1\r\nHost: api.gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nAuthorization: Bearer 3cBfchLifChbZNZFjHe8Q29sF8GmJNfr\r\nOrigin: https://gofile.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: https://gofile.io\r\naccess-control-allow-headers: Content-Type, Authorization\r\naccess-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD\r\naccess-control-allow-credentials: true\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\netag: W/\"23c-6h6l4T8zW3qqfzAruvl1xfkXsXk\"\r\nx-robots-tag: noindex, nofollow\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":572,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3dbdc44ebcc1a222ce53b2ffdf04f56c","sha1":"ea1ea5e13f335b7aaa7f302bbaf975c5f917b179","sha256":"e2195e0ce0e5fedef4f5e1723d90027f75003b61464382b81ef2295a9171c59f","sha512":"168242be94541a2b92ed890104a2f6ba48a1e6d9c5d798a603ee0e6c97c4b94e10a4c0aa833089f7a191165e8ea0f4b842d17adb6566ce0d3444a6b0d02bf988","ssdeep":"","tlshash":"18f0e1416f2c5dad3e90c4cb8c8f5e2726ac1245e542c1d88cebf92a844de7c9d5aa84","first_seen":"2025-11-16T04:12:16.287044Z","last_seen":"2025-11-16T04:12:16.287044Z","times_seen":1,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"api.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.gofile.io/contents/96et3I?wt=4fd6sg89d7s6\u0026contentFilter=\u0026page=1\u0026pageSize=1000\u0026sortField=name\u0026sortDirection=1","fqdn":"api.gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:53.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"OPTIONS /contents/96et3I?wt=4fd6sg89d7s6\u0026contentFilter=\u0026page=1\u0026pageSize=1000\u0026sortField=name\u0026sortDirection=1 HTTP/1.1\r\nHost: api.gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: authorization\r\nReferer: https://gofile.io/\r\nOrigin: https://gofile.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 8\r\naccess-control-allow-origin: https://gofile.io\r\naccess-control-allow-headers: Content-Type, Authorization\r\naccess-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD\r\naccess-control-allow-credentials: true\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nallow: GET,HEAD\r\netag: W/\"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg\"\r\nx-robots-tag: noindex, nofollow\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"f30c3a40e9a3e65c868c754a5de95919","sha1":"65101ff283414b70636ff494d866190a66ed9978","sha256":"875befe7cefc0715a17dc737f9514dda981f79a3c9f174badcae5bd1cc2425fe","sha512":"7c3dc1b13abbadaf23c0bdb3e1b2e4c70ea798f8980a2100c8c3e85ad7054fa31857603fe774d5c845b73245b55cc1b939e3b33b3a93830eee4e3e7af8307c6a","ssdeep":"","tlshash":"c250000f0c0000000000000cc0000000000000003000000000c0000c00000c00030000","first_seen":"2023-04-05T16:08:44Z","last_seen":"2026-05-15T07:42:27.922559Z","times_seen":3417,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"api.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.gofile.io/contents/96et3I?wt=4fd6sg89d7s6\u0026contentFilter=\u0026page=1\u0026pageSize=1000\u0026sortField=name\u0026sortDirection=1","fqdn":"api.gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:53.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /contents/96et3I?wt=4fd6sg89d7s6\u0026contentFilter=\u0026page=1\u0026pageSize=1000\u0026sortField=name\u0026sortDirection=1 HTTP/1.1\r\nHost: api.gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nAuthorization: Bearer 3cBfchLifChbZNZFjHe8Q29sF8GmJNfr\r\nOrigin: https://gofile.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: https://gofile.io\r\naccess-control-allow-headers: Content-Type, Authorization\r\naccess-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD\r\naccess-control-allow-credentials: true\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\netag: W/\"39e-OIZb/HSdJ0jpm8VAG551tp+dOxY\"\r\nx-robots-tag: noindex, nofollow\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":926,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1f9397268c8b1ce05f45ca299db179be","sha1":"38865bfc749d2748e99bc5401b9e75b69f9d3b16","sha256":"8245e32ebd3d876b40dc91200977eb145650d9b4217aea98bd265141c1fb070b","sha512":"267bb9fa470cbb98d2c82f904e006a8917c0583734cd92bf1da2d20acbecf2d9564f0ee0568c4a9dd48203c4dbd42767f928ee58f70b5e15ee6669ccc1c9b4a5","ssdeep":"","tlshash":"8211d04af545463fbb08f0e0e4489701be6f311f56949f083a62e67d892b88f315b05f","first_seen":"2025-11-16T04:12:16.288626Z","last_seen":"2025-11-16T04:12:16.288626Z","times_seen":1,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"api.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ad.a-ads.com/2059298?size=300x250","fqdn":"ad.a-ads.com","domain":"a-ads.com","tld":"com"},"ip":{"addr":"78.46.174.169","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:53.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.a-ads.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Sun, 05 Jan 2025 00:00:00 GMT","end":"Tue, 09 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"29:38:CF:C5:B7:11:ED:58:BF:D9:11:7B:D8:5E:88:8A:48:33:9A:23","sha256":"45:FA:EB:77:C6:2A:DF:41:C5:2C:81:84:37:99:0F:D1:0C:30:DB:93:1C:13:5F:30:1E:A3:18:97:81:88:BA:0E"}}},"request":{"raw":"GET /2059298?size=300x250 HTTP/1.1\r\nHost: ad.a-ads.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: text/html;charset=utf-8\r\nvary: Accept-Encoding, Accept-Encoding\r\nstatus: 200 OK\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-powered-by: Phusion Passenger(R)\r\nx-original-referer: https://gofile.io/\r\nx-robots-tag: noindex, nofollow, nosnippet, noarchive\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Phusion Passenger","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14577,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (7346)","md5":"b4dc6da671ffb4701fc2f3c6b41d1e5f","sha1":"55ecd6c6a1692b880d28a8b4e6b3bbfa890a1c78","sha256":"c3386affd77a79f624b2fed3aa01433c8879b7714c8dbae4ad25cf49db113c1a","sha512":"77463501a4174b9ae7965fd9a0907834441fde8c392490f78894d56a4efdba6069a56a2e4b97a4f604b1e9da595be1c01da52fe555b3e71b0e90c5e72db544a7","ssdeep":"192:cj1YzXciFm6Bm+hDSoEdm+It048h8LwWPq0d50xQrTmhz5W18CwPtXea8Jcz:cwNIorNLPPq0PlwR9B","tlshash":"8062a713a295b12e343c3e1fbc4165ed7115f029eab24fd0f4e99a75d28b2ca1d9194c","first_seen":"2025-10-17T13:38:38.281926Z","last_seen":"2025-11-16T04:12:16.291164Z","times_seen":5,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":100,"dns":14,"connect":24,"send":0,"wait":34,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/img/favicon16.png","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /dist/img/favicon16.png HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 503\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 16 May 2025 03:13:22 GMT\r\netag: W/\"1f7-196d71509ad\"\r\nx-robots-tag: all\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":503,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"ad98355e85075a8ebc15a01f875e1aab","sha1":"de8398fdfeb3bbd48a58a8b12453e1fee61e5f2d","sha256":"6a437098dcbb8a0354ae28a5f7825685f471c13cecb83186cc950844df7c76c4","sha512":"1b5d5402256ec3ccc20f1b1b635a9ea16131c2aec49c94105c8b7d3e32c9bfd45e937bde8af35ced6b22f39526de2672ba145ec43f49aba4d7a66da79e13819a","ssdeep":"","tlshash":"5cf0c0b453141c59d79f92276b7380519d94328e0cf055967e83d0160dc55c7a5a1565","first_seen":"2023-05-23T11:16:46Z","last_seen":"2026-05-11T21:27:01.653528Z","times_seen":385,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/contents/filemanager.html","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:53.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /contents/filemanager.html HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: accountToken=3cBfchLifChbZNZFjHe8Q29sF8GmJNfr\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Wed, 04 Jun 2025 20:44:06 GMT\r\netag: W/\"4f7e-1973cafd615\"\r\nx-robots-tag: all\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20350,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with very long lines (324), with CRLF line terminators","md5":"1e134ad43c2121f45eda92ab87f18ccd","sha1":"aa2f977579d49c5009735c028f50cdef6dbd1590","sha256":"5f340636fe9c817f4e881c30ec2b25b84cf95fe7f95a6a3643ba3addde7ed1d3","sha512":"113d80bc3d41f2c432d2388999b00c9b0ac8ba64366ecacbd947608b9a001f0248e9bed727af450c0b249348119c15b8307ce534ee238a2538975c6db628ad5e","ssdeep":"192:a/o3N8O4EZIYY1pquw0wdlKgwBh08wJwtF4noQ0tUEoIIOpiYOoDO8he:a/kN8OZUMxQrm1yjBlDOoe","tlshash":"e2920466a2f5016b41b7d3a77465af26fc8ac207c743e408367c529b2ff3e0609eb165","first_seen":"2025-06-07T19:20:51.957184Z","last_seen":"2025-12-09T02:43:11.787244Z","times_seen":85,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/css/output.css","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /dist/css/output.css HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 06 Jun 2025 18:15:53 GMT\r\netag: W/\"d036-1974674dccd\"\r\nx-robots-tag: all\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53302,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (51073)","md5":"be3e892e0c00caeef022689231381414","sha1":"2dc06d2184f0f71fc3970cbd7f860c8ff8588c15","sha256":"e8daff8925a628a251a0eec63d2a960a81ea0fb23e185f5a0a7c23f2fa401ffc","sha512":"7d9f178af8a228cb09c6c7ee55ea8b1a633f60efdba67539771f49dbd4216ee0e307f58e5037a6f85379864f70fc13cd407a52d587074601e766c0895afeace5","ssdeep":"384:GHXwBxqJMcc5ydzRFiQAfiVb8gTs2f6ODCGyl9ta2E6f42cr2dKlmeZNUr/2ZLS:GHAC+es2f6Omj7E6T6JZNUr/SG","tlshash":"e233a42dd7a0157b7c37a2e9d5f4985d7216f2d0ee7a47dae8925200afe23f31c4a900","first_seen":"2025-06-07T19:20:51.951463Z","last_seen":"2025-11-16T04:12:16.295943Z","times_seen":138,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/plugins/fontawesome/css/all.min.css","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /plugins/fontawesome/css/all.min.css HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 16 May 2025 03:13:22 GMT\r\netag: W/\"17906-196d71509b1\"\r\nx-robots-tag: all\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":96518,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (58966)","md5":"fbf1f3445f2554bce753c92cf6851b41","sha1":"3c73ff1cd7b97c189f139367dbac43dcf5d2c70d","sha256":"e5e202e3c899507992952533f57b634722b69b34241d271963559d31aa33ef81","sha512":"29cdf6def18112acd39a8b801029d571ec90ab2a9db128aa2d021204bdbd6945b853f33ba523c0fe0114650aafd5cc31e0e9d8c53c6f7b950c839193e8be0926","ssdeep":"1536:E6M1MvMaMfMRQk709/bQZMfjSFOlyPG9dXgRw0J:H709/UGGFwyPG9dwRw0J","tlshash":"559373f8e44c05d97732c44bab55b37c65b6f738d5810ca9f02f590c2ad26a822caf79","first_seen":"2024-07-20T00:27:59Z","last_seen":"2026-05-15T15:18:55.13832Z","times_seen":11988,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/js/blockies.min.js","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /dist/js/blockies.min.js HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 16 May 2025 03:13:22 GMT\r\netag: W/\"55a-196d71509ad\"\r\nx-robots-tag: all\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1370,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1370), with no line terminators","md5":"567bdd7d405e2abf153c07d6ac299743","sha1":"a6a373484bb6ab2e0f592cccbabd45fa2bdad538","sha256":"7308155e336bc6ae28550692d7153ea146e7272708ab501620d2d8c10df37fe3","sha512":"88951c109433e9e697718f702c415775632f29053886e69ef2ac94648693b0d7abd6d84180866c760e370b18c943ae811681a3d1d7e52f2f21811db052bb76f2","ssdeep":"","tlshash":"602166c4b35814bf924b054d0d4fc18bb338ea14691bea945749d85638e49d891bdc9d","first_seen":"2024-12-04T17:08:30.358921Z","last_seen":"2026-05-11T21:27:01.648861Z","times_seen":351,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/dist/img/favicon96.png","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /dist/img/favicon96.png HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 2886\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 16 May 2025 03:13:22 GMT\r\netag: W/\"b46-196d71509ad\"\r\nx-robots-tag: all\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2886,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"9b3b5acb71b2951ab5f82965f5cf02c4","sha1":"f58d450c5dbb5a7d5bc1dcb3cf186e6c8a4f81cc","sha256":"40a0628e5673cd81d91142b1b7db3cd9e472efceb1b464dd90c0ca9f627623f2","sha512":"026aca4e1fcf2bee689be7592d0667cecd62ac05658342dcd72216f3e1551869359c9e9aa8dee77c147f915dd490aec5367d59d191566689bcc66481510c7824","ssdeep":"","tlshash":"94516d8b154fc9585e5df409d3160575ab1721b7b65e210f4dcfe1485228bade270235","first_seen":"2023-05-11T04:52:24Z","last_seen":"2026-05-11T21:27:01.615245Z","times_seen":445,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.gofile.io/api/event","fqdn":"s.gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.159.98.203","port":443,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:53.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"POST /api/event HTTP/1.1\r\nHost: s.gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nContent-Type: text/plain\r\nContent-Length: 74\r\nOrigin: https://gofile.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 202 Accepted\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 2\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: \r\ncache-control: max-age=0, private, must-revalidate\r\nx-request-id: GHhhXp8DpEyCmGgLfDeC\r\nx-robots-tag: noindex, nofollow\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-05-15T15:17:01.767519Z","times_seen":411892,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":69,"dns":3,"connect":26,"send":0,"wait":72,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"s.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ad.a-ads.com/2059298?size=300x250","date":"2025-11-16T04:11:53.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"86:F4:DF:07:D6:8D:EF:68:44:7A:73:C8:39:14:1A:2F:98:5E:A2:40","sha256":"A0:B7:4F:94:25:40:33:52:BC:F7:0A:E1:AD:30:BD:19:C3:E9:BB:25:0B:05:26:7C:F8:BB:F0:59:3B:E7:F2:8D"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ad.a-ads.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 16 Nov 2025 04:11:53 GMT\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-05-15T15:11:43.154694Z","times_seen":26303,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":104,"dns":1,"connect":29,"send":0,"wait":55,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.a-ads.com/a-ads-banners/547937/300x250?region=eu-central-1","fqdn":"static.a-ads.com","domain":"a-ads.com","tld":"com"},"ip":{"addr":"78.46.33.196","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ad.a-ads.com/2059298?size=300x250","date":"2025-11-16T04:11:53.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.a-ads.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Sun, 05 Jan 2025 00:00:00 GMT","end":"Tue, 09 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"29:38:CF:C5:B7:11:ED:58:BF:D9:11:7B:D8:5E:88:8A:48:33:9A:23","sha256":"45:FA:EB:77:C6:2A:DF:41:C5:2C:81:84:37:99:0F:D1:0C:30:DB:93:1C:13:5F:30:1E:A3:18:97:81:88:BA:0E"}}},"request":{"raw":"GET /a-ads-banners/547937/300x250?region=eu-central-1 HTTP/1.1\r\nHost: static.a-ads.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ad.a-ads.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: image/gif\r\ncontent-length: 228586\r\nx-amz-id-2: 1mcDvrH+iRxQVNjiS3D3Z3QOTu/YBEeeqNdBgMhKWoGRQe1uiSzTaCpWqKlVv847saJ9dFZhybITEYnAi7+Vn5ln1zPa8tGSJNf5O1zp2gk=\r\nx-amz-request-id: A0XP48H4TFTRSD83\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Fri, 17 Oct 2025 09:14:30 GMT\r\netag: \"0982bd77bdb4b58f9ee1a447513b78e6\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: max-age=315360000\r\nx-amz-version-id: lSXaU.Qq6LnE4Y4fNItaEYT9xhFgNu7A\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":228586,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 250","md5":"0982bd77bdb4b58f9ee1a447513b78e6","sha1":"d102da57b85b050e59bb1a435c33829af707221a","sha256":"3078e6270414c3b1a32d020c451fd17a924a41d1de9c365bf786011b2928a784","sha512":"d212a20b13caf27848dbbf65df00d5ed1321558f9d8be3028df329f764b272f8e2fb23e656161f85007191bf794f4a955666a99e5d2dfb4a9b69e0c24fdaec21","ssdeep":"6144:HIKNXWdbMsehgcaBQ6rh2AhgexmhDyHTcUlpisQ6:HtWdbnDBQ2jXxmhDy4UpisQ6","tlshash":"36241236a05f56cbccb97970e4e90f880b78d2e63426aa15209ffec7dc954cdbc80599","first_seen":"2025-10-17T11:10:30.748181Z","last_seen":"2025-12-16T18:28:24.105654Z","times_seen":215,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":61,"dns":1,"connect":24,"send":0,"wait":47,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ad.a-ads.com/2059298?size=300x250","date":"2025-11-16T04:11:53.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"4A:97:40:A8:11:17:BA:08:56:28:6E:0B:93:8B:64:13:1D:67:D4:2A","sha256":"A2:0A:13:FD:98:22:74:26:3F:C1:44:5C:92:27:22:17:A8:65:07:40:50:F9:14:02:11:E4:87:7F:C5:D2:F1:42"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ad.a-ads.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 12 Nov 2025 17:23:53 GMT\r\nexpires: Thu, 12 Nov 2026 17:23:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 298081\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-15T15:20:34.672223Z","times_seen":180141,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":82,"dns":1,"connect":15,"send":0,"wait":19,"receive":24,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.gofile.io/accounts","fqdn":"api.gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://gofile.io/d/96et3I","date":"2025-11-16T04:11:52.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"POST /accounts HTTP/1.1\r\nHost: api.gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://gofile.io/\r\nOrigin: https://gofile.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:53 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: https://gofile.io\r\naccess-control-allow-headers: Content-Type, Authorization\r\naccess-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD\r\naccess-control-allow-credentials: true\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\netag: W/\"b2-K6Y0adLUgMDIKhZW/WG2xOjaPhg\"\r\nx-robots-tag: noindex, nofollow\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":178,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"92fcba568df26b05dbe7a56321301dab","sha1":"2ba63469d2d480c0c82a1656fd61b6c4e8da3e18","sha256":"04ddb5de59f001a05b3fb9c09cc8d2d6d17aebac5c9b3b34c50ae3762c5f1b40","sha512":"071a8d9700ba05cd192d4e3b8ea1305a948a7bc628edc0c3bd5de9a6a6c33e40eb6c637dd7340942f15db797fe0e48a45214695fbc21259a7c64dcbe54460bdd","ssdeep":"","tlshash":"62c08005ce55019d14815dc21dc9da371be91463d017245d55cf2776444c9f8d27f5a5","first_seen":"2025-11-16T04:12:16.301562Z","last_seen":"2025-11-16T04:12:16.301562Z","times_seen":1,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":104,"dns":50,"connect":24,"send":0,"wait":45,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"api.gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gofile.io/d/96et3I","fqdn":"gofile.io","domain":"gofile.io","tld":"io"},"ip":{"addr":"51.75.242.210","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-16T04:11:52.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gofile.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 17:06:39 GMT","end":"Sun, 25 Jan 2026 17:06:38 GMT"},"fingerprint":{"sha1":"2A:50:AA:A4:6A:47:6B:F2:53:35:6D:99:BC:2D:70:EB:99:B2:3E:6A","sha256":"D9:D1:DE:54:6F:35:3D:E1:91:F0:E7:24:34:67:92:6F:03:C7:74:11:6E:9D:39:0C:5C:03:E5:D4:64:2C:63:92"}}},"request":{"raw":"GET /d/96et3I HTTP/1.1\r\nHost: gofile.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Sun, 16 Nov 2025 04:11:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-dns-prefetch-control: off\r\nexpect-ct: max-age=0\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-download-options: noopen\r\nx-content-type-options: nosniff\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: origin\r\nx-xss-protection: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 30 May 2025 22:05:14 GMT\r\netag: W/\"1d53-197233a5275\"\r\nx-robots-tag: all\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7507,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5034a7a6f14a507c2e9390d65e0bf7d0","sha1":"bef33ef6bff3f59cf758576d68dfd5b8115688ab","sha256":"c38a1f048bea4ad3a718474c1ed34492686ae22f654b89730355aa6e7008c351","sha512":"43ee82d2ae1825d69a96fdf3691bd002ccde5ff5c4640580d4f6a0c0c6b6f4e06809d5d7b1abb1d44aceffdf5831acb8f6980fa18d10eed829e3b44b096a39b5","ssdeep":"96:CMqVAoSlLh2B3Zq36uWl/PtxyjttJQ8Maoah3vL5LaNclmnU1Eh2sS:TMilLhwJrPahtJxMaoah3vG12sS","tlshash":"03f1205611f2446b42e3c29879f1fe2dadc68347c31aad4472ad42da1fd7d078dcb0a5","first_seen":"2025-05-31T10:16:23.252367Z","last_seen":"2025-12-09T02:43:11.788658Z","times_seen":151,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":81,"dns":24,"connect":25,"send":0,"wait":26,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-16","alert":"Sinkholed","trigger":"gofile.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}