dfiles.eu/files/fviflp7rd/ASCR_Lost-Archive-DLC.exe
91.226.124.76302 Moved Temporarily 138 B URL HTTP/1.1 dfiles.eu/files/fviflp7rd/ASCR_Lost-Archive-DLC.exe
IP 91.226.124.76:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /files/fviflp7rd/ASCR_Lost-Archive-DLC.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 29 Jan 2023 00:24:28 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: https://dfiles.eu/files/fviflp7rd/ASCR_Lost-Archive-DLC.exe
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11677
Expires: Sun, 29 Jan 2023 03:39:05 GMT
Date: Sun, 29 Jan 2023 00:24:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13946
Expires: Sun, 29 Jan 2023 04:16:54 GMT
Date: Sun, 29 Jan 2023 00:24:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8994
Expires: Sun, 29 Jan 2023 02:54:22 GMT
Date: Sun, 29 Jan 2023 00:24:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 23:43:06 GMT
content-type: application/json
age: 2482
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /1U/8qxHdlY7qjRyFIbzhiV2Qwhdzips5dZlQ6qTpSTcHI9dnktxEIRJtXbIxopuStwWmJsDiJI=
x-amz-request-id: ZG81GM0DHAZ911H1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 23:50:06 GMT
age: 2063
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6bcc88068a7fe9c730071d2e175f40bc
085fdc1ee2b263977cb488da9759876810c14710
d3fee72d480fbfc2a7d5a53f633358d97cc2cb9cdfc1b731c4a9cd7669a45557
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3FEE72D480FBFC2A7D5A53F633358D97CC2CB9CDFC1B731C4A9CD7669A45557"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9329
Expires: Sun, 29 Jan 2023 02:59:58 GMT
Date: Sun, 29 Jan 2023 00:24:29 GMT
Connection: keep-alive
dfiles.eu/files/fviflp7rd/ASCR_Lost-Archive-DLC.exe
91.226.124.76200 OK 9.1 kB URL HTTP/1.1 dfiles.eu/files/fviflp7rd/ASCR_Lost-Archive-DLC.exe
IP 91.226.124.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6441), with CRLF, CR, LF line terminators
Hash 65389bc3cf639ac8b1197db27beb544a
50117938d80b06382ce2ea6ab2213fcbb8e9ba9a
b48a3a45ec1a6d87ef8d86f3567a90ae4a1cdddc7c52d911cda5e024b885d0e4
GET /files/fviflp7rd/ASCR_Lost-Archive-DLC.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; path=/; domain=.dfiles.eu
last_file=fviflp7rd; path=/; domain=.dfiles.eu
lang_current=en; expires=Mon, 29-Jan-2024 00:24:29 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 00:24:29 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 86352d15c37831cf9bf1e41325029224
ac8b28bcc1e6dd026e1f62d1ef8b9f80a42eee21
154f5f5e116df41f5d3bd414c671138b2afc198071529a0f3573109277566cd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
142.250.74.132200 OK 556 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.132:0
File type ASCII text, with very long lines (850), with no line terminators
Hash f678bcfbe98b4039961065c12543bfd0
31a000bba532f910d036c24c795ef3636450e4c3
1dabb56e42c7b0a90264a0e7d8884e4111eed0e1b6321cab5f6e26440d63da8d
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 29 Jan 2023 00:24:29 GMT
date: Sun, 29 Jan 2023 00:24:29 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0de5530ca6167a149e3641cca267bcd3
f1c536b525970eddc720dc7d4f068aeec7be2ee7
748343bbeea47c2b05996fcd6fce0a1563541202cce22924483c41ae67be8b48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "748343BBEEA47C2B05996FCD6FCE0A1563541202CCE22924483C41AE67BE8B48"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16677
Expires: Sun, 29 Jan 2023 05:02:26 GMT
Date: Sun, 29 Jan 2023 00:24:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0de5530ca6167a149e3641cca267bcd3
f1c536b525970eddc720dc7d4f068aeec7be2ee7
748343bbeea47c2b05996fcd6fce0a1563541202cce22924483c41ae67be8b48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "748343BBEEA47C2B05996FCD6FCE0A1563541202CCE22924483C41AE67BE8B48"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16677
Expires: Sun, 29 Jan 2023 05:02:26 GMT
Date: Sun, 29 Jan 2023 00:24:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0de5530ca6167a149e3641cca267bcd3
f1c536b525970eddc720dc7d4f068aeec7be2ee7
748343bbeea47c2b05996fcd6fce0a1563541202cce22924483c41ae67be8b48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "748343BBEEA47C2B05996FCD6FCE0A1563541202CCE22924483C41AE67BE8B48"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16677
Expires: Sun, 29 Jan 2023 05:02:26 GMT
Date: Sun, 29 Jan 2023 00:24:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0de5530ca6167a149e3641cca267bcd3
f1c536b525970eddc720dc7d4f068aeec7be2ee7
748343bbeea47c2b05996fcd6fce0a1563541202cce22924483c41ae67be8b48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "748343BBEEA47C2B05996FCD6FCE0A1563541202CCE22924483C41AE67BE8B48"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16677
Expires: Sun, 29 Jan 2023 05:02:26 GMT
Date: Sun, 29 Jan 2023 00:24:29 GMT
Connection: keep-alive
static.depositfiles.com/js/gold_offer.js
91.226.124.77200 OK 9.9 kB URL HTTP/1.1 static.depositfiles.com/js/gold_offer.js
IP 91.226.124.77:0
File type HTML document text\012- HTML document, ASCII text
Hash 041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b
GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: application/javascript
Content-Length: 9887
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-269f"
Expires: Sun, 29 Jan 2023 00:29:29 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/download_utils.js
91.226.124.77200 OK 13 kB URL HTTP/1.1 static.depositfiles.com/js/download_utils.js
IP 91.226.124.77:0
File type ASCII text, with very long lines (2250)
Hash 90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea
GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: application/javascript
Content-Length: 13383
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-3447"
Expires: Sun, 29 Jan 2023 00:29:29 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ef589be52a3e55b643978f17949a73da
74545de6f144282252ff92c751f97cc835c80341
7bfa68c43e60a2627770163b5c1b96fbd7e4843984ad5ff6225c5490b8073b26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.depositfiles.com/js/jquery.validate.js
91.226.124.77200 OK 38 kB URL HTTP/1.1 static.depositfiles.com/js/jquery.validate.js
IP 91.226.124.77:0
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-957d"
Expires: Sun, 29 Jan 2023 00:29:29 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/function.js
91.226.124.77200 OK 35 kB URL HTTP/1.1 static.depositfiles.com/js/function.js
IP 91.226.124.77:0
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-8863"
Expires: Sun, 29 Jan 2023 00:29:29 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/css/main.css
91.226.124.77200 OK 47 kB URL HTTP/1.1 static.depositfiles.com/css/main.css
IP 91.226.124.77:0
File type ASCII text, with very long lines (332)
Hash cea03c07a2dcdd9444f5f6de6a3f6c64
89307ec85eb1fa31aa0b0d759e13f78970b0375b
5ecd5842291f787ca0d39182e73ab7992ed55dccce2aaeb7cfc4e10ba3917634
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: text/css
Last-Modified: Thu, 28 Apr 2022 10:40:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"626a6f19-2f719"
Expires: Sun, 29 Jan 2023 00:29:29 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
static.depositfiles.com/js/base2.js
91.226.124.77200 OK 399 kB URL HTTP/1.1 static.depositfiles.com/js/base2.js
IP 91.226.124.77:0
File type Unicode text, UTF-8 text, with very long lines (65481)
Size 399 kB (398927 bytes)
Hash 2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-6164f"
Expires: Sun, 29 Jan 2023 00:29:29 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 23:41:40 GMT
age: 2569
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8c9d07227c8257f662fe5cebaf7eee4f
0f9d5142aa05583bdf693de42154847a0e63596a
2374b384f2b81bf129471dcd3c2a67a90af337d2bc3b0465cf8f058828ca166f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2374B384F2B81BF129471DCD3C2A67A90AF337D2BC3B0465CF8F058828CA166F"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9904
Expires: Sun, 29 Jan 2023 03:09:33 GMT
Date: Sun, 29 Jan 2023 00:24:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12683
Expires: Sun, 29 Jan 2023 03:55:52 GMT
Date: Sun, 29 Jan 2023 00:24:29 GMT
Connection: keep-alive
pl16105218.highcpmrevenuenetwork.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 pl16105218.highcpmrevenuenetwork.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37146), with no line terminators
Hash e7ad318e41b1c33a6757792332b9e5fa
51b910eda5b2db2f28b452b6748251b55f72d3d6
ffb4f017abdd77c32f15ebdedded61539b77803ed8b28203164fe03b569bc9cc
Analyzer Verdict Alert quad9 Sinkholed
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dd3dc3d674f83a7c2f2ae6508474d751
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/yes.png
91.226.124.77200 OK 3.3 kB URL HTTP/1.1 static.depositfiles.com/images/yes.png
IP 91.226.124.77:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac
GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: image/png
Content-Length: 3275
Last-Modified: Thu, 28 Apr 2022 10:40:27 GMT
Connection: keep-alive
ETag: "626a6f1b-ccb"
Accept-Ranges: bytes
static.depositfiles.com/images/no.png
91.226.124.77200 OK 3.1 kB URL HTTP/1.1 static.depositfiles.com/images/no.png
IP 91.226.124.77:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79
GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: image/png
Content-Length: 3146
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-c4a"
Accept-Ranges: bytes
static.depositfiles.com/images/speed_small_gold.gif
91.226.124.77200 OK 14 kB URL HTTP/1.1 static.depositfiles.com/images/speed_small_gold.gif
IP 91.226.124.77:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9
GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: image/gif
Content-Length: 14492
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-389c"
Expires: Fri, 03 Feb 2023 00:24:29 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/speed_small.gif
91.226.124.77200 OK 24 kB URL HTTP/1.1 static.depositfiles.com/images/speed_small.gif
IP 91.226.124.77:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991
GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:29 GMT
Content-Type: image/gif
Content-Length: 23980
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-5dac"
Expires: Fri, 03 Feb 2023 00:24:29 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/logo.png
91.226.124.77200 OK 3.6 kB URL HTTP/1.1 static.depositfiles.com/images/logo.png
IP 91.226.124.77:0
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-e27"
Accept-Ranges: bytes
static.depositfiles.com/images/flags/lang24.png
91.226.124.77200 OK 9.2 kB URL HTTP/1.1 static.depositfiles.com/images/flags/lang24.png
IP 91.226.124.77:0
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-23d4"
Accept-Ranges: bytes
static.depositfiles.com/images/upload_btn_bg.gif
91.226.124.77200 OK 9.0 kB URL HTTP/1.1 static.depositfiles.com/images/upload_btn_bg.gif
IP 91.226.124.77:0
File type GIF image data, version 89a, 209 x 75\012- data
Hash 6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b
GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/gif
Content-Length: 9010
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-2332"
Expires: Fri, 03 Feb 2023 00:24:30 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/sprite64.png
91.226.124.77200 OK 29 kB URL HTTP/1.1 static.depositfiles.com/images/sprite64.png
IP 91.226.124.77:0
File type PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Hash e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d
GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/png
Content-Length: 28747
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-704b"
Accept-Ranges: bytes
static.depositfiles.com/images/member_menu_bg.gif
91.226.124.77200 OK 78 B URL HTTP/1.1 static.depositfiles.com/images/member_menu_bg.gif
IP 91.226.124.77:0
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-4e"
Expires: Fri, 03 Feb 2023 00:24:30 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/sprite.png
91.226.124.77200 OK 37 kB URL HTTP/1.1 static.depositfiles.com/images/sprite.png
IP 91.226.124.77:0
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-8fc2"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite16.png
91.226.124.77200 OK 28 kB URL HTTP/1.1 static.depositfiles.com/images/sprite16.png
IP 91.226.124.77:0
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-6f55"
Accept-Ranges: bytes
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9529cb693cf315558319c1184da0abfe
4a487d37fbe9a6dfa0c4f37762092a2eaf009de8
f8553cb6a69d53d3317428d7e79e2670d235ac15444b297a95a3a46057f2363d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F8553CB6A69D53D3317428D7E79E2670D235AC15444B297A95A3A46057F2363D"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7694
Expires: Sun, 29 Jan 2023 02:32:44 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e7246c168d1e23666df051b9c84b6b0
b9497a133daa48055cdfe1ae7cb2f200780827a8
56842af67f34a57de2997bc9abb46101af214f58c6c272b245c153562220c83e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56842AF67F34A57DE2997BC9ABB46101AF214F58C6C272B245C153562220C83E"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2918
Expires: Sun, 29 Jan 2023 01:13:08 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
push.services.mozilla.com/
35.164.56.167101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.56.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: i1DNsPGnauvoW9JfcrC8uQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +ak0FGLJidDhn69yrf9jLFlg18k=
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
91.226.124.76303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; last_file=fviflp7rd; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Mon, 30-Jan-2023 00:24:30 GMT; Max-Age=86400
Location: /upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=56&c=NO
91.226.124.76303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=56&c=NO
IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; last_file=fviflp7rd; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Mon, 30-Jan-2023 00:24:30 GMT; Max-Age=86400
Location: /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
dominantroute.com/bens/vinos.js?23701&u=null&a=0.14490498919217865
193.200.64.20200 OK 140 kB URL HTTP/1.1 dominantroute.com/bens/vinos.js?23701&u=null&a=0.14490498919217865
IP 193.200.64.20:0
ASN #6681 Rozetka Sp. z o.o.
File type ASCII text, with very long lines (727)
Size 140 kB (140149 bytes)
Hash e7a4d416df96ef6a34b3c308916e724c
d510c4694a7fe0d8a416ad0f1fcf217b5e9419b8
5caee1264a5476193e8843f144868d4fbd3c531affb76719fe53b8e9c1990535
GET /bens/vinos.js?23701&u=null&a=0.14490498919217865 HTTP/1.1
Host: dominantroute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa TIA"
Set-Cookie: uuid=16749515761532635802; expires=Tue, 28-Jan-2025 00:24:30 GMT; Max-Age=63072000; path=/; samesite=None; domain=.dominantroute.com; secure
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9bd61cf79957a5ae8e567bf24ed68fa3
cc62f201621265479cfc77dd5744d6a43593e365
928cfe0f9f3dd3dd5715482a42a47c36effc34b9f0e7146a1c934a5fd4dd0e0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "928CFE0F9F3DD3DD5715482A42A47C36EFFC34B9F0E7146A1C934A5FD4DD0E0F"
Last-Modified: Thu, 26 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1773
Expires: Sun, 29 Jan 2023 00:54:03 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash c2d37fd4f1678643fc9f53dd026cd7e3
1dd8510cd853835d82892664350acccfc6715f16
6506e317135169829b64f503a456bdd7d1a28dab8985bf20c2c5534d033779af
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 00:24:30 GMT
Last-Modified: Sat, 28 Jan 2023 23:18:03 GMT
Server: ECS (nyb/1D2E)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TU9f4n2Ej7CYRKyv2zKg6QyF1R7u1tC88o2OfehuVenf4MYZSDd8Iw==
Age: 3987
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9529cb693cf315558319c1184da0abfe
4a487d37fbe9a6dfa0c4f37762092a2eaf009de8
f8553cb6a69d53d3317428d7e79e2670d235ac15444b297a95a3a46057f2363d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F8553CB6A69D53D3317428D7E79E2670D235AC15444B297A95A3A46057F2363D"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7694
Expires: Sun, 29 Jan 2023 02:32:44 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c3a1ae4e494cede592472e068487ac9c
1148063b13533cf0a738f5ea263be05949a3cd79
8bc5b244e908911b8dbe8807afad6163fc87e018df5fa6426da1a726d9c7f1d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BC5B244E908911B8DBE8807AFAD6163FC87E018DF5FA6426DA1A726D9C7F1D0"
Last-Modified: Sat, 28 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2335
Expires: Sun, 29 Jan 2023 01:03:25 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 470bd0139c2eee6d4ca27f5835875f80
ca92e056c01b5af4fd86f3793f53a29908a9be88
f6e0292b86f56a9df532cd07e75eb207d898da9ee223c6db1a7c8b50d7901b9c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
set-cookie: uid_id2=ecb81e00-be3c-4f50-bfc1-a3f4a52d5210:3:1; expires=Wed, 26 Jan 2033 00:24:30 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 794 B URL HTTP/1.1 adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash d0b29635a3bf0db93e4901aec3406174
2d17b02e7196630374375bf8463b90d26f42795e
11662a53149667f4c779116f859436b8153b97a69e330d3748b15500fbaff554
GET /upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; last_file=fviflp7rd; lang_current=en; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Sun, 29 Jan 2023 00:20:01 GMT
Content-Encoding: gzip
friendshipmale.com/sfp.js
172.64.140.24200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.140.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 367d577cd6224551957ef9594fcf9a95
00a0dbc446646dd01bad6ca8c31b9312f4120a82
013c5faf3dbb46125153d2b4c98076900cfc8fb28d3dd76c649a547888201da7
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7cdd439c019310cf3dd00adbe8311586
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 29 Jan 2023 00:24:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CUoTwo1%2FLdYspN4RA7cwtb95rWwgCLlstThPdewh0AzyO5U0lt7enuYXJNjVmak3%2B4pYr8tkbPVIqA%2BZT1suIQlTRAFZV47GupGmoD%2BcjwbTqY5yhd%2BbL8VFtmUHUtRCaJqR3vw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790dd3445e1c775c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2d554e304a.828a3db3a3.com/3c1c60c8a4e0717fac90d58c3c64859c/46445?version_name=c
45.133.44.25200 OK 441 B URL HTTP/2 2d554e304a.828a3db3a3.com/3c1c60c8a4e0717fac90d58c3c64859c/46445?version_name=c
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (441), with no line terminators
Hash d3747599b584445b44fe614c6801e5bd
bb010c6c79154f4c400a2b4059bb3a9d5a8ce960
43c2fda5131ae4c8c4e2c4cd94293fef79718a2e884ad6ee769fc132e0173a70
Analyzer Verdict Alert quad9 Sinkholed
GET /3c1c60c8a4e0717fac90d58c3c64859c/46445?version_name=c HTTP/1.1
Host: 2d554e304a.828a3db3a3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: application/json
content-length: 441
server: nginx/1.18.0
cache-control: max-age=300
expires: Sun, 29 Jan 2023 00:29:30 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76200 OK 85 kB URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; last_file=fviflp7rd; lang_current=en; _nf58=1; _nf56=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e455009f988d157e30b6f28e78d895f7
defdf2c35fb386e12f42905bbbe2e71c230116b8
b66f5e4bbab7bc1a7f9a30e41fb6a26e57c5e60dba345422e99d9945fe9d783a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B66F5E4BBAB7BC1A7F9A30E41FB6A26E57C5E60DBA345422E99D9945FE9D783A"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2109
Expires: Sun, 29 Jan 2023 00:59:39 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sun, 29 Jan 2023 00:29:30 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
2d554e304a.828a3db3a3.com/92baf52230906fccf9704596cd534955.js
45.133.44.25200 OK 121 kB URL HTTP/2 2d554e304a.828a3db3a3.com/92baf52230906fccf9704596cd534955.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Size 121 kB (120606 bytes)
Hash a1cd7da417e03fbb477088d86b551876
40dd00583ee42bd8f0efa99f098cf20687a90549
5ff3cd5e19661223284c80ac54c76c422e3451a1cee5e1e6791cbfdb9f197f8d
Analyzer Verdict Alert quad9 Sinkholed
GET /92baf52230906fccf9704596cd534955.js HTTP/1.1
Host: 2d554e304a.828a3db3a3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 13 Jan 2023 14:07:40 GMT
etag: W/"63c165ac-188ee"
content-encoding: gzip
expires: Sun, 29 Jan 2023 00:29:30 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
solemnvine.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
192.243.59.12200 OK 29 kB URL HTTP/1.1 solemnvine.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash afa0246a5245e2e348a8969e048abde0
d1d12f2b210008356114fe8f8fbfbea0849ca161
4e95068255686bafb514ce32e9d79a8fbddc20157434e3e7fd73c35e7c06006d
Analyzer Verdict Alert quad9 Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: solemnvine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f2e8f5a7c735b49b835d1c4633312f96
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
adsbb.dfiles.eu/view.gif?c=2946&z=58&b=2740&u=63d5bbb129c3011687334163183427
91.226.124.76200 OK 43 B URL HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2946&z=58&b=2740&u=63d5bbb129c3011687334163183427
IP 91.226.124.76:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2946&z=58&b=2740&u=63d5bbb129c3011687334163183427 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; last_file=fviflp7rd; lang_current=en; _nf58=1; _nf56=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 9771e24690cef170f9e790fe8c185224
4809a96e1dedb359d2bd769a69d7fdefc67f9b88
586df3f0b4202d542d12a7b729fa297f9f598a9f90d52da3db3b806895400153
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 00:24:30 GMT
Last-Modified: Sat, 28 Jan 2023 22:35:33 GMT
Server: ECS (dcb/7ECA)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yTZU8kej0U3PyXuWaSRX3RpAutJIRcX-uLplnxGT55cyDHUtyVammA==
Age: 6538
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 470bd0139c2eee6d4ca27f5835875f80
ca92e056c01b5af4fd86f3793f53a29908a9be88
f6e0292b86f56a9df532cd07e75eb207d898da9ee223c6db1a7c8b50d7901b9c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=ecb81e00-be3c-4f50-bfc1-a3f4a52d5210:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b0b52dceba58326513f1b93e18bcc0e3
947b2b51bf4f8233c36b039bcaed4af6bfda0c9b
c4bc1f0341d816859ed9c3647e25dcefc259f8ee221c924ac9255d5e1dd7fba0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 494
Cache-Control: max-age=103097
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:30 GMT
Etag: "63d4aa8a-117"
Expires: Mon, 30 Jan 2023 05:02:47 GMT
Last-Modified: Sat, 28 Jan 2023 04:54:34 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
adpatrof.com/t.js?i=luc8kp3c2wcmn47n3xzj&cb=0114501674951875441
54.230.111.96200 OK 17 kB URL HTTP/2 adpatrof.com/t.js?i=luc8kp3c2wcmn47n3xzj&cb=0114501674951875441
IP 54.230.111.96:0
Hash 801d0724acf820b7f99549167e0dd7bd
f15a3e887cd7d491d75a7962ffa08efee12c0b83
5a81f75fb13e7e18efd410586a2986583724bc14ca18310589d6ad9936f73add
GET /t.js?i=luc8kp3c2wcmn47n3xzj&cb=0114501674951875441 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 17 Jan 2023 11:58:09 GMT
x-amz-version-id: d9TUuNfK07FAhZMLfVt8QhlIP0dGzjFx
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 07:58:12 GMT
etag: W/"40b4331e9e2a1d8b2f52cc188cd1855e"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WR4hFR3pKnJTivxBqlQO_-SqeQVJ-zZZcZsC0SY9zecguKvMD0-zKg==
age: 59919
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adsbb.dfiles.eu/view.gif?c=2963&z=56&b=2760&u=63d5bbb12fb8713261373395101472
91.226.124.76200 OK 43 B URL HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2963&z=56&b=2760&u=63d5bbb12fb8713261373395101472
IP 91.226.124.76:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2963&z=56&b=2760&u=63d5bbb12fb8713261373395101472 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; last_file=fviflp7rd; lang_current=en; _nf58=1; _nf56=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8353390bf7aa277fb46e04b8fe19e6d2
b9868b1e57ab0d55841e9235cc6391575374d983
4a187ce8a00aadd4ed818069aee94364218a5449e6f98502d807b284fee02277
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A187CE8A00AADD4ED818069AEE94364218A5449E6F98502D807B284FEE02277"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2019
Expires: Sun, 29 Jan 2023 00:58:09 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3cefda369541b4afc78e2e61a3e38517
b08186a327b85c0173942d70cd4afdc91e009c00
b026e827587e4cb05fe0cf0b3ba741f17749a654a97e97067fb0631963f5a20b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B026E827587E4CB05FE0CF0B3BA741F17749A654A97E97067FB0631963F5A20B"
Last-Modified: Sat, 28 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12156
Expires: Sun, 29 Jan 2023 03:47:06 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
jsc.adskeeper.com/d/f/dfiles.eu.1285379.js
104.18.36.64200 OK 1.0 kB URL HTTP/2 jsc.adskeeper.com/d/f/dfiles.eu.1285379.js
IP 104.18.36.64:0
File type ASCII text, with very long lines (2664)
Hash 87d3d2734efc01588e9fda0feff398a3
cd1b31208f32084d92c789ddc61976b1bac0d54b
64a74dca6ec6a7c104787a3c76dc4556dd7288961fca9d751dd549cd41932576
GET /d/f/dfiles.eu.1285379.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: text/javascript
content-length: 1016
x-amz-id-2: fp0dy33B/d04n3/44syaTFK4kKHZR5HDMFxeC9v4rP5fYeKQIdp1+VTB9AQywH3O0w2qM3AVKGk=
x-amz-request-id: P626AEYPNZAD9BP7
last-modified: Wed, 18 Jan 2023 10:19:44 GMT
etag: "87d3d2734efc01588e9fda0feff398a3"
content-encoding: gzip
x-amz-version-id: F3Eqze46tsKiyNYC2VnDER9h40CwqTSs
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 04:24:30 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 790dd3480805b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
solemnvine.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
192.243.59.12200 OK 3.5 kB URL HTTP/1.1 solemnvine.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6145), with no line terminators
Hash ccee980a211ac7bb90c4a44172c2945d
7a8d03b33c9ef53d079ebf31fe3cb3b957e60930
254698637e98a05cc3c6e96629f56e1123d365ff4f668aeabd83ba0666d4fde3
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: solemnvine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 29 Jan 2023 00:24:30 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Mon, 30 Jan 2023 00:24:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 30 Jan 2023 00:24:30 GMT; secure; SameSite=None
uncs=1; expires=Mon, 30 Jan 2023 00:24:30 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 30 Jan 2023 00:24:30 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 30 Jan 2023 00:24:30 GMT; secure; SameSite=None
slec224ad4a14b4b15c1726ff705ec672ea6=[3952979]; expires=Sun, 29 Jan 2023 00:24:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e8e748dee3f8bd040c8b58b93c0b2f5f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b0b52dceba58326513f1b93e18bcc0e3
947b2b51bf4f8233c36b039bcaed4af6bfda0c9b
c4bc1f0341d816859ed9c3647e25dcefc259f8ee221c924ac9255d5e1dd7fba0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 494
Cache-Control: max-age=103097
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:30 GMT
Etag: "63d4aa8a-117"
Expires: Mon, 30 Jan 2023 05:02:47 GMT
Last-Modified: Sat, 28 Jan 2023 04:54:34 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 974bba795ad17a0851543654388fcdb8
4b37ec9da3fe20ba3d0beaabc39ff43d800b67b6
a4e81827754cda4b3a9faa77feeca86fb9ca1f768dd159c4e24498ec33991d4a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4E81827754CDA4B3A9FAA77FEECA86FB9CA1F768DD159C4E24498EC33991D4A"
Last-Modified: Sat, 28 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8592
Expires: Sun, 29 Jan 2023 02:47:42 GMT
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 29 Jan 2023 00:24:30 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ae5724c6ed.532f546611.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI2NzQ1NzM5MTczODY5MTYwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zOSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
45.133.44.25200 OK 0 B URL HTTP/2 ae5724c6ed.532f546611.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI2NzQ1NzM5MTczODY5MTYwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zOSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI2NzQ1NzM5MTczODY5MTYwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zOSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ== HTTP/1.1
Host: ae5724c6ed.532f546611.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (39375)
Hash 59bd7bc2a262f8e37bba042dce212c72
930959c84bad67d3a6fb60831e670e63a1e67264
fc194c0b01f3d6c20fdd86020fdc2ffc483dee937a3014a6063111986363906a
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27569
date: Sun, 29 Jan 2023 00:24:31 GMT
expires: Sun, 29 Jan 2023 00:24:31 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1466 / 201 of 1000 / last-modified: 1674860937"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=cbufwvg&e=1419256001704
54.230.111.96200 OK 2.3 kB URL HTTP/2 adpatrof.com/r/p.html?f=cbufwvg&e=1419256001704
IP 54.230.111.96:0
File type HTML document, ASCII text, with CRLF line terminators
Hash a61a069d6a33fb4b48d26dde229f7c1e
0e581c5b9392d34705c28e47f70da6b138f03136
3071ff1f936dcb4f6dee77859bd0d96fd681d17378f4b621e4947de749959f00
GET /r/p.html?f=cbufwvg&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rnr_9wtX_XLoUZFZiOhOtI-4Z8T9gj2oV0yCL-CRLyKuzcBMKO3tvA==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=gbghaejgt&e=1419256001704
54.230.111.96200 OK 2.8 kB URL HTTP/2 adpatrof.com/r/p.html?f=gbghaejgt&e=1419256001704
IP 54.230.111.96:0
Hash caa1515eca7a61caa222fcec40ddc95f
f0966a18a1b7a12f887fe46e6bb1d83fc4195e92
09e19e03d91d6bacf9cb7c1ad7d9ec6257c3bb85219781958a1a8d8b125f5c85
GET /r/p.html?f=gbghaejgt&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 92JYE_YaSlr-x93k5joEutDC5JOmG-SkUOeqfZKw-aP3Cj33Y3EnJA==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
shaggyselectmast.com/pixel/purst?dl=0&th=0&sc=0&rs=1892&rd=1892&fd=607&bv=22.10.v.10&tmpl=136
173.233.137.36200 OK 0 B URL HTTP/1.1 shaggyselectmast.com/pixel/purst?dl=0&th=0&sc=0&rs=1892&rd=1892&fd=607&bv=22.10.v.10&tmpl=136
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1892&rd=1892&fd=607&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 29 Jan 2023 00:24:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22284
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 29 Jan 2023 00:24:31 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=121965032064661874; Expires=Mon, 29 Jan 2024 00:24:31 GMT; Secure; SameSite=None
Vary: Origin
static.depositfiles.com/images/favicon.ico
91.226.124.77200 OK 318 B URL HTTP/1.1 static.depositfiles.com/images/favicon.ico
IP 91.226.124.77:0
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:31 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Thu, 28 Apr 2022 10:40:26 GMT
Connection: keep-alive
ETag: "626a6f1a-13e"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?test_adblock=true
142.250.74.66200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?test_adblock=true
IP 142.250.74.66:0
File type ASCII text, with very long lines (3649)
Hash a1456fd43cf196c11d9c2145aca210e6
61a7a014c49919ddc58afad683ed51ccfc8c4275
c08057599b619fa0fd208805733fcdb8e70f3033f39525914e0e856af827ad83
GET /pagead/js/adsbygoogle.js?test_adblock=true HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 29 Jan 2023 00:24:31 GMT
expires: Sun, 29 Jan 2023 00:24:31 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 924136085207130489
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50010
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 04c624d8879f883e20d8df7051843b37
0ba630a4f0865b761623030784e2b931cc6bfe1f
de8698a1e78247e0fbbe185a542c8ba7dcde748c3e84a5f636d2c6a6a10aedd1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 424
Cache-Control: max-age=128266
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Etag: "63d50d21-139"
Expires: Mon, 30 Jan 2023 12:02:17 GMT
Last-Modified: Sat, 28 Jan 2023 11:55:13 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2acaec4c6b70ea8d213d307c762f1a3
9d1758fcb02319b83a67807f02f2851bfbde4ac9
ce832d5b57b7f04dcbbabff10a462d647618bc1f706118bbf3c564a9e0cce6ac
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5134
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Last-Modified: Sat, 28 Jan 2023 22:58:57 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b3295544a0aaff0b1056922dd2dd6e5d
fe3d8461a5736b3773151497f7cd782741715e41
9c4c623308f098734b05a3f37af12dd2545d175aee60fdccc80c5c573b4a47fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4971
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Last-Modified: Sat, 28 Jan 2023 23:01:40 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.25200 OK 27 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash 113bf85185f36cae0d3f32d55c466922
6bdc90618d3eeb147004fddba2e0a3ee93097319
64d23c67725db982c06f60151c10598f1c77aedc31757f4dd762080366de7f8c
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-f96f"
content-encoding: gzip
expires: Sun, 29 Jan 2023 00:29:30 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=27857049708&lsavail=0
178.250.0.165200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=27857049708&lsavail=0
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=27857049708&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 550
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:31 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://adsbb.dfiles.eu
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dfiles.eu/ps/QW13h0.js
91.226.124.76200 OK 48 B IP 91.226.124.76:0
Hash b215ecc0d708a2fb5464f5e8d65d2d4e
d8c0da4fd6cd8c2a3b36cb6a7d21ce620810ccc0
eb4333e919f16aa3042235966e790e430e0faecf66ee95bb387b147e168b8ee5
GET /ps/QW13h0.js HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; last_file=fviflp7rd; lang_current=en; u_count=%5B0%2C0%5D; sb_page_224ad4a14b4b15c1726ff705ec672ea6=1; sb_onpage_224ad4a14b4b15c1726ff705ec672ea6=1; sb_main_224ad4a14b4b15c1726ff705ec672ea6=1; sb_count_224ad4a14b4b15c1726ff705ec672ea6=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ecb81e00-be3c-4f50-bfc1-a3f4a52d5210%3A3%3A1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 00:24:31 GMT
Content-Type: application/javascript
Content-Length: 48
Last-Modified: Fri, 21 Oct 2022 18:16:45 GMT
Connection: close
ETag: "6352e20d-30"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8fa29731c1d0c17b16b6722e790fbd30
355726ce18b332ba206caed871e6a72aa43f32a8
a45f60676c60538b85579828acc6247f6de576f869a73b3bb58501ccc5b0a172
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4788
Cache-Control: max-age=124303
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Etag: "63d4ec9a-1d7"
Expires: Mon, 30 Jan 2023 10:56:14 GMT
Last-Modified: Sat, 28 Jan 2023 09:36:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8501
Expires: Sun, 29 Jan 2023 02:46:12 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8501
Expires: Sun, 29 Jan 2023 02:46:12 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 542
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 29 Jan 2023 00:24:31 GMT
access-control-allow-origin: https://adsbb.dfiles.eu
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e63fa9f-a982-4d0a-ac29-9acbfe59f503.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e63fa9f-a982-4d0a-ac29-9acbfe59f503.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 61dd48155b70501a72ec13f79745433d
4efc3d15f04a290a590b54122822d55a9d3fa1ca
9345056c111439b34aff08323fc99a2d315fa91293039dc5acf67affb50636d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e63fa9f-a982-4d0a-ac29-9acbfe59f503.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4202
x-amzn-requestid: d33bee10-9642-4138-8dde-3486ec7f6535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa9ABFFvIAMFbqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d441ff-3b3a99db469e3f8c068d553c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:28:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RIvTaBE3RpB7sP9Bb1Ku1ItsiaCFKNmyHArESR1FuqDIHXt2uOLG6A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 05:22:38 GMT
age: 68513
etag: "4efc3d15f04a290a590b54122822d55a9d3fa1ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
solemnvine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2FuaX8Iq14EhT4qrJPu%2BcwYIRjXSHRNspvVgLf66kmZ6q6mqnt6EjxkXZC9CLMnvQidZ5KNH4vsevUDmQgiOWVEJAfjn7AHxbPMZDD4QtX7vvW8h%2Bd56v1wNz8lAXJ6svqW2VZa05lGJfCfX1eJMIXzl2%2F5YVAJ5vx1lTTrc35vfNnuS2HQqAQv%2BK9LvmlmqkEYBGEQ%2BovKysj0ZiYoVPqgHVbaQaVerYSNOnr2v73LPTjqQXRPyZNQYnRp4%2BdHUHyIJH54TbrNzKRXX4tzTTNj0RUHbyebiSkSxOdlZD1EycF0GsaNCPnkAkxyMFUA090bKwBTI%2BL9FoIlB1OaYN39M6ZMQyZg4jKK7hBSD6HoENzcgRLHBOACyytI4vvLxhZ06wylY3RELv79J1QxIhd%2FfxpJ%2FNWCVj1%2Fzeg8UyZx6EUlVG8I1RkizQ%2BRbXtQxSF49gGUIEjiEkqUE9VKDaGiIbTsgzoP%2BfgoD3nkIU89xOLEp412FAStiEW12mydc16rcd6YbYqGqNVnowA5H9PqI0v74LoPbneQ2h1sqj5s%2FgPcRgknPLhsRLwbO%2BiKEoUkKBxBQQkKRVBkBEW33BfaVV15X2iXs3Caq9NcKwcm6%2BzSfZN1ZEJ201NyZeLHX02DTXniV6t1Kuo0rLM6Cxs8bFWbUdQKGpI3W1VJm3CqhHIXJlK31fFTKVJ1%2FP9nweghnD4EV1dA8%2BdAi0GrGoBuDOqzAbaTh0KmxqksUlq6CjcxhCmRZheRbXm7%2BpQ8M%2BHx8o01SH40%2F9m9x7evfvMGuC2R2hLvqR8JOvru4KYpyN5NUzjyaCXNVKy26fjP1jKayUtfvCm3CmPF0jXX%2F%2FwVPgbG5YNb0mXXaSJU0nHkywUlhLSLxnJJvlty65Kt5m5jIbdJnl5ffXVxKU6tdE6ZZAiqRoTcfh9cjchlL5nso987hbJD2LxEnB%2BRaUCZQ%2FB0By49mv%2F4o5U%2F5sS7cIbA6vMZlnoo8nJgq%2Bz8USsCLc97yko4eTT%2F0%2BNPv37xiXfA5L%2BG7Lq76FgPNLsz2cKuLdHVJajuw%2BX%2FG2SpPZr%2FpTYJMO0NmLbeHtNW3zsz16kTXzaiIJJBVbKozaIWDUQ7qrcZbYeyxRo0ROZG%2FNdvv%2F8HAAD%2F%2FwEAAP%2F%2FAzInhGcEAAA%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 solemnvine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2FuaX8Iq14EhT4qrJPu%2BcwYIRjXSHRNspvVgLf66kmZ6q6mqnt6EjxkXZC9CLMnvQidZ5KNH4vsevUDmQgiOWVEJAfjn7AHxbPMZDD4QtX7vvW8h%2Bd56v1wNz8lAXJ6svqW2VZa05lGJfCfX1eJMIXzl2%2F5YVAJ5vx1lTTrc35vfNnuS2HQqAQv%2BK9LvmlmqkEYBGEQ%2BovKysj0ZiYoVPqgHVbaQaVerYSNOnr2v73LPTjqQXRPyZNQYnRp4%2BdHUHyIJH54TbrNzKRXX4tzTTNj0RUHbyebiSkSxOdlZD1EycF0GsaNCPnkAkxyMFUA090bKwBTI%2BL9FoIlB1OaYN39M6ZMQyZg4jKK7hBSD6HoENzcgRLHBOACyytI4vvLxhZ06wylY3RELv79J1QxIhd%2FfxpJ%2FNWCVj1%2Fzeg8UyZx6EUlVG8I1RkizQ%2BRbXtQxSF49gGUIEjiEkqUE9VKDaGiIbTsgzoP%2BfgoD3nkIU89xOLEp412FAStiEW12mydc16rcd6YbYqGqNVnowA5H9PqI0v74LoPbneQ2h1sqj5s%2FgPcRgknPLhsRLwbO%2BiKEoUkKBxBQQkKRVBkBEW33BfaVV15X2iXs3Caq9NcKwcm6%2BzSfZN1ZEJ201NyZeLHX02DTXniV6t1Kuo0rLM6Cxs8bFWbUdQKGpI3W1VJm3CqhHIXJlK31fFTKVJ1%2FP9nweghnD4EV1dA8%2BdAi0GrGoBuDOqzAbaTh0KmxqksUlq6CjcxhCmRZheRbXm7%2BpQ8M%2BHx8o01SH40%2F9m9x7evfvMGuC2R2hLvqR8JOvru4KYpyN5NUzjyaCXNVKy26fjP1jKayUtfvCm3CmPF0jXX%2F%2FwVPgbG5YNb0mXXaSJU0nHkywUlhLSLxnJJvlty65Kt5m5jIbdJnl5ffXVxKU6tdE6ZZAiqRoTcfh9cjchlL5nso987hbJD2LxEnB%2BRaUCZQ%2FB0By49mv%2F4o5U%2F5sS7cIbA6vMZlnoo8nJgq%2Bz8USsCLc97yko4eTT%2F0%2BNPv37xiXfA5L%2BG7Lq76FgPNLsz2cKuLdHVJajuw%2BX%2FG2SpPZr%2FpTYJMO0NmLbeHtNW3zsz16kTXzaiIJJBVbKozaIWDUQ7qrcZbYeyxRo0ROZG%2FNdvv%2F8HAAD%2F%2FwEAAP%2F%2FAzInhGcEAAA%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2FuaX8Iq14EhT4qrJPu%2BcwYIRjXSHRNspvVgLf66kmZ6q6mqnt6EjxkXZC9CLMnvQidZ5KNH4vsevUDmQgiOWVEJAfjn7AHxbPMZDD4QtX7vvW8h%2Bd56v1wNz8lAXJ6svqW2VZa05lGJfCfX1eJMIXzl2%2F5YVAJ5vx1lTTrc35vfNnuS2HQqAQv%2BK9LvmlmqkEYBGEQ%2BovKysj0ZiYoVPqgHVbaQaVerYSNOnr2v73LPTjqQXRPyZNQYnRp4%2BdHUHyIJH54TbrNzKRXX4tzTTNj0RUHbyebiSkSxOdlZD1EycF0GsaNCPnkAkxyMFUA090bKwBTI%2BL9FoIlB1OaYN39M6ZMQyZg4jKK7hBSD6HoENzcgRLHBOACyytI4vvLxhZ06wylY3RELv79J1QxIhd%2FfxpJ%2FNWCVj1%2Fzeg8UyZx6EUlVG8I1RkizQ%2BRbXtQxSF49gGUIEjiEkqUE9VKDaGiIbTsgzoP%2BfgoD3nkIU89xOLEp412FAStiEW12mydc16rcd6YbYqGqNVnowA5H9PqI0v74LoPbneQ2h1sqj5s%2FgPcRgknPLhsRLwbO%2BiKEoUkKBxBQQkKRVBkBEW33BfaVV15X2iXs3Caq9NcKwcm6%2BzSfZN1ZEJ201NyZeLHX02DTXniV6t1Kuo0rLM6Cxs8bFWbUdQKGpI3W1VJm3CqhHIXJlK31fFTKVJ1%2FP9nweghnD4EV1dA8%2BdAi0GrGoBuDOqzAbaTh0KmxqksUlq6CjcxhCmRZheRbXm7%2BpQ8M%2BHx8o01SH40%2F9m9x7evfvMGuC2R2hLvqR8JOvru4KYpyN5NUzjyaCXNVKy26fjP1jKayUtfvCm3CmPF0jXX%2F%2FwVPgbG5YNb0mXXaSJU0nHkywUlhLSLxnJJvlty65Kt5m5jIbdJnl5ffXVxKU6tdE6ZZAiqRoTcfh9cjchlL5nso987hbJD2LxEnB%2BRaUCZQ%2FB0By49mv%2F4o5U%2F5sS7cIbA6vMZlnoo8nJgq%2Bz8USsCLc97yko4eTT%2F0%2BNPv37xiXfA5L%2BG7Lq76FgPNLsz2cKuLdHVJajuw%2BX%2FG2SpPZr%2FpTYJMO0NmLbeHtNW3zsz16kTXzaiIJJBVbKozaIWDUQ7qrcZbYeyxRo0ROZG%2FNdvv%2F8HAAD%2F%2FwEAAP%2F%2FAzInhGcEAAA%3D HTTP/1.1
Host: solemnvine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 29 Jan 2023 00:24:31 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f4a3065edb0470c15df06d9795bb081
Strict-Transport-Security: max-age=0; includeSubdomains
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6af6f32397882f56d14d22348e44a9f1
5a626376807e7507fa3a204c4e4e9e44aa074a37
478f32e98c0a1f0d62fa337795ca88b7927e14b684b681f7629b648bc2d709a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7417
x-amzn-requestid: 8dca6752-c548-4526-ae81-4626843ade3e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYbDjGREoAMFxiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d33ee3-1c097c131b91c34b4e7df1be;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i8JJruxoRfordb6WFNf67-GLWrA_Q930x3GCCQoUmDwXrfZtBXvsZg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 03:16:34 GMT
age: 76077
etag: "5a626376807e7507fa3a204c4e4e9e44aa074a37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dd6ccbb-893e-4aca-b08e-b16283e4ee58.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dd6ccbb-893e-4aca-b08e-b16283e4ee58.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6d617843cc1f7df21950fe7d4add160
4b7b2e07f0c4667f9c83d99c1481f81ac6e531f9
facb5e8beed1bf0b0ae02cba77278767f211717097803b3966312dfe0822646b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dd6ccbb-893e-4aca-b08e-b16283e4ee58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7790
x-amzn-requestid: 19b7ae0c-7ce9-4d01-96c3-9259e6f2b1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fH88xFpKIAMF_gg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cca851-0d4a98a74200cb962d434f82;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 03:06:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ORGO0m0bJJzpWpxLCewm0J1vp8khEZlPzL58syBdlhyQniN8em5Qzg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:53:11 GMT
age: 9080
etag: "4b7b2e07f0c4667f9c83d99c1481f81ac6e531f9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8ddbb22-9894-4103-ab67-a72323ff97b2.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8ddbb22-9894-4103-ab67-a72323ff97b2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24a6f6affe931c41bfac1968026893dc
983e91c705e8f6d9ad3992d6905ebf5916095300
20ef8c4ff7035b897473712b6a2f614b0a551fb91c20314c3a3a19e09087ca0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8ddbb22-9894-4103-ab67-a72323ff97b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4539
x-amzn-requestid: 285ab725-3832-48f2-aa7a-99ecb6a3a533
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyd5FDxoAMFrlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3125-48c7a43e61f1ed6605e80668;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P-rYNxoiLRdYl2saixW6ypVspo2dvsrar8YK1VifUfDq5HUTFqVBzw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 04:06:37 GMT
age: 73074
etag: "983e91c705e8f6d9ad3992d6905ebf5916095300"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
37.252.171.52200 OK 144 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.52:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3a45347c0ac1a5ab8c1729bb28c50503
9cff91e1e968a3d501fc9fc664881d39996b4aa8
c93221c1b13547aabd7af374c4a94466d0ad0eb79b2118cf467d5b9b0f75a6d1
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 896
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 29 Jan 2023 00:24:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 144
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://adsbb.dfiles.eu
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: b8aec8ba-9152-4ffc-8258-e7f829d21e85
Set-Cookie: icu=ChgIipZ9EAoYASABKAEwv_nWngY4AUABSAEQv_nWngYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 29-Apr-2023 00:24:31 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=8773619969196110625; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 29-Apr-2023 00:24:31 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 20:46:16 GMT
age: 13095
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a48d5b4-7f5e-41cd-a7b2-c3007235b59c.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a48d5b4-7f5e-41cd-a7b2-c3007235b59c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e59316e1b1333c42d9d120fa88619bc2
669cdc8dfeba9d64f93f260adbb5f493a5649bb0
c4e78ec96322f1f151b07f9a45d51e6ca3fd46613472cf627f53bf399193a533
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a48d5b4-7f5e-41cd-a7b2-c3007235b59c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9398
x-amzn-requestid: 5083c66c-ad64-4f73-b915-d29ddabcdb4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6XEc1IAMFsbQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-0779693a5da31eae195989d1;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2MPzkEPg3JESo6g5D7E2LN53G-zYF__aFQmDg9DzSRxg0E19j1Iwkw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 03:19:05 GMT
age: 75926
etag: "669cdc8dfeba9d64f93f260adbb5f493a5649bb0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 0c829b4b95b74c6b3fd514aa7ec3be61
a1d6cb922a2b55dd5a452b2e2888b4c95e27d778
a12a8eefe1e24bc2e37eafde5646935b9779056f714eac6850c0b6fd86c91efb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4268
Cache-Control: max-age=108682
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Etag: "63d4b19d-139"
Expires: Mon, 30 Jan 2023 06:35:53 GMT
Last-Modified: Sat, 28 Jan 2023 05:24:45 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 908
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://adsbb.dfiles.eu
cache-control: no-cache, no-store, must-revalidate
date: Sun, 29 Jan 2023 00:24:31 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 624455426bc39a71e6ecc07d117db455
29bc3eb6a780dc32bf30f6ba37e54c545e79e0e9
d8bc68bf6b6847b28df7fb541964cc4d9306a32c0fc57becd38e680cdcd817f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8BC68BF6B6847B28DF7FB541964CC4D9306A32C0FC57BECD38E680CDCD817F3"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11291
Expires: Sun, 29 Jan 2023 03:32:42 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
45.133.44.3200 OK 955 B URL HTTP/2 cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 3311b451b6e90781dab5ae61a1e4f65d
940e4700d9c5fbf74f8c15dcf10c28661e34cf2c
3def788280ca0f9ba09e050e3f3bfba82e5268fe2104f1c02a8f265c12774023
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:31 GMT
content-type: text/html; charset=utf-8
content-length: 955
server: nginx/1.17.6
last-modified: Wed, 18 May 2022 11:09:59 GMT
etag: "6284d407-3bb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Sun, 29 Jan 2023 01:24:31 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a80cc64b1c6df67a6d1ada4ecaeea7a4
3745e12a6fb241f16bac90e2a15e075db58f720f
b6aca304f83708d3eeee7684caa7d7decab874cc1231f864f95f19552f999404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6ACA304F83708D3EEEE7684CAA7D7DECAB874CC1231F864F95F19552F999404"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7352
Expires: Sun, 29 Jan 2023 02:27:03 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
adpatrof.com/r/p.html?f=dwldbfxlmm&e=1419256001704
54.230.111.96200 OK 2.8 kB URL HTTP/2 adpatrof.com/r/p.html?f=dwldbfxlmm&e=1419256001704
IP 54.230.111.96:0
Hash 5f0f04fa930be9f6448e8b3a134e1ad8
538ce38cb5ba66ffcb6daa89515187ec54230e11
dad838f6505c3489b9f224e56745666c82dd2c167724b928968f6befe5735087
GET /r/p.html?f=dwldbfxlmm&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NxBJaSDmR5bcXD12R2mgXr8DCth28-v8QTK4ZeEVoYxBl69ehdlOtA==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
shb.richaudience.com/hb/
157.90.3.144200 OK 85 B IP 157.90.3.144:0
ASN #24940 Hetzner Online GmbH
Hash 63545813262a4d9ee2589e716972558c
f9a160c404e68e5868c46e19a27a0bc3939c1174
4cbe2ee02255324610d550768568892f2f3910606a039a5a8b5a0c9f22341e0f
POST /hb/ HTTP/1.1
Host: shb.richaudience.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 686
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.2
date: Sun, 29 Jan 2023 00:24:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: https://adsbb.dfiles.eu
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 772289af3e07cfa5b3b1622b2e90bac8
a5585b439d866bb35cb86e5705a69c6bd1353ad3
85d8de77bcdc528957130dd1560ab212337b69d7dd4c2eb85c339f85632864b9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "85D8DE77BCDC528957130DD1560AB212337B69D7DD4C2EB85C339F85632864B9"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17303
Expires: Sun, 29 Jan 2023 05:12:54 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
js.wpshsdk.com/npc/sdk/common/config.js
45.133.44.25200 OK 19 B URL HTTP/2 js.wpshsdk.com/npc/sdk/common/config.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 67fc2c9421e21f4a3707c7fabc8e9f33
0d311fbfaea3d64122b4c5e575a5c3fbea11f718
b93ed3f9c6f2c27004ef57a9fa8f11248af5bd9848cc56a1c215db36d4ecc1bb
GET /npc/sdk/common/config.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 19
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: "63d270a1-13"
expires: Sun, 29 Jan 2023 00:29:31 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4675bd0dbda20e272b32eb9db03f35d8
aa655fd97778059913ab170765257aaef33e7119
a9bb5d439a01135af6d41e60455509b20fee27f7661ad81f6cb955ffdc9c1f12
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9BB5D439A01135AF6D41E60455509B20FEE27F7661AD81F6CB955FFDC9C1F12"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5685
Expires: Sun, 29 Jan 2023 01:59:16 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ef589be52a3e55b643978f17949a73da
74545de6f144282252ff92c751f97cc835c80341
7bfa68c43e60a2627770163b5c1b96fbd7e4843984ad5ff6225c5490b8073b26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adpatrof.com/r/p.html?f=bhesupcgn&e=1419256001704
54.230.111.96200 OK 42 kB URL HTTP/2 adpatrof.com/r/p.html?f=bhesupcgn&e=1419256001704
IP 54.230.111.96:0
File type HTML document, ASCII text, with very long lines (55609), with CRLF line terminators
Hash 3a4861c5e361d3f4b6b9a4ef0e7ccda5
e3624261f54e3d68c485f46ea61a7b43b52500ba
477d99c6a75e5e1f52ca9d1ad8cc69cf38657f1abbc9288ee339dc2c6ed2a1f8
GET /r/p.html?f=bhesupcgn&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: h4_90jv6I2V72ky_Ca6wxU9z0BCBqpOqDEkzUphSOn9aU5ARH6-0uQ==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=adsbb.dfiles.eu
216.58.211.2200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=adsbb.dfiles.eu
IP 216.58.211.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=adsbb.dfiles.eu HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 29 Jan 2023 00:24:31 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
45.133.44.9200 OK 12 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c07f1baac701b672939b359081f813c7
d38ffbae259aae1e8ad3b38959339bb29da9b69f
85bc8e3de3651f6f03dc381ea4bbaff350d8973c37f598582838677817bf1826
GET /si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:31 GMT
content-type: image/png
content-length: 12186
server: nginx/1.17.6
last-modified: Sun, 22 Jan 2023 04:25:10 GMT
etag: "63ccbaa6-2f9a"
expires: Tue, 31 Jan 2023 00:24:31 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 46eedcc98ff9d91f91cad728a0fd37ad
3db701a4b79c60f7de579e2a843b108ae699a5e8
fe6bb05dcc570c62b8597fcaae69e19f8e92568bfab2a82276d6d3694e6242d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE6BB05DCC570C62B8597FCAAE69E19F8E92568BFAB2A82276D6D3694E6242D8"
Last-Modified: Thu, 26 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5680
Expires: Sun, 29 Jan 2023 01:59:11 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 46eedcc98ff9d91f91cad728a0fd37ad
3db701a4b79c60f7de579e2a843b108ae699a5e8
fe6bb05dcc570c62b8597fcaae69e19f8e92568bfab2a82276d6d3694e6242d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE6BB05DCC570C62B8597FCAAE69E19F8E92568BFAB2A82276D6D3694E6242D8"
Last-Modified: Thu, 26 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5680
Expires: Sun, 29 Jan 2023 01:59:11 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
216.58.207.193200 OK 2.7 kB URL HTTP/2 11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html?n=2 HTTP/1.1
Host: 11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sun, 29 Jan 2023 00:24:31 GMT
expires: Mon, 29 Jan 2024 00:24:31 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 772289af3e07cfa5b3b1622b2e90bac8
a5585b439d866bb35cb86e5705a69c6bd1353ad3
85d8de77bcdc528957130dd1560ab212337b69d7dd4c2eb85c339f85632864b9
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "85D8DE77BCDC528957130DD1560AB212337B69D7DD4C2EB85C339F85632864B9"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17303
Expires: Sun, 29 Jan 2023 05:12:54 GMT
Date: Sun, 29 Jan 2023 00:24:31 GMT
Connection: keep-alive
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023012601&st=env
142.250.74.66200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023012601&st=env
IP 142.250.74.66:0
File type JSON data\012- , ASCII text, with very long lines (14793), with no line terminators
Hash 365292388cae141d57f09cd9eca6c67a
1952052ad392894b8b14432a2706c9a53d1248d5
48218509a7adf2c2dceddbc83ec920f6f1442316e87129e4fcdc21fe2ff5b2ae
GET /getconfig/sodar?sv=200&tid=gpt&tv=2023012601&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sun, 29 Jan 2023 00:24:31 GMT
server: cafe
content-length: 11167
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 622fef0135648b055d1691ae97508eff
535c21115ccc50934d06c70e153df6ae542f1b5c
a66508fe21cab04638a3988ee90babe52167f0399a5440e329cf397182c813b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
172.217.21.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sun, 29 Jan 2023 00:24:32 GMT
expires: Sun, 29 Jan 2023 00:24:32 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=ecb81e00-be3c-4f50-bfc1-a3f4a52d5210&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=0
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=ecb81e00-be3c-4f50-bfc1-a3f4a52d5210&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=0
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=ecb81e00-be3c-4f50-bfc1-a3f4a52d5210&eb=10f387f87b313393a6d69bc0ef8596f8&te=8a361a1ceecdc6c0004ea425d91e176f&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=0 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 29 Jan 2023 00:24:32 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 018001fe6b5a19cc90e58874dbf1a23d
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
172.64.166.9200 OK 5.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
IP 172.64.166.9:0
Hash 3df2033e5947e12ccf830f7ee161391f
e72d0d4b82fe5c6d6324eab76e1de6c82150705c
48b6d41771e86fa3b578ed286a35044ee878540830ac2d1e54e7b470497fa35d
GET /sb/notifications/software/us/ios/desk-new-big/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:31 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:44:05 GMT
etag: W/"602d0185-183"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxj43hlDF%2Ffy%2BptIF4VPPtcsVBd8K3EB%2FM4p0aBYRlQg%2FsuV0xnAHtONtpWrBfhOGrongkMkgVkUD7NTXkeg5xynxAvwdFu8qSDjafGWYKwChGSpg%2BylosBuxs6YsmGRQmBEt6n12duT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790dd34daf4376fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=eruhmxjpn&e=1419256001704
54.230.111.96200 OK 2.4 kB URL HTTP/2 adpatrof.com/r/p.html?f=eruhmxjpn&e=1419256001704
IP 54.230.111.96:0
Hash fa0757abbbfe412e7f0bef8236332617
a41a9541efc95bc5e2973e9b8babc5361d93eb56
8a9adb2a94244cd8d60fd9824f3a117a7f90667e76400a21fa1741940da33d93
GET /r/p.html?f=eruhmxjpn&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7nhWMONNQtbm538jTgDN8DhY5kFcIEIlxQKkTmb-bUx2qvziv-zc-Q==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
172.64.166.9200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
IP 172.64.166.9:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/notifications/software/us/ios/desk-new-big/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:31 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:02 GMT
etag: W/"602d0182-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xv8ij%2FirtE0ONwyTjcrHlC915hWX0Hf7zompRhnGEmTTuUKIldCFFY4FmtEKyW3FGtTInlJivU6Mgc9q1yT7kRbEJitn3eFIx5J3O9vc%2FMauyVKquLcKsjWNZmu%2B0Y8vvRE8Wpqb8Upq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790dd34daf3a76fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
solemnvine.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2FuaX8Iq14EhT4qrJPunp6PGCEY10h0TbKb1YC36qrqSZnqrqaqe3oSPGRdkL0Isye9CJ1nko0fi%2Bx69QOZCCI5ZUQkB%2BOfsAfFs8xkMPhC1fu%2B9byH53nq%2FXC3OCUeCnqy%2BpbelkrRmUbNc59flynXpXWXb7m%2BV%2FPm3HWZNsM5tze%2BTPcl32vUvBfc1wXb1DOB53ue7%2FnuojQi1r2ZCQqZPZj1a7NeLQxqfiNEz%2Fy3t4UDSx3w7il5EpKPLm38%2FAiSDZEmD68Ju5nr7OprSaForg26%2FODtdDPVZYrkvIyNgzg9mE5D2xEhn1yATg%2BmCqC7e2MFiOSIOL%2F5iNKDKU1E3f0zppGCSBHxyyi7Qwg1hKRDMH0Hkh8TgHEsryBN7i9rU9KtM5SO0RG5%2BPefkOWIXPz9aaTJVwtK9tw1rYpc6tSiF1eQvSFkZ4isOES%2B7UCWh2D5B5CcIE0qSF5NVEs5hIyHUKIPah0U4yMdFLGDInOQ8BOXNmZjz2vFUVyvt0PGWL3OWKPd5A1eD9uxh4KNafWRZ30w1QczO8jMDjZlH6b4AXajguUObD4izo0ddHmFUhCUlqCkBKUkKHOCslvtc2UDW93nyhaRP83BNNergc47u3Rf5x2Rkt3slFyZ%2BPFXU2NTnLhBEFIeUj%2BMwshvML8VNOO45TUEa7YCQZuwsoK0FyZSt%2BXxUxkyefz%2FZxHRQ1h1CCavgBbPgZaDVuCBbgzCtoft9CEXmbYyj6UStsZ0Aq4rZPlF5FvOrjolz0x4vHxjDYIdzX927%2FHtq9%2B8AWYqZKbCe%2FJHgo66O7ipS7J3U5eWPFrJcpnIbTr%2Bs7Wc5uLSF2%2BKrVIbvnTN9j9%2FhY2BcfnglrD5dZpymXYs%2BXJBci7MojZMkO%2BW7LqIVgu7sVCYtMiur766uJRkRlgrdToElSNCbr8PJkfkspNO9tHtnUKaIUxRISmOyDQg9SFYtgObHc1%2F%2FNHKH3P8XVhNYNT5TJQ5KItqYILo%2FFFJAiXOexpVsOJo%2FqfHn3794hPvIBL%2FGrJr76JjHND8zmQLu6ZCV1Wgqg9b%2FG%2BQZ%2BZo%2Fpf6JBApZxAp4%2BxFyqh7Z%2BZaeeI2%2FFC0o3aLcR4Jxv1WUG%2FXPS%2FgPGzNCn8WuR2xX7%2F9%2Fh8AAAD%2F%2FwEAAP%2F%2FFzqpYmcEAAA%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 solemnvine.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2FuaX8Iq14EhT4qrJPunp6PGCEY10h0TbKb1YC36qrqSZnqrqaqe3oSPGRdkL0Isye9CJ1nko0fi%2Bx69QOZCCI5ZUQkB%2BOfsAfFs8xkMPhC1fu%2B9byH53nq%2FXC3OCUeCnqy%2BpbelkrRmUbNc59flynXpXWXb7m%2BV%2FPm3HWZNsM5tze%2BTPcl32vUvBfc1wXb1DOB53ue7%2FnuojQi1r2ZCQqZPZj1a7NeLQxqfiNEz%2Fy3t4UDSx3w7il5EpKPLm38%2FAiSDZEmD68Ju5nr7OprSaForg26%2FODtdDPVZYrkvIyNgzg9mE5D2xEhn1yATg%2BmCqC7e2MFiOSIOL%2F5iNKDKU1E3f0zppGCSBHxyyi7Qwg1hKRDMH0Hkh8TgHEsryBN7i9rU9KtM5SO0RG5%2BPefkOWIXPz9aaTJVwtK9tw1rYpc6tSiF1eQvSFkZ4isOES%2B7UCWh2D5B5CcIE0qSF5NVEs5hIyHUKIPah0U4yMdFLGDInOQ8BOXNmZjz2vFUVyvt0PGWL3OWKPd5A1eD9uxh4KNafWRZ30w1QczO8jMDjZlH6b4AXajguUObD4izo0ddHmFUhCUlqCkBKUkKHOCslvtc2UDW93nyhaRP83BNNergc47u3Rf5x2Rkt3slFyZ%2BPFXU2NTnLhBEFIeUj%2BMwshvML8VNOO45TUEa7YCQZuwsoK0FyZSt%2BXxUxkyefz%2FZxHRQ1h1CCavgBbPgZaDVuCBbgzCtoft9CEXmbYyj6UStsZ0Aq4rZPlF5FvOrjolz0x4vHxjDYIdzX927%2FHtq9%2B8AWYqZKbCe%2FJHgo66O7ipS7J3U5eWPFrJcpnIbTr%2Bs7Wc5uLSF2%2BKrVIbvnTN9j9%2FhY2BcfnglrD5dZpymXYs%2BXJBci7MojZMkO%2BW7LqIVgu7sVCYtMiur766uJRkRlgrdToElSNCbr8PJkfkspNO9tHtnUKaIUxRISmOyDQg9SFYtgObHc1%2F%2FNHKH3P8XVhNYNT5TJQ5KItqYILo%2FFFJAiXOexpVsOJo%2FqfHn3794hPvIBL%2FGrJr76JjHND8zmQLu6ZCV1Wgqg9b%2FG%2BQZ%2BZo%2Fpf6JBApZxAp4%2BxFyqh7Z%2BZaeeI2%2FFC0o3aLcR4Jxv1WUG%2FXPS%2FgPGzNCn8WuR2xX7%2F9%2Fh8AAAD%2F%2FwEAAP%2F%2FFzqpYmcEAAA%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2FuaX8Iq14EhT4qrJPunp6PGCEY10h0TbKb1YC36qrqSZnqrqaqe3oSPGRdkL0Isye9CJ1nko0fi%2Bx69QOZCCI5ZUQkB%2BOfsAfFs8xkMPhC1fu%2B9byH53nq%2FXC3OCUeCnqy%2BpbelkrRmUbNc59flynXpXWXb7m%2BV%2FPm3HWZNsM5tze%2BTPcl32vUvBfc1wXb1DOB53ue7%2FnuojQi1r2ZCQqZPZj1a7NeLQxqfiNEz%2Fy3t4UDSx3w7il5EpKPLm38%2FAiSDZEmD68Ju5nr7OprSaForg26%2FODtdDPVZYrkvIyNgzg9mE5D2xEhn1yATg%2BmCqC7e2MFiOSIOL%2F5iNKDKU1E3f0zppGCSBHxyyi7Qwg1hKRDMH0Hkh8TgHEsryBN7i9rU9KtM5SO0RG5%2BPefkOWIXPz9aaTJVwtK9tw1rYpc6tSiF1eQvSFkZ4isOES%2B7UCWh2D5B5CcIE0qSF5NVEs5hIyHUKIPah0U4yMdFLGDInOQ8BOXNmZjz2vFUVyvt0PGWL3OWKPd5A1eD9uxh4KNafWRZ30w1QczO8jMDjZlH6b4AXajguUObD4izo0ddHmFUhCUlqCkBKUkKHOCslvtc2UDW93nyhaRP83BNNergc47u3Rf5x2Rkt3slFyZ%2BPFXU2NTnLhBEFIeUj%2BMwshvML8VNOO45TUEa7YCQZuwsoK0FyZSt%2BXxUxkyefz%2FZxHRQ1h1CCavgBbPgZaDVuCBbgzCtoft9CEXmbYyj6UStsZ0Aq4rZPlF5FvOrjolz0x4vHxjDYIdzX927%2FHtq9%2B8AWYqZKbCe%2FJHgo66O7ipS7J3U5eWPFrJcpnIbTr%2Bs7Wc5uLSF2%2BKrVIbvnTN9j9%2FhY2BcfnglrD5dZpymXYs%2BXJBci7MojZMkO%2BW7LqIVgu7sVCYtMiur766uJRkRlgrdToElSNCbr8PJkfkspNO9tHtnUKaIUxRISmOyDQg9SFYtgObHc1%2F%2FNHKH3P8XVhNYNT5TJQ5KItqYILo%2FFFJAiXOexpVsOJo%2FqfHn3794hPvIBL%2FGrJr76JjHND8zmQLu6ZCV1Wgqg9b%2FG%2BQZ%2BZo%2Fpf6JBApZxAp4%2BxFyqh7Z%2BZaeeI2%2FFC0o3aLcR4Jxv1WUG%2FXPS%2FgPGzNCn8WuR2xX7%2F9%2Fh8AAAD%2F%2FwEAAP%2F%2FFzqpYmcEAAA%3D HTTP/1.1
Host: solemnvine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 29 Jan 2023 00:24:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 777f44aaf6cc9910568fbd1f4779b282
Strict-Transport-Security: max-age=0; includeSubdomains
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.162200 OK 49 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.162:0
File type ASCII text, with very long lines (3504)
Hash eaf26b8f5900d361a5d447ea72df4752
26b0a44ca382082dde8648abd0a4d949bdf0c664
1334af0b91c26ce21cb75ab69d0c7e9c8ec1f00c0ce946a3689bb9d6fdcc4d37
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 49065
date: Sun, 29 Jan 2023 00:24:32 GMT
expires: Sun, 29 Jan 2023 00:24:32 GMT
cache-control: private, max-age=3000
etag: "1674650782302584"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=184417&plc=6615336&sid=18330&dvregion=0&unit=728x90&autt=1&ppid=103&aufilter1=3060631&prr=1&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=49864502772&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&aubndl=&audeal=
95.101.11.115200 OK 1.9 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=184417&plc=6615336&sid=18330&dvregion=0&unit=728x90&autt=1&ppid=103&aufilter1=3060631&prr=1&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=49864502772&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&aubndl=&audeal=
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document, ASCII text, with very long lines (536)
Hash 87b6182d03ee779aa68e37632f67656e
fac511e36df5215ae95ad7d03c4984e5ffcb7f6e
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
GET /dvbs_src.js?ctx=1828362&cmp=184417&plc=6615336&sid=18330&dvregion=0&unit=728x90&autt=1&ppid=103&aufilter1=3060631&prr=1&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=49864502772&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&aubndl=&audeal= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-GUploader-UploadID: ADPycds6p1jm1dM37ZrGE7degj1PHtVHSCOhkWg3tNxtDa8jls04Qf_pWilJX59SK2PF90mCXMWOvLDiSS4yJ4B9Ex0-uw
Cache-Control: max-age=86400
Expires: Wed, 18 Jan 2023 15:48:02 GMT
Last-Modified: Tue, 10 Jan 2023 11:02:09 GMT
ETag: "87b6182d03ee779aa68e37632f67656e"
x-goog-generation: 1673348529482061
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1922
x-goog-meta-pipeline-id: 742670731
x-goog-meta-previous-generation-number: 1673253614982549
Content-Type: application/javascript
x-goog-hash: crc32c=lOOx4w==, md5=h7YYLQPud5qmjjdjL2dlbg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Content-Length: 1922
Server: UploadServer
Date: Sun, 29 Jan 2023 00:24:32 GMT
Connection: keep-alive
cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&autt=1&ppid=103&aufilter1=3060631&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=49864502772&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&aubndl=&audeal=
95.101.11.115200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&autt=1&ppid=103&aufilter1=3060631&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=49864502772&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&aubndl=&audeal=
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash c130b6fbb443e8aedc3088d6e002cb18
993b47a1da2bfb78ef33b7fce7d2a8ef034033da
b37b66a9b9a7b0f362460c1efb62f50e14052b9f374654a94d85b4261e7111a4
GET /dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&autt=1&ppid=103&aufilter1=3060631&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=49864502772&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&aubndl=&audeal= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 24 Jan 2023 16:47:29 GMT
Accept-Ranges: bytes
ETag: "80a6ac8b1330d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3337
Date: Sun, 29 Jan 2023 00:24:32 GMT
Connection: keep-alive
cdn.doubleverify.com/dvbs_src_internal117.js
95.101.11.115200 OK 19 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src_internal117.js
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2636), with CRLF, LF line terminators
Hash cf93b15de9d1c76c1bc6fdaee5382496
26e52f0a242bff375cc54d8d33a1a416d89e2813
c290ae68279e0685c13650d1534a0cd86997420399bb67288046e61b13defb53
GET /dvbs_src_internal117.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Accept-Ranges: bytes
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 18840
Date: Sun, 29 Jan 2023 00:24:32 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
172.64.166.9200 OK 73 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
IP 172.64.166.9:0
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:32 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Wed, 17 Feb 2021 11:42:38 GMT
etag: "602d012e-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3y4peGrAfQf4iQtlD%2FjKf%2FOmFc4muYBUwLe07sY1CywOuna0fjOq%2FqejhtUEWmChHqJXWGlCKE7fPOeeRm95H6PGpJI74cJbNGnsG2XedEuO1e4MRRSSyMm3wuOODfg32YnQuLACsNoC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790dd3503a3b76fb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a80cc64b1c6df67a6d1ada4ecaeea7a4
3745e12a6fb241f16bac90e2a15e075db58f720f
b6aca304f83708d3eeee7684caa7d7decab874cc1231f864f95f19552f999404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6ACA304F83708D3EEEE7684CAA7D7DECAB874CC1231F864F95F19552F999404"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7351
Expires: Sun, 29 Jan 2023 02:27:03 GMT
Date: Sun, 29 Jan 2023 00:24:32 GMT
Connection: keep-alive
dfiles.eu/ps/QW13h0.js
91.226.124.76304 Not Modified 0 B IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ps/QW13h0.js HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uprand=2d0901aa38e3f4b4c99e39ff69c7b1f3; last_file=fviflp7rd; lang_current=en; u_count=%5B0%2C0%5D; sb_page_224ad4a14b4b15c1726ff705ec672ea6=1; sb_onpage_224ad4a14b4b15c1726ff705ec672ea6=1; sb_main_224ad4a14b4b15c1726ff705ec672ea6=1; sb_count_224ad4a14b4b15c1726ff705ec672ea6=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ecb81e00-be3c-4f50-bfc1-a3f4a52d5210%3A3%3A1; ppu_idelay_c22dc50dc2bbe4422c7f68d26ab95eb9=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=solemnvine.com; __gads=ID=840c6b4186b3f03b:T=1674951871:S=ALNI_MbqB_TW_-CnVQiP6DsLD4nIMLnCmQ; __gpi=UID=00000bab99c769bb:T=1674951871:RT=1674951871:S=ALNI_MZyy64W-tEe8g1-XT58NcSxPDhJzw
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Fri, 21 Oct 2022 18:16:45 GMT
If-None-Match: "6352e20d-30"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Server: nginx
Date: Sun, 29 Jan 2023 00:24:32 GMT
Last-Modified: Fri, 21 Oct 2022 18:16:45 GMT
Connection: close
ETag: "6352e20d-30"
ocsp.starfieldtech.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash ea14014817589108ab3618a217a8d55c
f420652ac244a2fe1ff2cb6b22c596e15b5ee842
2fa497b190dffcccf70fd687b1ed6a18cfc6b772ab965bd42998b5f6d4a63938
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 29 Jan 2023 00:24:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 15022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 20:41:18 GMT
Expires: Sun, 29 Jan 2023 20:41:18 GMT
ETag: "f420652ac244a2fe1ff2cb6b22c596e15b5ee842"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_601062661148&jsTagObjCallback=__tagObject_callback_601062661148&num=6&ctx=1828362&cmp=184417&plc=6615336&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=601062661148&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&ppid=103&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&aucrtv=434279737&auorder=22886445&ausite=49864502772&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&c1=3060631&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&srcurlD=2&ssl=1&refD=3&htmlmsging=1&tstype=128&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=18&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&dvp_exetime=9.00&aubndl=&audeal=&callbackName=__verify_callback_601062661148
34.149.12.213200 OK 264 B URL HTTP/1.1 rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_601062661148&jsTagObjCallback=__tagObject_callback_601062661148&num=6&ctx=1828362&cmp=184417&plc=6615336&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=601062661148&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&ppid=103&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&aucrtv=434279737&auorder=22886445&ausite=49864502772&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&c1=3060631&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&srcurlD=2&ssl=1&refD=3&htmlmsging=1&tstype=128&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=18&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&dvp_exetime=9.00&aubndl=&audeal=&callbackName=__verify_callback_601062661148
IP 34.149.12.213:0
Hash cbce2fec6dac5b6bdf19789052948af8
5288be47494ca4aa3738849f5a756df64e319ecc
ca0fee53a70407c2eaee0890abf35c158dfbadf8cedaa631f400ea9e37fff690
GET /verify.js?flvr=0&jsCallback=__verify_callback_601062661148&jsTagObjCallback=__tagObject_callback_601062661148&num=6&ctx=1828362&cmp=184417&plc=6615336&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=601062661148&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&ppid=103&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&aucrtv=434279737&auorder=22886445&ausite=49864502772&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&c1=3060631&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&srcurlD=2&ssl=1&refD=3&htmlmsging=1&tstype=128&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=18&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&dvp_exetime=9.00&aubndl=&audeal=&callbackName=__verify_callback_601062661148 HTTP/1.1
Host: rtb0.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 00:24:32 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/28/2023 00:24:32
Pragma: no-cache
Vary: Accept-Encoding
X-DV-Response: 0
cdn.doubleverify.com/dv-measurements3438.js
95.101.11.115200 OK 109 kB URL HTTP/1.1 cdn.doubleverify.com/dv-measurements3438.js
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 109 kB (109055 bytes)
Hash 9d818853909334b5c8790966cd9db9b4
99745be6a2f1e709fb5e9af2609585a72d0f75b0
45824500b50b592cd7918071004b4422b98bd45b3737dad87f0da61334d41feb
GET /dv-measurements3438.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 23 Jan 2023 08:55:06 GMT
Accept-Ranges: bytes
ETag: "051846382fd91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 109055
Date: Sun, 29 Jan 2023 00:24:32 GMT
Connection: keep-alive
notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Ffviflp7rd%2FASCR_Lost-Archive-DLC.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0
88.198.200.36200 OK 0 B URL HTTP/2 notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Ffviflp7rd%2FASCR_Lost-Archive-DLC.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0
IP 88.198.200.36:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Ffviflp7rd%2FASCR_Lost-Archive-DLC.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0 HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 29 Jan 2023 00:24:32 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
servedby.flashtalking.com/imp/8/184417;6615336;201;jsappend;DV360;DV360FY22CCLALCLTV80100NODSKBAN728x90/?ftOBA=1&ft_domain=adsbb.dfiles.eu&ft_ifb=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fadsbb.dfiles.eu%2F&us_privacy=${US_PRIVACY}&cachebuster=709850.223680499&ft_dv=%5B%25ft_dv%25%5D
2.23.132.54200 OK 772 B URL HTTP/1.1 servedby.flashtalking.com/imp/8/184417;6615336;201;jsappend;DV360;DV360FY22CCLALCLTV80100NODSKBAN728x90/?ftOBA=1&ft_domain=adsbb.dfiles.eu&ft_ifb=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fadsbb.dfiles.eu%2F&us_privacy=${US_PRIVACY}&cachebuster=709850.223680499&ft_dv=%5B%25ft_dv%25%5D
IP 2.23.132.54:0
ASN #1299 Telia Company AB
File type ASCII text, with CRLF, CR, LF line terminators
Hash c0dc46807b23e5b1f542e7cfcf480956
e506d4b4fd0d3901201a562777428268c3187738
b7c281df7ed5b77b8ea35261dea794999d219dc9747826d96bd26b8678059311
GET /imp/8/184417;6615336;201;jsappend;DV360;DV360FY22CCLALCLTV80100NODSKBAN728x90/?ftOBA=1&ft_domain=adsbb.dfiles.eu&ft_ifb=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fadsbb.dfiles.eu%2F&us_privacy=${US_PRIVACY}&cachebuster=709850.223680499&ft_dv=%5B%25ft_dv%25%5D HTTP/1.1
Host: servedby.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=ISO-8859-1
Server: prod-xre-app2.frk11
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sun, 29 Jan 2023 00:24:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 29 Jan 2023 00:24:33 GMT
Content-Length: 772
Connection: keep-alive
Strict-Transport-Security: max-age=86400
cdn.flashtalking.com/xre/661/6615336/3883159/js/j-6615336-3883159.js
23.38.200.44200 OK 15 kB URL HTTP/1.1 cdn.flashtalking.com/xre/661/6615336/3883159/js/j-6615336-3883159.js
IP 23.38.200.44:0
File type ASCII text, with very long lines (2897), with CRLF, CR, LF line terminators
Hash cbf2c9970e72e5bcf427a2670957dd10
3831e9114afe1a69438661bc6b1e16f36cf96937
49ff9af1251e4718bcf14f786b80c3746a2f2ccfe02ebead836033b6906541f9
GET /xre/661/6615336/3883159/js/j-6615336-3883159.js HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Mon, 07 Nov 2022 22:46:33 GMT
Content-Type: text/javascript; charset=utf-8
ETag: W/"31fec28d990ccc6d9d330e2179eb0721"
X-Varnish: 841905077
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1200
Expires: Sun, 29 Jan 2023 00:44:33 GMT
Date: Sun, 29 Jan 2023 00:24:33 GMT
Content-Length: 14846
Connection: keep-alive
Server: Flashtalking (AKA)
cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=184417&sid=18330&plc=6615336&num=&adid=&advid=&adsrv=29&btreg=6615336&btadsrv=flashtalking&crt=3883159&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=48038E1D-FFE9-3F66-4583-530BFB75A116&auevent=&560249980
95.101.11.115200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=1828362&cmp=184417&sid=18330&plc=6615336&num=&adid=&advid=&adsrv=29&btreg=6615336&btadsrv=flashtalking&crt=3883159&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=48038E1D-FFE9-3F66-4583-530BFB75A116&auevent=&560249980
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (8016)
Hash c130b6fbb443e8aedc3088d6e002cb18
993b47a1da2bfb78ef33b7fce7d2a8ef034033da
b37b66a9b9a7b0f362460c1efb62f50e14052b9f374654a94d85b4261e7111a4
GET /dvtp_src.js?ctx=1828362&cmp=184417&sid=18330&plc=6615336&num=&adid=&advid=&adsrv=29&btreg=6615336&btadsrv=flashtalking&crt=3883159&crtname=&chnl=&unit=&pid=&uid=&dvtagver=6.1.src&dvp_ftimpid=48038E1D-FFE9-3F66-4583-530BFB75A116&auevent=&560249980 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 24 Jan 2023 16:47:29 GMT
Accept-Ranges: bytes
ETag: "80a6ac8b1330d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3337
Date: Sun, 29 Jan 2023 00:24:33 GMT
Connection: keep-alive
cdn.flashtalking.com/xre/661/6615336/3883159/image/3883159.gif?727552328
23.38.200.44200 OK 22 kB URL HTTP/1.1 cdn.flashtalking.com/xre/661/6615336/3883159/image/3883159.gif?727552328
IP 23.38.200.44:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 728x90, components 3\012- data
Hash cf1cc623f85c95a411e1f7ad45085edb
facb7e13fd96e592744e78d3cab6f972eb1e559a
10ba51f3c1a54c041fe0380f2fdbfb8b6b677cbfbe994e2547f309166891ce72
GET /xre/661/6615336/3883159/image/3883159.gif?727552328 HTTP/1.1
Host: cdn.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Mon, 07 Nov 2022 22:46:34 GMT
Content-Type: image/gif
ETag: W/"cf1cc623f85c95a411e1f7ad45085edb"
X-Varnish: 840784486
Accept-Ranges: bytes
Content-Length: 22111
Cache-Control: max-age=1200
Expires: Sun, 29 Jan 2023 00:44:33 GMT
Date: Sun, 29 Jan 2023 00:24:33 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
23.38.200.44200 OK 1.3 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
IP 23.38.200.44:0
File type PNG image data, 19 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash db320ef6f3c45ab5c90887ef618de2bb
7d4bd175166545ea775fcb69b406eba11f7fa3ec
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
GET /oba/icon/iconc.png?EDAA_icon=y HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sat, 12 Apr 2014 19:14:32 GMT
Content-Type: image/png
ETag: W/"db320ef6f3c45ab5c90887ef618de2bb"
X-Varnish: 440713868 434560932
Accept-Ranges: bytes
Content-Length: 1308
Cache-Control: max-age=2193046
Expires: Thu, 23 Feb 2023 09:35:19 GMT
Date: Sun, 29 Jan 2023 00:24:33 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
23.38.200.44200 OK 6.0 kB URL HTTP/1.1 secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
IP 23.38.200.44:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d675694ab4d4d2eb56cca854c25d9c36
34174b9397a3cb289f892f1f98ccc51a63698360
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
GET /oba/icon/consumer-privacy-logo.png HTTP/1.1
Host: secure.flashtalking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Content-Type: image/png
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-Varnish: 721542519 721664610
Accept-Ranges: bytes
Content-Length: 5953
Cache-Control: max-age=338
Expires: Sun, 29 Jan 2023 00:30:11 GMT
Date: Sun, 29 Jan 2023 00:24:33 GMT
Connection: keep-alive
Server: Flashtalking (AKA)
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 32511dad838d8c866574be7fc58659d7
e16879d4422f1118626cb59031a056048f731953
224bd647fd4ab1ad5e01675ed0065ee0bcaca716c5569dfb490e04ea0bf5ac28
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 29 Jan 2023 00:24:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 15036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 20:23:02 GMT
Expires: Sun, 29 Jan 2023 20:23:02 GMT
ETag: "e16879d4422f1118626cb59031a056048f731953"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 32511dad838d8c866574be7fc58659d7
e16879d4422f1118626cb59031a056048f731953
224bd647fd4ab1ad5e01675ed0065ee0bcaca716c5569dfb490e04ea0bf5ac28
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 29 Jan 2023 00:24:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 15036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 20:23:02 GMT
Expires: Sun, 29 Jan 2023 20:23:02 GMT
ETag: "e16879d4422f1118626cb59031a056048f731953"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=154&ttfrms=18&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&srcurlD=2&aUrlD=-1&ssl=https:&dfs=1067&ddur=5&uid=1674951878287182&jsCallback=dvCallback_1674951878287858&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=3&fcifrms=18&brh=1&sdf=2&dvp_epl=143&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=184417&sid=18330&plc=6615336&crt=3883159&btreg=6615336&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=48038E1D-FFE9-3F66-4583-530BFB75A116&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=292308795245.90076&dvp_tukv=9007763232.523703&dvp_uuid=64613018883.72939&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1279666202045&jurtd=176831106
213.254.244.24200 OK 1.0 kB URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=154&ttfrms=18&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&srcurlD=2&aUrlD=-1&ssl=https:&dfs=1067&ddur=5&uid=1674951878287182&jsCallback=dvCallback_1674951878287858&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=3&fcifrms=18&brh=1&sdf=2&dvp_epl=143&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=184417&sid=18330&plc=6615336&crt=3883159&btreg=6615336&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=48038E1D-FFE9-3F66-4583-530BFB75A116&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=292308795245.90076&dvp_tukv=9007763232.523703&dvp_uuid=64613018883.72939&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1279666202045&jurtd=176831106
IP 213.254.244.24:0
File type ASCII text, with very long lines (2460), with no line terminators
Hash 4dfbe16a0ffa75cf43749b594b557fa5
fba935502b333cc8bd525fb6c629234d81495d97
a14878aeea53c3db686391637c068815fc66e3d4f037b5795ad80df36b673418
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=154&ttfrms=18&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&srcurlD=2&aUrlD=-1&ssl=https:&dfs=1067&ddur=5&uid=1674951878287182&jsCallback=dvCallback_1674951878287858&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=3&fcifrms=18&brh=1&sdf=2&dvp_epl=143&noc=16&nav_pltfrm=Linux%20x86_64&ctx=1828362&cmp=184417&sid=18330&plc=6615336&crt=3883159&btreg=6615336&btadsrv=flashtalking&adsrv=29&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_ftimpid=48038E1D-FFE9-3F66-4583-530BFB75A116&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=292308795245.90076&dvp_tukv=9007763232.523703&dvp_uuid=64613018883.72939&dvp_strhd=1&dvpx_strhd=1&dvp_tuid=1279666202045&jurtd=176831106 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 00:24:34 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/28/2023 00:24:33
Pragma: no-cache
Vary: Accept-Encoding
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=185&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&srcurlD=2&aUrlD=-1&ssl=https:&uid=1674951877963746&jsCallback=dvCallback_1674951877963117&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=3&fcifrms=18&brh=1&sdf=2&dvp_epl=143&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&c1=3060631&errorURL=https://tps.doubleverify.com/visit.jpg&ppid=103&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&aucrtv=434279737&auorder=22886445&ausite=49864502772&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=292308795245.90076&dvp_tukv=46699649.15634922&dvp_uuid=666565671.4218062&dvp_tuid=1388577617745&jurtd=2213238598
213.254.244.24200 OK 682 B URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=185&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&srcurlD=2&aUrlD=-1&ssl=https:&uid=1674951877963746&jsCallback=dvCallback_1674951877963117&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=3&fcifrms=18&brh=1&sdf=2&dvp_epl=143&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&c1=3060631&errorURL=https://tps.doubleverify.com/visit.jpg&ppid=103&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&aucrtv=434279737&auorder=22886445&ausite=49864502772&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=292308795245.90076&dvp_tukv=46699649.15634922&dvp_uuid=666565671.4218062&dvp_tuid=1388577617745&jurtd=2213238598
IP 213.254.244.24:0
File type ASCII text, with very long lines (1184), with no line terminators
Hash ac3e803df9a66625bcdebdbece84b5fd
42666778b0472dd44063001d42bc22b09fda361e
8e0324e617f22304b9b8c54778205b8d28b1f3cff5dec97cbfeddd6e897e01b4
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=185&ttfrms=19&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauU2%26C%3Dl9EEADTbpTauTau25D33%5D57%3A%3D6D%5D6FTauFA%3D%4025Taua__eTau25afc_ahcee4dadf%5D9E%3E&srcurlD=2&aUrlD=-1&ssl=https:&uid=1674951877963746&jsCallback=dvCallback_1674951877963117&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=921&wouw=1152&scah=1024&scaw=1280&jsver=3438&tgjsver=3438&lvvn=28&m1=13&refD=3&fcifrms=18&brh=1&sdf=2&dvp_epl=143&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm&c1=3060631&errorURL=https://tps.doubleverify.com/visit.jpg&ppid=103&auevent=ABAjH0hWbb_r03S255YBpRJoqgAv&aucrtv=434279737&auorder=22886445&ausite=49864502772&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=292308795245.90076&dvp_tukv=46699649.15634922&dvp_uuid=666565671.4218062&dvp_tuid=1388577617745&jurtd=2213238598 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 00:23:38 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Cache-Control: max-age=0
Content-Encoding: br
Expires: 01/28/2023 00:24:33
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=c72b4b9234f94721b5cfae5c6b9d7a98&dup=&eoid=1000&cbust=1674951878620249
95.101.11.115302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=c72b4b9234f94721b5cfae5c6b9d7a98&dup=&eoid=1000&cbust=1674951878620249
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-frc¶m=akipv6&impid=c72b4b9234f94721b5cfae5c6b9d7a98&dup=&eoid=1000&cbust=1674951878620249 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-frc.doubleverify.com/event.png?impid=c72b4b9234f94721b5cfae5c6b9d7a98&akipv6=&dup=&eoid=1000
Date: Sun, 29 Jan 2023 00:24:33 GMT
Connection: keep-alive
cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=d4916b70760e433cadbe737917996768&dup=&eoid=1000&cbust=1674951878626287
95.101.11.115302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=d4916b70760e433cadbe737917996768&dup=&eoid=1000&cbust=1674951878626287
IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-frc¶m=akipv6&impid=d4916b70760e433cadbe737917996768&dup=&eoid=1000&cbust=1674951878626287 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-frc.doubleverify.com/event.png?impid=d4916b70760e433cadbe737917996768&akipv6=&dup=&eoid=1000
Date: Sun, 29 Jan 2023 00:24:33 GMT
Connection: keep-alive
tpsc-frc.doubleverify.com/event.png?impid=c72b4b9234f94721b5cfae5c6b9d7a98&akipv6=&dup=&eoid=1000
213.254.244.24204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=c72b4b9234f94721b5cfae5c6b9d7a98&akipv6=&dup=&eoid=1000
IP 213.254.244.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=c72b4b9234f94721b5cfae5c6b9d7a98&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 29 Jan 2023 00:24:35 GMT
Cache-Control: max-age=0
Expires: 01/28/2023 00:24:33
Pragma: no-cache
tpsc-frc.doubleverify.com/event.png?impid=d4916b70760e433cadbe737917996768&akipv6=&dup=&eoid=1000
213.254.244.24204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=d4916b70760e433cadbe737917996768&akipv6=&dup=&eoid=1000
IP 213.254.244.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=d4916b70760e433cadbe737917996768&akipv6=&dup=&eoid=1000 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 29 Jan 2023 00:24:33 GMT
Cache-Control: max-age=0
Expires: 01/28/2023 00:24:33
Pragma: no-cache
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 16079991629b5f277cf7fd803c583f4f
6526913d5033fc6262f3648a8aeb5c6875b19578
9732808d0b5e570381b2f610518abae0eb9de852f65952c5919a116fe3a20600
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1479
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:34 GMT
Last-Modified: Sat, 28 Jan 2023 23:59:55 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash da40ebc1ae6d3de86e13abca47ba2bbf
57807e65ab95c8019b2c319ffb6f1bffa25f593f
1c03e955299e72ea55b9e3318b9f4b29004b8222e9ae8a9cedabbd177146db5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5410
Cache-Control: max-age=106258
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:34 GMT
Etag: "63d4a3b2-13a"
Expires: Mon, 30 Jan 2023 05:55:32 GMT
Last-Modified: Sat, 28 Jan 2023 04:25:22 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 314
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ddfacf9d79fcc5ccf869781c36f9ca42
f0ab599032227d4d361a859ab19bea2572d19a88
bb4d4d5c13e85c89006adbafa30e03bb7db37f279cf2e446116546a21abaaabc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB4D4D5C13E85C89006ADBAFA30E03BB7DB37F279CF2E446116546A21ABAAABC"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21465
Expires: Sun, 29 Jan 2023 06:22:19 GMT
Date: Sun, 29 Jan 2023 00:24:34 GMT
Connection: keep-alive
sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent=
185.183.112.155302 Found 0 B URL HTTP/1.1 sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent=
IP 185.183.112.155:0
ASN #60350 Vente-privee.com SA
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent= HTTP/1.1
Host: sync.adotmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
set-cookie: uid=08ab2204252891adad7a831b; Domain=.adotmob.com; Path=/; Expires=Wed, 28 Feb 2024 00:24:34 GMT; Secure; SameSite=None
uuid=08ab2204252891adad7a831b; Domain=.adotmob.com; Path=/; Expires=Wed, 28 Feb 2024 00:24:34 GMT; Secure; SameSite=None
partners=SMA%3A1674951874754; Domain=.adotmob.com; Path=/; Expires=Wed, 28 Feb 2024 00:24:34 GMT; Secure; SameSite=None
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=08ab2204252891adad7a831b&gdpr=0&gdpr_consent=
date: Sun, 29 Jan 2023 00:24:34 GMT
keep-alive: timeout=5
content-length: 0
image8.pubmatic.com/AdServer/ImgSync?p=156383
185.64.190.79302 Found 59 B URL HTTP/2 image8.pubmatic.com/AdServer/ImgSync?p=156383
IP 185.64.190.79:0
File type HTML document, ASCII text
Hash 992c77f78faff67c3f2a15342811620b
4879cd6da55176e39b8a519060bfb3a162eb30a9
87937e7cfd21b2d731f3230926884a9e2b040eef804857980eae2b0a4a32d943
GET /AdServer/ImgSync?p=156383 HTTP/1.1
Host: image8.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: /AdServer/ImgSync?p=156383&rdf=1
set-cookie: KTPCACOOKIE=YES; domain=pubmatic.com; path=/; max-age=86400; secure;
date: Sun, 29 Jan 2023 00:24:34 GMT
content-length: 59
X-Firefox-Spdy: h2
dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent=
178.250.0.163200 OK 43 B URL HTTP/2 dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent=
IP 178.250.0.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent= HTTP/1.1
Host: dis.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Sun, 29 Jan 2023 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 616062
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash fe7e756f0256e0560fe6c962c89f0812
8c060a2654a82e893cd2c7f8791b5500153fd01a
2a164fca6c7462ae2747aedd172dba2807f5fcaef459f2f263fc6fe15ab5b674
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 29 Jan 2023 00:24:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 15036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 20:08:11 GMT
Expires: Sun, 29 Jan 2023 20:08:11 GMT
ETag: "8c060a2654a82e893cd2c7f8791b5500153fd01a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 4d08df7a08aba618dc2931e09c2a9c9a
5c0e0ea828f5c769eb45c3c499fad469f20b6d7d
a4fba084caab6f397be9161b8fdf281cc7aafd588fb32d55b6ae50cc44e6b0bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5722
Cache-Control: max-age=139634
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:34 GMT
Etag: "63d524da-13a"
Expires: Mon, 30 Jan 2023 15:11:48 GMT
Last-Modified: Sat, 28 Jan 2023 13:36:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314
gum.criteo.com/syncframe?origin=publishertag&topUrl=dfiles.eu
178.250.0.157200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=dfiles.eu
IP 178.250.0.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 2cf12a61c5f3f23abe6f26d2181f908c
7cc44e27a14d87f3a8180a7b3a99f6fbc52f99c8
f0b7a85374c53a3a5e3dc9074aa1587df2e43cbd4835cb777f23ae7492cf2041
GET /syncframe?origin=publishertag&topUrl=dfiles.eu HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:33 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=b89e5656-c9cc-4062-939b-2855fd64dfb6; expires=Fri, 23 Feb 2024 00:24:34 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 828134
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ccefce3e2d533b3ad7bcfd5721807c50
c5bc309b1b69ac0d2b9c852ac90dc205d7751d02
e1b0528efc847eea32f4b995490b109c75244f7838021234a3c1b231df4c85af
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 00:24:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 13:55:53 GMT
Expires: Sat, 04 Feb 2023 13:55:52 GMT
Etag: "c5bc309b1b69ac0d2b9c852ac90dc205d7751d02"
Cache-Control: max-age=566477,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 790dd3611d9db503-OSL
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=08ab2204252891adad7a831b&gdpr=0&gdpr_consent=
185.86.137.131200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=66&partneruserid=08ab2204252891adad7a831b&gdpr=0&gdpr_consent=
IP 185.86.137.131:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?issi=1&partnerid=66&partneruserid=08ab2204252891adad7a831b&gdpr=0&gdpr_consent= HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Sun, 29 Jan 2023 00:24:34 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=4484137528943876270; expires=Thu, 29 Feb 2024 00:24:34 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Thu, 29 Feb 2024 00:24:34 GMT; domain=smartadserver.com; path=/
csync=66:08ab2204252891adad7a831b; expires=Mon, 29 Jan 2024 00:24:34 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
adpatrof.com/r/p.html?f=zoukkpwn&e=1419256001704
54.230.111.96200 OK 2.3 kB URL HTTP/2 adpatrof.com/r/p.html?f=zoukkpwn&e=1419256001704
IP 54.230.111.96:0
File type HTML document, ASCII text, with CRLF line terminators
Hash a61a069d6a33fb4b48d26dde229f7c1e
0e581c5b9392d34705c28e47f70da6b138f03136
3071ff1f936dcb4f6dee77859bd0d96fd681d17378f4b621e4947de749959f00
GET /r/p.html?f=zoukkpwn&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4VBcm-DRXpKRy-SkVjC97dOIB7U0h26clcq4ZP4botVA5FxSXh8f7A==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
185.86.137.131200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
IP 185.86.137.131:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?partnerid=113&partneruserid=OPTOUT HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Sun, 29 Jan 2023 00:24:34 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=3902378766977112126; expires=Thu, 29 Feb 2024 00:24:35 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Thu, 29 Feb 2024 00:24:35 GMT; domain=smartadserver.com; path=/
csync=113:OPTOUT; expires=Mon, 29 Jan 2024 00:24:35 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5c00a6b71849e1f63887d38333830003
274723ffd4a062e1997a213ceeeab8a56ac83141
5e15ea6950fd4aa51af37519ac391c2c95cfd74ded6ac6e35432ccf68c70cb23
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 00:24:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 01:56:49 GMT
Expires: Sat, 04 Feb 2023 01:56:48 GMT
Etag: "274723ffd4a062e1997a213ceeeab8a56ac83141"
Cache-Control: max-age=523332,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 790dd3629e6cb503-OSL
x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
3.67.59.246302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
IP 3.67.59.246:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=smartadserver&gdpr=0&gdpr_consent= HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 29 Jan 2023 00:24:35 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=cd14c034-81f4-4b2f-98fd-728c465effbe; path=/; expires=Mon, 29-Jan-2024 00:24:35 GMT; domain=.bidswitch.net; samesite=none; secure
c=1674951875; path=/; expires=Mon, 29-Jan-2024 00:24:35 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1674951875; path=/; expires=Mon, 29-Jan-2024 00:24:35 GMT; domain=.bidswitch.net; samesite=none; secure
c=1674951875; path=/; expires=Mon, 29-Jan-2024 00:24:35 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
3.67.59.246200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
IP 3.67.59.246:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?ssp=smartadserver&gdpr=0&gdpr_consent= HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:35 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
213.19.147.44302 Found 471 B URL HTTP/2 sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
IP 213.19.147.44:0
Hash f69c5f43bf99edb53b690cb0bba51efb
e303559ff0956b6bf963b572b17da2a713ce5206
bc95b0a6b8b9a1df9c53272c4324ca1d008699b3da74110efa37ed0118c66181
GET /usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP/1.1
Host: sync.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-35d373bc-adc3-421e-b5cd-3e8607a8216e-003%22%2C%22zdxidn%22%3A%222075%22%7D; path=/; expires=Mon, 29 Jan 2024 00:24:34 GMT; domain=.1rx.io; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1674951874949
etag: RX35d373bcadc3421eb5cd3e8607a8216e003
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f69c5f43bf99edb53b690cb0bba51efb
e303559ff0956b6bf963b572b17da2a713ce5206
bc95b0a6b8b9a1df9c53272c4324ca1d008699b3da74110efa37ed0118c66181
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=184417;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1674951880731601
216.58.207.230302 Found 0 B URL HTTP/2 ad.doubleclick.net/ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=184417;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1674951880731601
IP 216.58.207.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/activity/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=184417;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1674951880731601 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 00:24:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=1295336;type=custom;cat=viewa2;u1=%5BTOTALPAGETIME%5D;u2=%5BBUCKET_0%5D;u3=%5BBUCKET_1_9%5D;u4=%5BBUCKET_10_19%5D;u5=%5BBUCKET_20_29%5D;u6=%5BBUCKET_30_39%5D;u7=%5BBUCKET_40_49%5D;u8=%5BBUCKET_50_59%5D;u9=%5BBUCKET_60_69%5D;u10=%5BBUCKET_70_79%5D;u11=%5BBUCKET_80_89%5D;u12=%5BBUCKET_90_99%5D;u13=%5BBUCKET_100%5D;u14=184417;u15=18330;u16=%5BDVP_ADID%5D;u17=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1?%20&cbust=1674951880731601&~oref=https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 29-Jan-2023 00:39:35 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.183200 OK 39 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.183:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 578e3f0be77f56249ad89ff0c041babc
085e9d5036e7f327d9a7917ce5a886b5943801ef
3ce97c0426290d908ff72c3d97ec8c14565ca4af03cb14927c6344a351a24b99
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 118672
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f69c5f43bf99edb53b690cb0bba51efb
e303559ff0956b6bf963b572b17da2a713ce5206
bc95b0a6b8b9a1df9c53272c4324ca1d008699b3da74110efa37ed0118c66181
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 00:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpsc-frc.doubleverify.com/event.png?impid=c72b4b9234f94721b5cfae5c6b9d7a98&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=326&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=8&msltms=34&vltms=326&sei=146&vetms=8&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=456&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=6&isbxdms=2389&b0=100&b11=2366&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2466&sftb=2466&msrdp=1&naral=192&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1078&isuiabvms=1078&isgmpims=133&isgmv4dpims=1078&ispmxpms=1078&engalms=25&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3350&cbust=1674951881620429
213.254.244.24204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=c72b4b9234f94721b5cfae5c6b9d7a98&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=326&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=8&msltms=34&vltms=326&sei=146&vetms=8&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=456&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=6&isbxdms=2389&b0=100&b11=2366&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2466&sftb=2466&msrdp=1&naral=192&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1078&isuiabvms=1078&isgmpims=133&isgmv4dpims=1078&ispmxpms=1078&engalms=25&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3350&cbust=1674951881620429
IP 213.254.244.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=c72b4b9234f94721b5cfae5c6b9d7a98&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=326&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=8&msltms=34&vltms=326&sei=146&vetms=8&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=456&msrcannum=4&ismms=26&isumms=25&nvr=6&isgmmims=26&isgmv4mims=26&elmtp=6&isbxdms=2389&b0=100&b11=2366&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2466&sftb=2466&msrdp=1&naral=192&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1078&isuiabvms=1078&isgmpims=133&isgmv4dpims=1078&ispmxpms=1078&engalms=25&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3350&cbust=1674951881620429 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sun, 29 Jan 2023 00:23:42 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/28/2023 00:24:37
Pragma: no-cache
tpsc-frc.doubleverify.com/event.png?impid=d4916b70760e433cadbe737917996768&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=650&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=14&vltms=650&sei=145&vetms=14&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1026&isumms=1025&nvr=6&isgmmims=1026&isgmv4mims=1026&elmtp=6&isbxdms=2731&b0=100&b11=1708&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1808&sftb=1808&msrdp=3&naral=128&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2030&isuiabvms=2030&isgmpims=1126&isgmv4dpims=2030&ispmxpms=2030&engalms=1025&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3681&cbust=1674951881627153
213.254.244.24204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=d4916b70760e433cadbe737917996768&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=650&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=14&vltms=650&sei=145&vetms=14&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1026&isumms=1025&nvr=6&isgmmims=1026&isgmv4mims=1026&elmtp=6&isbxdms=2731&b0=100&b11=1708&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1808&sftb=1808&msrdp=3&naral=128&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2030&isuiabvms=2030&isgmpims=1126&isgmv4dpims=2030&ispmxpms=2030&engalms=1025&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3681&cbust=1674951881627153
IP 213.254.244.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /event.png?impid=d4916b70760e433cadbe737917996768&flavor=0&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=650&eoid=14&msrjs=3438&sdf=67108870&vit=2&isvelg=1&rmi=16&tltms=5&tetms=4&msltms=14&vltms=650&sei=145&vetms=14&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=1026&isumms=1025&nvr=6&isgmmims=1026&isgmv4mims=1026&elmtp=6&isbxdms=2731&b0=100&b11=1708&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=1808&sftb=1808&msrdp=3&naral=128&vct=512&vphgt=921&vpwdth=1152&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=2030&isuiabvms=2030&isgmpims=1126&isgmv4dpims=2030&ispmxpms=2030&engalms=1025&dvp_dpr=1&ee_dp_cvcmeeid=1&metp=1&meeid=1&ttfurm=3681&cbust=1674951881627153 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://11d01c3d34b8658302656539e4520f96.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Sun, 29 Jan 2023 00:24:34 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 01/28/2023 00:24:37
Pragma: no-cache
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
IP 172.64.166.9:0
GET /sb/notifications/software/us/ios/desk-new-big/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:31 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 12:16:53 GMT
etag: W/"614c7035-145e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MyZiOhieIsGVjGFasR2WyfGnLt1humTHReAYhxDTh%2BR44dR2xCRdByT%2B9EiEtCJMNUfJOT5lEP2TFBgS94%2B8sGKQdbbZwWJnanN2WZFM%2F%2BAXJZ6wAbWLXzH2OCPC00xTM%2BeiQi9iw54%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790dd34daf4076fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.130.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.130.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.130.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: text/javascript
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
etag: W/"6326273b-16120"
expires: Mon, 30 Jan 2023 00:24:34 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=aZnZol80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNuUzRFNUJvV2EyaE42QWI3dk55bmh4a0JITDEySGJNYjNadDNONyUyQjNTeg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=T22nPl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNuUzRFNUJvV2EyaE42QWI3dk55bmphc0dzR2Z4aUJOQiUyRnJOeWNpb2RzZw; expires=Fri, 23 Feb 2024 00:24:34 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 290639
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: text/javascript
last-modified: Wed, 18 Jan 2023 01:20:50 GMT
etag: W/"63c74972-162fb"
expires: Mon, 30 Jan 2023 00:24:34 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/styles.css
45.133.44.25200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push/styles.css
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:32 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Sun, 29 Jan 2023 00:29:32 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=agbwywb&e=1419256001704
54.230.111.96200 OK 0 B URL HTTP/2 adpatrof.com/r/p.html?f=agbwywb&e=1419256001704
IP 54.230.111.96:0
GET /r/p.html?f=agbwywb&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ihLDFyoQMmev-ClEWoo0pSUjgwXMbP6ILzMGcTm-G5rjQhgbRSPnvw==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=neuvgw&e=1419256001704
54.230.111.96200 OK 0 B URL HTTP/2 adpatrof.com/r/p.html?f=neuvgw&e=1419256001704
IP 54.230.111.96:0
GET /r/p.html?f=neuvgw&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XP-i38sVjfkLX8hoIZmmtyJ3oTxnvSwFXuZqJlguhxHYxDlIUNPgWw==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=sjfuriwj&e=1419256001704
54.230.111.96200 OK 0 B URL HTTP/2 adpatrof.com/r/p.html?f=sjfuriwj&e=1419256001704
IP 54.230.111.96:0
GET /r/p.html?f=sjfuriwj&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Witcl4LcgQyL4K04g8wkiM5LKv1rBV3AJHZu75YDDFUNQIF9ltgNww==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=gjmzvxwlups&e=1419256001704
54.230.111.96200 OK 0 B URL HTTP/2 adpatrof.com/r/p.html?f=gjmzvxwlups&e=1419256001704
IP 54.230.111.96:0
GET /r/p.html?f=gjmzvxwlups&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: U11FEqCevHI5HobFU6zhGNgXXQf_uIByxJCPapPcKoTfO7QZ_-r3JQ==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
hb.adpone.com/prebid7.19.0.js
104.26.10.25200 OK 0 B URL HTTP/2 hb.adpone.com/prebid7.19.0.js
IP 104.26.10.25:0
GET /prebid7.19.0.js HTTP/1.1
Host: hb.adpone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:30 GMT
content-type: application/javascript
x-amz-id-2: z8zPPgpChpmPHjrETbNpCXccjPHhgx/GJFcxrGv5xpYywnazjILxUOl1MmK1mgPPDqHEJdhQRpw=
x-amz-request-id: AZB8RQQA6SHSSEK2
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
cache-control: max-age=14400
cf-cache-status: HIT
age: 2534
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=20bJxeoOtjSaxQymEfewAIS%2BXXXKScbP0PHF15d%2F%2B9XfOiUgMu1oXW7A8dlgxhrJDzX9K6Ws8YA35bERk%2BRxiEoDR8fN6ot4SMvbosUPXsejNnJFsrxxjkLVVb9oyqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790dd3495d170b69-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
142.250.74.35200 OK 0 B URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
IP 142.250.74.35:0
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 17:09:34 GMT
expires: Tue, 23 Jan 2024 17:09:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
age: 458097
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
45.133.44.24200 OK 0 B IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:32 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-158c"
content-encoding: gzip
expires: Sun, 29 Jan 2023 00:29:32 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fdfiles.eu%2Ffiles%2Ffviflp7rd%2FASCR_Lost-Archive-DLC.exe
162.55.236.224200 OK 0 B URL HTTP/2 sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fdfiles.eu%2Ffiles%2Ffviflp7rd%2FASCR_Lost-Archive-DLC.exe
IP 162.55.236.224:0
ASN #24940 Hetzner Online GmbH
GET /bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fdfiles.eu%2Ffiles%2Ffviflp7rd%2FASCR_Lost-Archive-DLC.exe HTTP/1.1
Host: sync.richaudience.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.2
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: image/png
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2
cdn.unblockia.com/h.js
54.230.111.125200 OK 0 B IP 54.230.111.125:0
GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Thu, 26 Jan 2023 11:26:31 GMT
x-amz-meta-codebuild-content-sha256: 2132d7e58c7c36ee71eca9cd6aabfcfa3f24dfa6e16d5257110c4b567c335eef
x-amz-version-id: sOaeUhiHU1Zn8Vjl9BBcjj2clPo2dTso
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:80710608-88b1-4aba-a9dd-473ce4162976
x-amz-meta-codebuild-content-md5: 94f9fd57a58c794e2ce7ef76a25de736
server: AmazonS3
content-encoding: br
date: Sat, 28 Jan 2023 22:32:16 GMT
etag: W/"04e0f1cdaa00375a296ef7771d43fb16"
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iMOpwpWSezbSE6F_5uYPadfDEwIWtW_5VJtFIxpeFkTjagocc4mLhw==
age: 6734
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=kpsnelacc&e=1419256001704
54.230.111.96200 OK 0 B URL HTTP/2 adpatrof.com/r/p.html?f=kpsnelacc&e=1419256001704
IP 54.230.111.96:0
GET /r/p.html?f=kpsnelacc&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cU0LybviF4K-obJ0J1d1iWJaqzc4Exzs04A0QStUP82IV369xRoDkw==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
45.133.44.24200 OK 0 B IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:31 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-158c"
content-encoding: gzip
expires: Sun, 29 Jan 2023 00:29:31 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1674951874949
213.19.147.44302 Found 0 B URL HTTP/2 sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1674951874949
IP 213.19.147.44:0
GET /usersync2/smartadserver?zcc=1&cb=1674951874949 HTTP/1.1
Host: sync.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
location: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
etag: OPTOUT
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=dfiles.eu&sn=FirefoxSyncframe&so=0&topUrl=dfiles.eu&info=T22nPl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNuUzRFNUJvV2EyaE42QWI3dk55bmphc0dzR2Z4aUJOQiUyRnJOeWNpb2RzZw&idsd=758121677,1288632260&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=dfiles.eu&sn=FirefoxSyncframe&so=0&topUrl=dfiles.eu&info=T22nPl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNuUzRFNUJvV2EyaE42QWI3dk55bmphc0dzR2Z4aUJOQiUyRnJOeWNpb2RzZw&idsd=758121677,1288632260&cw=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=publishertag&domain=dfiles.eu&sn=FirefoxSyncframe&so=0&topUrl=dfiles.eu&info=T22nPl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNuUzRFNUJvV2EyaE42QWI3dk55bmphc0dzR2Z4aUJOQiUyRnJOeWNpb2RzZw&idsd=758121677,1288632260&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 00:24:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 837118
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=qkwajmqa&e=1419256001704
54.230.111.96200 OK 0 B URL HTTP/2 adpatrof.com/r/p.html?f=qkwajmqa&e=1419256001704
IP 54.230.111.96:0
GET /r/p.html?f=qkwajmqa&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eVEQQQ70RAnCesj-Ei4zOssMwsej1qrM5Fgeq_6sZbryT7m5D5UYEA==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=skrlcs&e=1419256001704
54.230.111.96200 OK 0 B URL HTTP/2 adpatrof.com/r/p.html?f=skrlcs&e=1419256001704
IP 54.230.111.96:0
GET /r/p.html?f=skrlcs&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Fdnf1bq_ujeBVnqilNAxIOE7k8Q7JGS6nE_aLHKhMBFnJR6ysO4x6Q==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=qrwpooagcr&e=1419256001704
54.230.111.96200 OK 0 B URL HTTP/2 adpatrof.com/r/p.html?f=qrwpooagcr&e=1419256001704
IP 54.230.111.96:0
GET /r/p.html?f=qrwpooagcr&e=1419256001704 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 02:27:19 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: snbfKIjJ15zGs2VhN_0ujU1wDcm4UGdQpXOzvA72pZEcBRfkzlxRLA==
age: 79349
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2